| Virtual private network (VPN) is a networking technology realizing information security interaction within closed user groups, based on open network infrastructure. Security question has been the key factor affecting its development. Network product providers give many different schemes and technologies how to solve the problems of safety in virtual private network (VPN), such as IPSec VPN, MPLS VPN and SSL VPN.This paper studies three mainstream VPNs: IPSec VPN, MPLS VPN and SSL VPN's technical principles and analyses their advantages and disadvantages of the security first. Then on the basis of VPN security architecture, we separate VPN security plain and divide it into data plain and control plain whose security is performed by different executive roles with different VPN technologies. Therefore we consider a comprehensive scheme designed to complement each other and integrate the existing network security elements and enhance the safety of VPN. The Improved design scheme, with BGP/MPLS VPN equivalent model in the core network as original model, uses VPN access group encryption and authentication based on the PKI to ensure the safety of VPN connection and routing. On the other hand, VPN users use IP encryption technology with HAIPE protocol to ensure the safety of the data plain. Internet service provider (ISP) and VPN users perform their own functions cooperatively, achieving high performance and high security of VPN scheme together.On the basis of theoretical analysis, we do simulation experiments with OPNET software to test performance influence and security of the improved VPN model. Comparing with the original VPN model, it shows that VPN users using the improved VPN model can obtain higher strength safety guarantee with a small effect on the performance, which is very suitable for high confidentiality level VPN user's communication. |
PDF Full Text Request