Design And Implementation Of A Security Gateway Based On LWIP And OPEN SSL

Posted on:2016-10-21

Degree:Master

Type:Thesis

Country:China

Candidate:D F Zhou

Full Text:PDF

GTID:2438330491960486

Subject:Computer software and theory

Abstract/Summary:

PDF Full Text Request

Along with the rapid development of network,network security issues is prominent increasingly,the function of traditional network security equipment is simplex,unable to cope with a variety of network threats at the same time,the appearance of security gateway solves this problem.At present,in the network,the data that is transmitted in the form of HTTPS(Hypertext Transfer Protocol over Secure Sockets Layer)message increases gradually,this type of data provides sensitive information for encryption and protection,but at the same time,brings new difficulties to the security gateway to detect it also.In order to make the security gateway be able to detect the HTTPS message,the OPEN SSL(OPEN Secure Sockets Layer)is need to be embedded in the security gateway.This thesis explains the architecture of OPEN SSL firstly,and then the architecture of OPEN SSL is modified in order to make the OPEN SSL be embedded in the Netfilter framework,this thesis explains the processing and operation that is required in this modification in detail.In order to improve the performance of security gateway,the introduction of LWIP(Light Weight Internet Protocol)protocol stack is needed in the security gateway.This thesis introduces the basic model of LWIP,and then the LWIP is optimized and improved,to make it more suitable for the network environment that is more real-time and concurrent.To achieve bidirectional agent,the traditional method of Single-CT(Single Connection Tracking)needs to maintain the characteristic of TCP on both ends of the equipment,which makes the degree of coupling of the TCP and CT is very large,and there will be exception usually in this model when dealing with changing package due to the adjustment of the sequence number and window.In order to get rid of disadvantages of traditional method,this thesis puts forward a new method of Double-CT(Double Connection Tracking)combined with LWIP to complete bidirectional agent,the new method is expounded detailedly in this thesis,and the effectiveness of the new method is verified.

Keywords/Search Tags:

OPEN Secure Sockets Layer, Light Weight Internet Protocol, Security Gateway, Double Connection Tracking, Hypertext Transfer Protocol over Secure Sockets Layer Message Detection

PDF Full Text Request

Related items

1	Design And Implementation Of The Web Access System In Home Gateway Based On Embedded Linux
2	The Ssl Protocol And Remote Medical Monitoring Applications
3	The Research And Design Of Network Security System Based On SSL Protocol
4	Research And Improvement Secure Sockets Layer Protocol
5	Protocol Based On Secure Sockets Layer Virtual Private Network Research And Design
6	Pda To Browse The Realization Of The Control System And Network Security Research
7	Research Of Vehicle Monitoring System In Security And Data Communications
8	Research On The Attack Method Against At SSL Protocol
9	The Design And Implementation Of The Multi-protocol Transformation Gateway For The Banking-Securities Data Exchange Platform
10	Design And Implementation Of Secure Information Transmission System SIT-TLS