| It is mainly studied on the IKE protocol,one of the IPSEC protocols,which is used to build security association and manage keys of encryption/decryption,in this paper.And aggressive mode exchanges,one of the exchanges in IKE protocol, are implemented on Linux box.First, IPSEC protocol is introduced. It is developed for lacks of security in TCP/IP protocol family,to add security stuff in IP layer. IPSEC can be divided into two parts. One part is used in network protocol statck and process issues about confidentiality,sanity,authentication of data. This part is protocol of security. Another part is do some works for security protocol.such as building securtiy association .It is called key management and done by IKE protocol.After that , the implementation of IKE on Linux ?FreeS/WAN project is introduced. Security of exchange processes in IKE protocol is the most important stuff in whole IPSEC protocol because the security doesn't depend on the confidential algorithm but on the encryption keys, if keys are exposed to enemy then whole IPSEC security services are no longer secure anymore. So exchange processes are analyzed step by step ,and the resulting problem if not doing so are concerned.FreeS/WAN also utilize the secure DNS, mechanism of public key distribution ,which is becoming the standard mechanism, and developed the Opportunistic encryption technology that facilitate IPSEC's useage.. IKE daemon needs communicate with kernel to add some security assocation data into sadb, but Linux original kernel doesn't implement such kind of socket, so FreeS/WAN had to extend the Linux kernel.The implementation of aggressive mode is very important. It makes exchange steps faster, but it also has some disadvantage, such as is vulnerable to DoS attack. Then the method to solve this problem is be developed.At last, the phase two exchange is introduced for a full grasping about IKE protocol. |
PDF Full Text Request