| 支持交叉认证与状态检测的IPsec-VPN设计 |
| |
| 引用本文: | 杜春燕,杨绚渊,陆建德.支持交叉认证与状态检测的IPsec-VPN设计[J].计算机工程,2006,32(21):170-172. |
| |
| 作者姓名: | 杜春燕 杨绚渊 陆建德 |
| |
| 作者单位: | 苏州大学计算机学院江苏省计算机信息处理技术重点实验室,苏州215006 |
| |
| 摘 要: | IPsec是为VPN制定的一组IP层安全协议,但随着应用的扩展和深入也出现了一些新的问题。文章将公钥基础设施PKI引入其中,结合ECC公钥技术,并增加了交叉认证接口设计,提出了一个基于改进的PKI体系的增强型IPsec VPN安全网关原型系统;同时对DPD协议进行了研究,设计并实现了对DPD的支持,从而有效弥补了现有IPsec VPN在身份认证和状态检测方面的缺陷,提高了VPN的安全性、可扩展性和健壮性。最后给出了一个基于Linux2.6内核的设计方案。
|
| 关 键 词: | VPN IKE PKI ECC 交叉认证 DPD |
| 文章编号: | 1000-3428(2006)21-0170-03 |
| 收稿时间: | 02 15 2006 12:00AM |
| 修稿时间: | 2006-02-15 |
Design of Enhanced IPsec-VPN Supporting Cross-certification and Status-detection |
| |
| DU Chunyan,YANG Xuanyuan,LU Jiande.Design of Enhanced IPsec-VPN Supporting Cross-certification and Status-detection[J].Computer Engineering,2006,32(21):170-172. |
| |
| Authors: | DU Chunyan YANG Xuanyuan LU Jiande |
| |
| Affiliation: | Jiangsu Province Computer IT Key Lab, School of Computer of Soochow University, Suzhou 215006 |
| |
| Abstract: | IPsec is a set of security protocols in IP layer used for VPN.However,with its extensive and deep applications,some new problems have occurred.This paper introduces PKI and combines it with ECC technique and the design of cross certification interface,proposing an enhanced IPsec VPN security gateway prototype.Meanwhile,Dead peer detection(DPD) protocol is studied and implemented,so as to effectively improve on authentication and status detection to current IPsec VPN,assuring the security,extensibility and robustness of the VPN system.It gives out an implementing scheme based on Linux 2.6. |
| |
| Keywords: | VPN IKE PKI ECC DPD |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《计算机工程》浏览原始摘要信息 |
|
点击此处可从《计算机工程》下载全文 |
