Design And Implementation Of National Secret Fusion Encryption Tunnel And SSL Hardware Encryption Driver Based On Enterprise Router

This paper proposes a converged tunnel encryption transmission method based on enterprise routers and a driver implementation of Secure Sockets Layer(SSL)hardware encryption.At present,in industries such as finance,security,government,and secrets,data security can be guaranteed to a certain extent through the existing network architecture such as virtual private network(VPN)dedicated lines,but there is still a lack of protection against interception and tampering.Router equipment,as an existing node of the network,adds state secret capabilities,which can effectively support network transformation and upgrading.The current routing device and the same service board match the access control list(ACL)by priority in the process of packet forwarding.In the process of forwarding the same interface and the same direction,the ACL rule can only be matched once.Otherwise,different ACL rules may match the ACL rule once.There is a conflict that matches the same element.Large-scale network address translation(Large Scale NAT,LSN)services and Internet security protocol IPsec services require ACL flow policy processing in the processing process,and it is difficult to implement the superimposed transmission process of the two services.This paper proposes a converged tunnel encryption transmission scheme based on enterprise routers.On the existing vertical network,metropolitan area network,local area network and other architectures,it cooperates with national secret service boards and LSN service boards,and uses distributed board-level asynchronous ACLs.Matching processing,establishing a national-secret encryption tunnel for LSN services based on IPSec policies between devices,can effectively solve users’ demands for autonomous and controllable security protection of high-speed transmission networks.In addition,this paper also implements an SSL hardware encryption service through the Security Acceleration Engine(SAE)and RSA engine of the Network Processor(NP)chip,which improves the practicality of the application compared to software encryption.It can effectively improve the online performance of Hyper Text Transfer Protocol over Secure Socket Layer.The research results of this thesis can provide ideas for the research of enterprise-level router’s converged tunnel encryption transmission and chip-level SSL hardware encryption,and have good theoretical value and application prospects.