Security Gateway Key Exchange With The 3des Encryption Algorithm

Now with the entry of information times, network has become a tie which closely links tens of thousands of people in every corner of the world. It extraordinary enables people to access network very soon at any place. The gradual fusion of heterogeneous network has greatly promoted the introduction of IP technology into main part of GPRS and UMTS, which not only marks the technology reform of packet switching, but also compels the whole network to be more open and accessible. In this condition, the entire network will suffer more risk of being attacked. Moreover it has affected the development of e-commerce and urges the development of a service with higher safety. All in all, network safety is becoming worth paying more and more attention.IP security (IPSec) ,one kind of very successful network security agreement, is under the IP level. Its union with IP protocol serves data Integrity, confidentiality, anti-replay attack, the authentication of data pool and so on. It can also assume responsibility for the end-to-end IP safety. Like other encryptions, it is indispensable for IPSec protocol to establish a sharing key between both sides in the period the data transmission. This establishment is subject to the definition of Internet key exchange in IP protocol.Especially,3DES is defined as mandatory algorithm for data confidentiality.3DES (Triple Data Encryption Standard), a group encryption algorithm, owns the following merits: Its group length is 64bit, which can effectively defense definite and exhaustive attack and make the next birthday with a group of ciphertext attack success rate is only 0.5;The achievement of 168bit key length can avoid the key's exhaustive attack; It fully realizes infusion and mix of explicitness and key which can offer resistance to the different and linear attack; Encryption and decryption operates simply, which is prone to be carried out by software and hardware; Data expansion is introduced into homomorphism replacement and stochastic encryption; There is as far as possible less propagation error. All these merits lead to the adoption of 3DES compulsively in IKE agreement to ensure the data confidentiality. This dissertation first make a brief description of IP protocol introduced into communication system and the security issues arising. Then describe the development of the Internet key exchange.Then analyse the theory of Internet key exchange and the 3DES algorithm in deep, on the basis of the IKE protocol there are many deficiencies found, such as denial of service attacks, middle attacks and lack of identity protection. Because of so many deficiencies, appropriate improvements must be advanced.At last in this paper, we utilizes the combination of ARM (Advanced RISC Machines) and FPGA (Field-Programmable Gate Array) functions to achieve the optimum value of the entire system performance. It adopts the characteristic of ARM abundant processor Interfaces and FPGA high-speed processing as well as its simple programming implementation to exchange the keys in ARM and transfer the data to FPGA for processing after obtaining the 3DES encryption key. Finally the hardware implementation of 3DES algorithm is successfully achieved. Meanwhile key exchange agreement is transplanted on the ARM processor and also the design of drivers between two chips is completed.