| IPSec VPN安全网关的LDAP接口优化设计与实现 |
| |
| 引用本文: | 唐佳佳,周晓东,陆建德. IPSec VPN安全网关的LDAP接口优化设计与实现[J]. 现代计算机, 2006, 0(11): 37-41 |
| |
| 作者姓名: | 唐佳佳 周晓东 陆建德 |
| |
| 作者单位: | [1]苏州大学计算机科学与技术学院,苏州215006 [2]苏州科技学院计算中心,苏州215009 |
| |
| 摘 要: | LDAP协议是Internet快速目录数据查询访问的重要协议.IPSec VPN网关在IKE交互中用证书对IPSec对等实体(远程用户、远程VPN网关)进行身份认证建立安全关联.为了提高实用性和查找效率,本文将LDAP引入IPSec VPN网关的设计中,证书及证书撤销列表存放采用本地和LDAP服务器相结合的设计,以本地优先的原则.所做的相应设计减轻了网关和LDAP服务器的通信负担,显著地提高网关对证书的处理效率,加快了认证速度.
|
| 关 键 词: | X.509证书 |
| 收稿时间: | 2006-07-13 |
| 修稿时间: | 2006-07-13 |
Optimized LDAP Interface Design and Implementation of IPSec VPN Security Gateway |
| |
| TANG Jia-jia,ZHOU Xiao-dong,LU Jian-de. Optimized LDAP Interface Design and Implementation of IPSec VPN Security Gateway[J]. Modem Computer, 2006, 0(11): 37-41 |
| |
| Authors: | TANG Jia-jia ZHOU Xiao-dong LU Jian-de |
| |
| Affiliation: | l.School of Computer of Soochow University, Suzhou 215006 China; 2.Computing Center, Suzhou University of Science and Technology, Suzhou 215009 China |
| |
| Abstract: | LDAP is an important protocol for Internet quick directory data query and access. IPSec VPN gateway authenticates its IPSec peer's(e.g. road warrior, remote VPN gateway) identity via certificate to establish SA in IKE interaction. To improve the utility and efficiency of searching, this paper introduces LDAP into the IPSec VPN gateway design. Certificates and CRLs are designed to be stored with combination of the local caching and accessing LDAP server, and the local caching first strategy is adopted. The corresponding design has reduced communication burden of IPSec VPN gateway and LDAP server, has significantly improved the gateway's certificate processing efficiency, and has speeded the authentication. |
| |
| Keywords: | LDAP IPSec IKEv2 |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
