共查询到19条相似文献,搜索用时 734 毫秒
1.
下一代互联网将是基于IPv6的,IPv6的实现必须支持IPsec,IPsec提供了两种安全机制:加密和认证。本文重点对IPsec协议安全体系结构、各部分功能及其相互间关系进行了深入分析研究,并对IPsec协议在IPv6中工作原理、实施应用问题等提出新的见解。最后总结了IPsec在基于IPv6的下一代互联网带来的安全特性和将面对的挑战。 相似文献
2.
随着无线局域网日益发展,无线网的安全问题倍受人们的关注。同时因特网的安全协议IPsec技术已相当成熟,将IPsec技术延伸到无线网络部分,以确保无线局域网的安全,这也是一种较好的解决方案。文中在扼要介绍虚拟专用网VPN安全机制的基础上,研究和分析了IPsec协议族的主要技术;在分析简化IPsec协议的基础上,结合具体常见的无线应用场景和IKEv2的密钥管理新技术来实现IPsec VPN;同时重点分析了无线场景下IPsec安全隧道建立的过程和协议中对数据包的处理流程;最后,指出了无线网络技术的应用前景和未来IPsec的研究方向。 相似文献
3.
4.
随着无线局域网日益发展,无线网的安全问题倍受人们的关注。同时因特网的安全协议IPsec技术已相当成熟,将IPsec技术延伸到无线网络部分,以确保无线局域网的安全,这也是一种较好的解决方案。文中在扼要介绍虚拟专用网VPN安全机制的基础上,研究和分析了IPSec协议族的主要技术;在分析简化IPsec协议的基础上,结合具体常见的无线应用场景和IKEv2的密钥管理新技术来实现IPsecVPN;同时重点分析了无线场景下IPsec安全隧道建立的过程和协议中对数据包的处理流程;最后,指出了无线网络技术的应用前景和未来IPsec的研究方向。 相似文献
5.
远程安全访问是安全VPN的一种重要应用形式。远程用户可以在任何时间、地点,采用拨号、ISDN等方式与公司内联网的VPN设备建立起隧道或密信道。远程安全访问可利用IPsec协议实现,而身份鉴别是IPsec协议中的关键问题。一般采用共享密钥的方式对远程用户进行身份鉴别。本文提出利用一次性口令认证过程的中间结果生成共享密钥的方法。该方法解决了大量远程用户共享密钥的分配问题,且对一次性口令的安全性和IPsec的安全性不产生任何影响。改进后的一次性口令机制和IPsec协议相结合对远程用户进行了高强度的身份鉴别。文章介绍了IPsec… 相似文献
6.
7.
IPSEC安全体系与实施 总被引:2,自引:1,他引:2
IPsec是IETF委员会提出的新型的Internet安全体系结构,IPsec为IPv4和IPv6协议提供了强大的、灵活的、基于加密的安全方案。本文分析了IPsec协议套件的体系结构、基本组件与工作原理,并给出了IPsec的实施实例。 相似文献
8.
Linux下IPsec的实现 总被引:2,自引:0,他引:2
IPsec作为网络层的安全协议套件,是实现VPN的重要途径。在Linux系统下通过对网络部分代码的修改,可便捷地实现IPsec协议。该文结合笔者在Linux系统下实现IPsec的实践,描述了IPsec系统的基本结构和实现过程。 相似文献
9.
IPsec VPN网关在使用数字证书对IPsec对等实体(远程用户、远程VPN网关)进行身份认证建立安全关联时,存在有效CRL及时性差、IPsec VPN安全网关开销过大和IKE认证时延过长等问题.为解决此类问题,给出了两种设计方案,分别为根据静态固定查询周期和根据自适应算法动态调整查询周期从LDAP服务器上获取CRL.这两种方案能有效平衡网关开销、提高认证速度并能较大提高有效CRL的及时性. 相似文献
10.
11.
Berni Dwan 《Computer Fraud & Security》2000,2000(7):9
For anyone who doesn’t know, the IPsec protocols were “designed to clear the hit list of well-known security flaws in the current Internet Protocol version 4 (Ipv4) and to provide a pre-emptive strike against these same flaws in its possible replacement, the Internet protocol version 6 (Ipv6)”. So, is IPsec the answer to all our network security problems, the simple cure all, or is this too good to be true? The authors of this particular book are of the opinion that IPsec “has raised by far the most hope…as a possible cure for the widespread security problems of networks and networked applications”. But, while offering hope to those responsible for increasingly more complex networks, the authors also prudently point out that “IPsec products can wreak havoc on critical applications and other enhanced networked services.” The problem is, while IPsec can indeed provide solutions never offered before (or in a manner never offered before) interoperability problems, limitations in the base protocols and failure to address known operational conflicts could court disaster. And here is the rub: the potential havoc wreaked could leave the most ambitious of doom laden hackers crazy with envy. 相似文献
12.
IPsec是为VPN制定的一组IP层安全协议,但随着应用的扩展和深入也出现了一些新的问题。文章将公钥基础设施PKI引入其中,结合ECC公钥技术,并增加了交叉认证接口设计,提出了一个基于改进的PKI体系的增强型IPsec VPN安全网关原型系统;同时对DPD协议进行了研究,设计并实现了对DPD的支持,从而有效弥补了现有IPsec VPN在身份认证和状态检测方面的缺陷,提高了VPN的安全性、可扩展性和健壮性。最后给出了一个基于Linux2.6内核的设计方案。 相似文献
13.
The Internet Engineering Task Force is standardizing security protocols (IPsec protocols) that are compatible with IPv6 and can be retrofitted into IPv4. The protocols are transparent to both applications and users and can be implemented without modifying application programs. The current protocol versions were published as Internet drafts in March 1998. The article overviews the proposed security architecture and the two main protocols-the IP Security Protocol and the Internet Key Management Protocol-describes the risks they address, and touches on some implementation requirements. IPsec's major advantage is that it can provide security services transparently to both applications and users. Also, the application programs using IPsec need not be modified in any way. This is particularly important when securing application programs that are not available in source code, which is common today. This transparency sets IPsec apart from security protocols that operate above the Internet layer. At present, IPsec is likely to be used in conjunction with and complemented by other security technologies, mechanisms, and protocols. Examples include firewalls and strong authentication mechanisms for access control, and higher layer security protocols for end-to-end communication security. In the near future, however, as virtual private networking and corporate intranets and extranets mature, IPsec is likely to be deployed on a larger scale 相似文献
14.
IPsec协议体系是IETF制定的新一代网络安全协议标准,用于在IP层为IPv4和IPv6提供可交互操作的、高质量的、基于加密的安全.针对协议一致性测试的要求和IPsec协议体系的特点,设计了一种基于Tcl的IPv6协议体系中的IPsec协议一致性测试系统,并给出一个实例说明如何使用该系统进行测试例的开发,实践表明,该系统具有方便、灵活、模块独立性好等优点,基于Tel的一致性测试是一种有效的协议一致性测试技术. 相似文献
15.
The paper is devoted to the design of a test suite for testing the conformance of implementations of Internet nodes to the
specifications of the new security protocol IPsec v2 [1–7]. The test suite is generated using the automated testing technology
UniTESK [8] and the package CTesK [9], which implements this technology. The work was performed in the Institute for System
Programming of the Russian Academy of Sciences within the project “Verification of security functions for the new generation
protocol IPsec v2.” Requirements for the implementations of IPsec v2 were systemized, and formal specifications and a prototype
of the test suite for the verification of implementations of IPsec v2, including implementations of the automatic generation
of security associations of IKEv2, were developed. A method used to formalize the requirements for IPsec v2, a procedure for
generating the test suite, and testing results for some available implementations are described. The results show that the
verification method proposed in this paper effectively automates the testing of such complex protocols as security protocols. 相似文献
16.
17.
18.
重新定义了串空间理想概念,并扩展了有关命题和定理,从而使串空间理论能分析包含丰富密码原语的安全协议,进一步应用此扩展串空间理论分析JFK协议(一个新提出的IPsec密钥交换协议)的桉心安全属性:秘密性和认证性.通过分析证明了JFK协议的密钥和认证安全性,对JFK的分析也为扩展串空间理论的广泛应用打下了一个坚实的基础. 相似文献
19.
基于NAT-PT的转换网关实现IPv4向IPV6过渡存在诸多的不足,且不能兼容Ipsec,IPsec是IPv6下的强制安全协议,提供网络层数据的安全。本文在分析了几种转换网关的原理及与IPsec不兼容的原因后,提出了自己兼容IPsec协议的转换网关的设计方案。 相似文献