The Research And Application Of IPSec VPN Based On Digital Certificate

The wide application of Internet technology, so that people can easily exchange and share information, but also to the computer systems have brought hitherto unknown security:information in transmission may be snoop or illegally modified; internal networks may suffer from illegal access and attack. The protection of network security, to ensure the information security has become a core problem. Private network although can guarantee the information transmission is safe and reliable, but its realization and high maintenance cost.In order to reduce network operation and management cost, using Internet technology to construction of internal network increasingly strong demand, virtual private network (VPN) technology in the context of the rapid popularization, and for VPN data transmission security of transmission is particularly important, widely used for the IPSec VPN technology.Virtual private network (VPN) is the use of public cyber source for constructing special network technique, which is based on Internet the public transmission media, through encryption and authentication security measures such as constructing virtual channel for transmission of data, virtual private network on behalf of the current network technology development trends, it have the traditional network security and data sharing network advantages, can provide remote access, internal network and the external network connection, the price is much lower than the private network, the network bandwidth, security based on cost. PKI/CA technology is an internationally recognized effective authentication solution.According to the security requirements of Internet, the Internet Engineering Task Force ((IEIF) in1998November issued a IP layer security standard IPSec (IPSecurity). The goal is for the IPv4and IPv6provide strong interoperability, high quality and security based on password. The IP in the network layer plays a role on the transmission of IP packets, the protection and authentication, it provides no protection in Internet network transmission of sensitive information security assurance. IPSec achieve a variety of security services, including access control, connectionless integrity, data origin authentication, anti replay, confidentiality encryption) and limited traffic flow confidentiality.This paper research the problem above, presents a more secure IPSec VPN scheme, and has low cost and high security features, there is a certain degree of innovation and application:(1) the method adopts a digital certificate authentication methods to improve the safety of key agreement;(2) the digital certificate is stored in the smart U disk or smart Cary, not easy to be stolen, and has higher safety;(3) using a symmetric algorithm to the process of data transmission encryption and decryption, improve the performance of data transmission;(4) use the tunnel way to build virtual private network (VPN) connection, increase the security of data transmission, and more flexible to use, has good usability.