摘要
IPsec是为VPN制定的一组IP层安全协议,但随着应用的扩展和深入也出现了一些新的问题。文章将公钥基础设施PKI引入其中,结合ECC公钥技术,并增加了交叉认证接口设计,提出了一个基于改进的PKI体系的增强型IPsec VPN安全网关原型系统;同时对DPD协议进行了研究,设计并实现了对DPD的支持,从而有效弥补了现有IPsec VPN在身份认证和状态检测方面的缺陷,提高了VPN的安全性、可扩展性和健壮性。最后给出了一个基于Linux2.6内核的设计方案。
IPsec is a set of security protocols in IP layer used for VPN. However, with its extensive and deep applications, some new problems have occurred. This paper introduces PKI and combines it with ECC technique and the design of cross certification interface, proposing an enhanced IPsec VPN security gateway prototype. Meanwhile, Dead peer detection (DPD) protocol is studied and implemented, so as to effectively improve on authentication and status detection to current IPsec VPN, assuring the security, extensibility and robustness of the VPN system. It gives out an implementing scheme based on Linux 2.6.
出处
《计算机工程》
EI
CAS
CSCD
北大核心
2006年第21期170-172,共3页
Computer Engineering
基金
江苏省自然科学基金资助项目(BK2004039)
