| With the rapid popularization of the Internet, it is a requirement for enterprise to provide a safe way to access enterprise resource. Whether in a remote office or in a guesthouse, users need to carry out the work through a simple access to enterprise resources. Virtual Private Network for short vpn meets this demand, vpn developed rapidly in the past few years. The big two solution called IPSec VPN and SSL VPN now have gradually established. Judging from the current market situation, IPSec accounted for the largest market share , but in the next few years, SSL VPN, with its easy-to-use, deploy and maintain low cost, favored by business users, SSL VPN will be more room for development.There are many deficiencies in the performance of the SSL VPN system. It costs too much system resource by large number of cryptographic operations, a tremendous impact on the performance of the server. High-strength encryption operation consumes more system resources and time than low-strength encryption operation. In fact, in practical application, it is only very limited part of which need to protect. Different resources may require different levels of encryption to protect. Therefore the core work of this thesis is that introduce the technology of classified encryption on-demand to the VPN system.This paper studies the key technology, innovation and the work done by the following:1 Carried on overall introduction to the applied condition and foreground of the VPN technology .Outlined the general principles on the vpn sysytem including the tunnel technology, encryption technology, and other basic knowledge.2 To analyzed deep the Key Technology including the SSL VPN protocol system, the mechanism of realization and security on SSL VPN .This paper discuss particularly the entire process of handshake protocol and illuminate materially the message which been used during the process .On the foundation of analyse handshake protocol, this paper suggest a set of improvement strategy on the SSL protocol, including the conversation recover, the improvement of the client authentication, the choice of encrypt suite, the size of record block and hardware accelerator.3 To study deep the architecture and module framework of the traditional SSL VPN application system. In order to enhance SSL VPN connection speed, this paper designs a new type of classified encryption on-demand implementation in accordance with role-based access control and content dependent access control. Not only dynamic light of the actual situation decide whether it is necessary to establish an SSL connection, but also according to the user's role and access different resources at different levels of encryption, thus greatly enhance server performance. 4 According to the classified encrypted on-demand SSL VPN application system ,to design the modules for detailed and utilize open-source development kit OpenSSL with VC + + 6.0 development environment to a partially achieved.On this basis, the improvement of the system for the experimental comparison. Final results show that system is stable and reliable and increase efficiency. |
PDF Full Text Request