Ip Security And The Security Card To Achieve

The security of networks is more and more important with the opening, sharing and interacting of the networks. The security of the inner network is becoming a significant research field. Implementing the Internet Protocol Security (IPSEC for short) on the network interface card can effectively achieve the security of the end-to-end communication in the inner network. The Internet Protocol Security and it's application to the network card, namely "security network card", are studied in this dissertation. Cryptology is the important base of the network security. The basic knowledge~ of cryptology involved in IPSEC are discussed from the aspects of data confidentiality, data integrality, authentication and key exchange technology Three typical cryptographic algorithnis:DES, RSA and MD5, which are used in IPSEC, are deeply studied. The test result of RSA algorithm is presented. In this dissertation, we analyze the working mechanism of IPSEC, the role of the security association, security policy played. On the basis of these, the data encapsulation formats of the Encapsulation Security Payload (ESP) and the Authentication Header (AH)Gj~.discussed, and the processing of the inbound and outbound data under the protection of IPSEC is studied. Also, this dissertation investigates how to negotiate and manage the security association (SA) and key using some different exchange modes in the different negotiation phases based on the framework of Internet Security Associntion and Key Management Protocol. To implement the II?security technology on the network card, we study the function and hardware structure of the Ether network card. Combining with the analysis of the FreeS/WAN, which is an implement of LPSEC on Linux, we indicate that implementing IPSEC on network card can effectively save CPU running time and raise the encryption computing rate, which are impossible when using software to implement. According to the above contents, the implementing scheme of security network card, which includoimplementing the encryption function and part of the encapsulation function on the hardware of the network card, and implementing the IPSEC basic function, the negotiation and management function of SA and key in the network card driver, oapresented. The function flow chart is given, and the processing of the inbound and outbound data via the security network card is analyzed. Further, the implementation of IPSEC is discussed, and the IPSECfimction module consmictional chat is given. At last, the influence of thedifferent identity authentication methods on the security network system isinvestigated. a "three-class-user- scheme" is presented aller indicat ing theshortcoming of authentication with a pre-shared key. we indicate is simple toconfigUr and convenient to uPgrade by using the hybrid aUthentication afteranalyZing authenhcation with digital signaturs.