Embedded Platform Based On The Ipsec Vpn Technology Research-the Ikev2 Implementation Technology

IPSec is a series of criterion put forward by IETF to import security mechanism into TCP/IP network. It is designed to provide interoperable, high quality, cryptographically-based security for IPv4 and IPv6. IPSec is the basic of Virtual Private Network implementation. IKE is a very important protocol of IPSec. It presides over negotiation and management of keys and establishes Security Association relating to secure services. IKEv1 is composed of three RFCs and is very complex. Its complexity has the possibility to result in uncertainty of meaning, low-efficiency and other hidden troubles. Contraposing this actuality, IETF has been drafting out IKEv2.At the present time IKEv2 is still a draft.This dissertation analyses IKEv2 thoroughly, including composing of protocol, course of negotiation, messages exchanged and payload formats etc. And it summarizes the changes of IKEv2 in comparison with IKEvl. Then it discourses upon the advantages in such aspects as security, compatibility, efficiency of communication and reliability of IKEv2.On the base of the in-depth study in IKEv2, the author designs a system model and proposes a feasible modularizing and implementing-project of IKEv2 system. In the scheme IKEv2 system is composed of system-managing module, exterior interface module and interior interface module. In the IKEv2 system, the author actualizes interior interface module (including IKE messages exchange module and payloads transaction module )and deployment interface module of exterior interface module. The paper describes the ideas of design and implementing methods of these modules. Then it summarizes important techniques and difficulties during IKEv2 system's actualization.Finally the author tests the functions and performance of the achieved IKEv2 system, and analyses the system. The testing result indicates that the accomplished IKEv2 system can negotiate messages and establish Security Association commendably. Also it can communicate with secure databases in kernel using PFKEY interface and implement management and maintenance to Security Association. In comparison with IKEvl system, the performance of IKEv2 system is improved evidently.