| With the rapid development of network and computer technology, the demand on the network is growing. The network not only provide an open and shared resource but also the security risks. Now security issues has posed a serious threat to the network economy.So how to protect the security of network, in particular information security through network transmission has become the focus of attention.Currently network security threats mainly from three aspects:First, information vulnerable to illegally interception, tampering and other attacks during transmission. Second, the user may get resources by unauthorized access. Third, the threat would from a man-in-the-middle(MITM) attack. Against this three threat and to slove the problem, which is encryption and decryption algorithm implemented in software with low efficiency, the paper conduct research base on the SSL security gateway system design and implementation techniques, in particular, data encryption and decryption subsystem. SSL security gateway system can effectively deal with the three threat above. System is operated based XLR732. Multi-core parallel processing technology can effectively improve the system processing concurrent, as well as security acceleration engine can significantly enhance the RSA algorithm and RC4encryption and decryption efficiency, so as to enhance the overall system performance of SSL security gateway. In this paper includes:First of all, a hardware and software combination method was proposed to implement RSA algorithm, against the low efficiency of the RSA algorithm in software, which have achieved a substantial increase in the RSA algorithm efficiency. Authentication and pre-master key interaction both require RSA to encrypt and decrypt data. Therefore the efficiency of the RSA algorithm have a great impact on the performance of system In this paper, apply the method of the hardware and software combination to achieve the RSA encryption algorithm with security acceleration engine.2048-bit RSA encryption and decryption efficiency using the method paper proposed is five times than OpenSSL on the normal CPU can reach.Secondly, put forward a role-based lightweight mutual authentication mechanism Server authenticate the identity of the client can effectively avoid unauthorized access, man-in-the-middle attack and other threat. At the same time, the legitimate users of the same authority type issue the same CA root certificate,while different types different CA root certificate. That way the certificate owner role class can be learned during the certificate verification process, then its acces permissions can be confirmed. Role-based authentication mechanism can effectively prevent unauthorized access of internal users.Finally, design and implement the high-performance hardware-based acceleration RC4-SHA-1encryption and decryption modules. Add the additional MAC values to data and transmite after encryption,which provide confidentiality and message integrity serviccs.Security acceleration engine can efficiently execute RC4and SHA-1algorithm. Achieving128-bit RC4-SHA-1on the engine, the encryption and decryption efficiency can reach18.9Gbps. |
PDF Full Text Request