| With the rapid development of Internet, people pay more and more attentions on the internet security problems. Now IPSec is a kind of protocol that is used on the internet communication. It can supply the protection for the protocols that run above the IP layer, such as TCP, UDP. IKE (Internet Key Exchange), which is drafted by IETF, is the protocol that authenticates both the initiator and the responder in the communication, negotiates SA, and generates various key materials.Because IKE is the protocol that combines three other protocols(ISAKMP, Oakley 和 SKEME), the implementation must be very complicated. The complicated design of the first version of IKE makes itself become the bottleneck of IPSec' s implementation. Thus, IETF start organizing the work of IKEv2 draft since February, 2002. They proposed the 17th draft on September 23, 2004. The standard rfc document of IKEv2 will be published.During the whole information exchange, the initiator and the responder both need to do some complex computation with some parameters form itself and from its pair like the generation of various key, the encoding and decoding on the information. It will cost a lot of time to do this if only by software, and will largely increase the delay of IKE. One solution is to do this work by hardware instead. The hardware is the security coprocessor.The function of the security coprocessor is hardware acceleration. It can implement some security protocol -such as IPSec, PPTP, SSL, IKE. Now, in order to add the security function to the network hardware device, the most important method is to let the network processor or a general-purpose processor work together with a security coprocessor. The security coprocessor is responsible for the task associated with the security in the system, and allows other processor to process the main system function. The separation of the functions simplifies the design and improves system performance.There are five chapter in this paper. The first chapter introduces the background and the development of IKEv2, and compares IKEv2 to IKE. Chapter2 introduces IKEv2 protocol. Chapter3 introduces the modules of coprocessor. Chapter4 introduces the API SDK. Chapter5 introduces a system architecture that implements IKEv2. |
PDF Full Text Request