| 基于增强型IKEv2的IPSec VPN网关设计 |
| |
| 引用本文: | 杜春燕,王明,陆建德. 基于增强型IKEv2的IPSec VPN网关设计[J]. 计算机应用与软件, 2010, 27(5): 105-108 |
| |
| 作者姓名: | 杜春燕 王明 陆建德 |
| |
| 作者单位: | 1. 宁波大红鹰学院电子信息分院,浙江,宁波,315175
2. 江苏省计算机信息处理技术重点实验室,江苏,苏州,215006 |
| |
| 基金项目: | 江苏省自然科学基金项目(BK2004039) |
| |
| 摘 要: | IKE(Internet Key Exchange)协议是IPsec协议簇的重要组成部分,用来动态地建立和维护安全关联SA,是IPsec VPN安全传输的先决条件和保证。在研究IKEv2协议的基础上,将公钥基础设施PKI体系引入其中,对在IKEv2中使用PKI身份认证进行研究。并针对IKEv2中数据通信的特点,将在线证书状态协议OCSP(Online Certificate Status Protocol)与IKEv2协议结合起来,设计了一个基于PKI身份认证的增强型IKEv2协议,从而有效提高系统的效率和部署的可扩展性。最后给出了一个基于Linux2.6内核的IPSec-VPN设计方案。
|
| 关 键 词: | IKEv2 PKI OCSP IPSe cVPN |
DESIGN OF IPSec VPN GATEWAY BASED ON ENHANCED IKEv2 |
| |
| Du Chunyan,Wang Ming,Lu Jiande. DESIGN OF IPSec VPN GATEWAY BASED ON ENHANCED IKEv2[J]. Computer Applications and Software, 2010, 27(5): 105-108 |
| |
| Authors: | Du Chunyan Wang Ming Lu Jiande |
| |
| Affiliation: | School of Electronic and Information/a>;Ningbo Dahongying College/a>;Ningbo 315175/a>;Zhejiang/a>;China;Jiangsu Province Computer IT Key Lab/a>;Suzhou 215006/a>;Jiangsu/a>;China |
| |
| Abstract: | Internet Key Exchange(IKE) protocol is one of the important protocols in IPSec protocol suite.As used to dynamically establish and maintain security associations(SAs),IKE is the prerequisite and guarantee for secure transmission of IPSec VPN.In this paper we introduced public key infrastructure to IKEv2 based on studying its protocol,and combined the techniques of OCSP with IKEv2 protocol to have designed an enhanced IKEv2 protocol based on PKI authentication according to the characteristic of IKEv2 data co... |
| |
| Keywords: | IKEv2 PKI OCSP IPSec VPN |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
