Ipsec Protocol Analysis And Product Testing Method Of Vpn Products

As the Information time coming, information security is grasping more and more attention from the home and abroad because it is the foundation of information system. IPSec protocol, security architecture of IP protocol, is the security extension of IP protocol of network layer. Joined by security association negotiation encryption of datagram authentication and access control basing host-oriented and otherwise security measure, it can provide security protection for the upper protocol and application.Security test evaluation and certification of VPN production basing on IPSec protocol provide the foundation for its popular application. Because test can provide the most believable thereunder for evaluation and certification, it is urgent and needful for us to research the test deeply.This paper detailedly introduces the principle and security mechanism of IPSec protocol. Based on the common criteria for information technology security evaluation (CC) and the experience of test VPN production practically, we have derived the protection profile of VPN production and put forward the security functions and assurance requirements of VPN production. Upon this achievement, the test requirements of VPN production is derived and brought forward and the test requirements and outline is scribed.All alpha stage products should be tested under the prescribed test standard, the main testing reference is protect outline of VPN product. Based on above, the author proposed the Derived Test Requirement (DTR), write the test requirement and brief follow the self-written DTR, and according to above standards, considering the test practice, the author divide every aspects of performance tes functional tes protocol conformance test and security test into many test items with the methods of classification and quantification, and every test item has its related test index and test result.. There is a very important one in the tests to the VPN production-EPSec protocol conformance test. This paper designed and developed a test tool basing FreeBSD. The bottom modules of the test tool are realized by C language and the top ones are developed by Perl language. This test tool can detect if the VPN production abides by the related RFCs and the related cipher arithmetics are correct. Some VPN productions have been tested by this tool. On the aspect of test principle, the author abandoned the principle of 'off-line analysis of communication record data' , adapted the principle of 'direct dialog of tester and testee' . With this approach, the system has the advantages of easy to realize and having accurate testing result. The conformance test towards the IPSec protocol is the first instance in the world, It belongs to the initiate work, and has important theoretic meanings and pratical value.