摘要
VPN安全隔离网关采用"双ARM主机+FPGA隔离机"架构,ARM主机对数据包进行路由转发,FPGA隔离机在ARM主机之间进行数据摆渡,并对流向外网侧的数据包进行签名,对流向内网侧的数据包进行签名验证,实现对非法数据包进行安全隔离。安全隔离网关之间采用私有协议进行双向认证,大大提高了系统的安全性。通过在VPN安全隔离网关和边界服务器之间建立ESP-VPN连接,本系统可解决跨非信任域进行安全数据传输的问题。
An enhanced VPN gateway is proposed by employing the architecture of dual ARM hosts +FPGA isolator in this paper.The ARM hosts routed and forwarded packets.The FPGA isolator ferried packets between ARM hosts,authenticated the input packets and signed the output packets,thus the non-confidential packets was isolated.The private protocol is used to build the mutual authentication between VPN gateways,so the security performance of the system is improved by setting up ESP-VPN connection between VPN Gateway and boundary server,the system can transfer sensible data securely over non-confidential network areas.
出处
《中国电子科学研究院学报》
北大核心
2015年第6期628-631,651,共5页
Journal of China Academy of Electronics and Information Technology
