Distributed Vpn System Research And Design, Functional Modules For Mobile Users

In recent years, to securing the global e_commerce and data communication,Virtual Private Network (VPN) has emerged as the leading solution.The thesis first introduces the technology of VPN and describes the concept andthe design of the distributed VPN. The differences and their characteristics of thetraditional VPN and the distributed VPN are then compared. Secondly, thesis introducesthe IPSec framework, its two main protocols, Authentication Header (AH) andEncapsulating Security Payload (ESP). The header formats, the specific cryptographicfeatures and the different modes of application of AH and ESP are discussed. Thirdly,thesis also introduces the IKE protocol. And in internet environments we often contactwith NAT and firewall. For implementing the VPN we must choose the ESP protocoland make some change and the situation of VPN servers or clients must be depositedcarefully. We also must carefully choose the right IKE modes to cooperate with themobile users'needs. Then, this thesis provides DVPN-M module which can meet themobile user's needs. After in-depth analysis of mobile user's needs, the thesis providesa secret chat system when the client can not contact with the console. Fourthly, thesispresent the PKI and closely examine previously identified the traditional PKI system'sshortcomings and thesis design a XKMS system which can provide elementary XKMSfunctions.Finally, the thesis discusses the difference between SSL and IPSec VPN system,sheds light on one model ,which can deploy a secured SSL VPN system.