Security Alliance’s Design And Application Based On IPSec Protocol

To the operators, the Internet’s rapid development and wide application brings ahuge commercial interests, but at the same time poses a greater challenge. Due to themore and more rich network application, how to ensure the users information security inthe complex network environment has became a research hotspot in recent years. TheVirtual Private Network (VPN) technology can make user enjoy the proprietarynetwork’s experience on the Internet. IP Security VPN, which formed by thecombination of IP security protocol and VPN, can effectivly guarantee the safety ofnetwork data message depend on its good encryption, decryption mechanism. Securityalliance is the core of the IP Security protocol. This paper selective analysis themanagement mechanism of security alliance and analysis its application in dataforwarding and encryption. Contents are as follows:1) Research on the architecture of IP Security. Around the system structure andbasic principle of IP Security protocol, this paper elaborates the application of tunneltechnology in constructing VPN network. Summarizes the design idea of AuthenticationHeader protocol, Encapsulating Security Payload protocol and Internet Key Exchangeprotocol in IP security protocol system. Analysis the management mechanism and datastructure of security alliance, which is the core of IP Security. Formulate the systemdata flow dagram of IP Security.2) Research on the consultation mechanism of the automatic security alliance. TheInternet key exchange protocols, which provide the basis of generate security allianceby auto-negotiation way, simplified the configuration procedure of manual securityalliance. Around the underlying theory of the Internet Key Exchange protocol, thispapar analysis the basic principle and negotiation process of generate security allianceby auto-negotiation. Combining with the actual application environment, this paperintroduce the management machanism of automatic way security alliance such as theageing of Security Alliance, the idle timeout of Security Alliance, the end detectionmechanism and the invalid Security Parameter Index recovery.3) Research on the security alliance’s application in packets transmitting. Throughanalysis the principles and characteristics of the security strategy’s matching algorithm,which depend on the Access Control List, this paper put forward a new managementmode for standard mode Access Control List. Formulate the working process of message de-encapsulation processing use security alliance. Discuss the application oftunnel which combinated by the Security Alliance in data stream processing. Throughanalysis the mechanism of construct encryption session by security alliance, this paperdesigns the IP Security encryption framework based on the encryption session.4) Research on IP Security’s configuration and performance. The IP Securitysystem’s implementation was varified through generate security alliance by manualconfiguration and auto-negotiation. Based on OPNET simulation platform, IP Security’sscenario and its impact on network performance was analyzed.