| With the rapid popularization of computer networks, IPv6 network has gradually walked into our line of sight. Meanwhile the IPv6 network attacks are also increasing. Among all the forms of attacks, the most prominent ones are the IPv6 network traffic interception, eavesdropping and tampering. And now the safety transmission protocols in use in responding to this attack generally apply encryption to protect data. This approach certainly can play a monitoring and tamper prevention role, but when it faces some situation like IP network address filtering, the data can not safely reach the destination node. And these security protocols mostly apply certificate authentication to authenticate, which is complex to manage. In this way, a lot of data needs to be transferred, and the burden of the network nodes is heavier.In this paper, domestic and international existing security transmission protocols are studied. Then the IBC system is compared with the PKI system in the aspect of strengths and weaknesses. Afterwards, an information channel negotiation plan based on IBC key system is proposed. According to this plan, a pre-consultations channel is founded through three certification data packets, and Diffie-Hellman algorithm is applied to ensure the confidentiality of the key parameters. Then security negotiation for kinds of network protocol demands is in process. In this paper, this pre-consultation is used using to exchange multi-IP channel information.In addition, by referring NAT and tunneling technology which hide the real IP addresses, a plan that in the IPv6 environment more than one IP is used to transfer data on a connection for two communicating parties. By this way, packages on one connection can be camouflaged as packages on several connections through IP. This makes the network for the specified IP address filtering failed to achieve the purpose of secure transmission, so safety transmission is ensured. The feasibility of this plan is verified by experiments. |
PDF Full Text Request