| IPSec(IP SECURITY) is a network security criterion that was developed in recent years. It encrypts and authenticates LP packets in network layer in order to ensure confidentiality and integrity of the data. IPSec criterion was made by IETFæ¯(internet engineering task force) IPSec workgroup. IPSec workgroup is still producing many Internet drafts now, so lPSec is a developing criterion. The article is a summary of one and half years?study on IPSec criterion and work of implementing IPSec on LThJUX platform. Our lab has developed a suit of VPN(virtual private network) product, basing on IPSec protocol, including gateway, client end and management tools. I attended the project. During the procedure, I thought IPSec criterion has some defects which need improving, and explored in the domain of high efficiency implementation. The article is composed by 4 parts. Part I briefly introduces the system of IPSec protocol, including architecture, mode, security association, security policy, implementation mode, processing of in/out packet, ESP(encapsulation security payload), AH(authentication header), ISAKMP(intemet security association and key management protocol), IKE(internet key exchange) etc. It also briefly introduces the concept of VPN. Part 2 analyzes the system of IPSec protocol. The principle is that complexity will result in security weakness. Basing on implementing practice and experience of abroad experts ,the part analyzes architecture, ESP, AH, ISAKMP, IKE separately, and introduces some modification proposal of them. Part 3 is the study of high efficiency implementation. It points out the criteria of implementation are security, pefformance and manageability. It also includes hardware accelerating. large-scale concurrent tunnels, adding GMB algorithm, improving manageability etc. They are all summary of implementing practice. Part 4 introduces the development trend of IPSec criterion and new technology which will probably be adopted in the recent years. |
PDF Full Text Request