VPN网络构架及数据加密与密钥管理体系实现
摘要
本论文分为四大部分。第一部分在简要介绍了VPN发展背景、VPN基础技术、VPN安全性和VPN的类型的技术上,着重对VPN的隧道技术(特别是三层隧道协议IPSec)进行系统研究分析,为构建基于IPSec的VPN模型打下理论基础。第二部分设计实现了基于IPSec的VPN网络方案,并对VPN模型的建立过程及具体实现进行详细介绍。第三部分在系统介绍因特网密钥交换协议IKE的基础上,实现IKE协议在两个希望进行安全化通信的系统之间建立安全联结、协商加密算法以及生成共享会话密钥的方法、同时协商身份认证的过程。第四部分是软件实现部分,在简要介绍密码学相关知识的基础上,设计实现经典的RSA算法,包括用M-T-D方法产生大素数以及RSA公开密钥算法加密解密数据,并在此基础上设计了一个RSA公钥密码系统模型,该模型用javascript演示RSA算法的实现过程。
It is a trend of Virtual Private Networks (VPNs) to be used for information exchange between enterprises and military information system. At the same time the networks security is becoming more and more important. There are many ways to deal with the information security and privacy in VPN. But Data encryption technique and Keys management are the key technique to implement VPN.
This paper is divided into four main parts. The first part introduces some general principles of VPN technology including PKI technology, VPN tunneling technology and VPN protocols such as L2TP and IPSec.
Then we systematically analyzes the application-layer protocol IKE (Internet Keys Exchange) and the process of making use of IKE to negotiate security policy and exchange the session keys for a transaction.
The third part introduces cryptography including data encryption technology and some kinds of data encryption algorithms description such as RSA,DSS/DSA and Diffie-Hellman in detail. Encryption is used to ensure the confidentiality, integrity and authenticity of the two end points in the private network. So it is the key technology in implementation of VPN.
The fourth part is the software designs of getting prime number (using M-T-D method) and the RSA encryption/decryption algorithm. Additionally, I establish a demonstration model of RSA .
It is a trend of Virtual Private Networks (VPNs) to be used for information exchange between enterprises and military information system. At the same time the networks security is becoming more and more important. There are many ways to deal with the information security and privacy in VPN. But Data encryption technique and Keys management are the key technique to implement VPN.
This paper is divided into four main parts. The first part introduces some general principles of VPN technology including PKI technology, VPN tunneling technology and VPN protocols such as L2TP and IPSec.
Then we systematically analyzes the application-layer protocol IKE (Internet Keys Exchange) and the process of making use of IKE to negotiate security policy and exchange the session keys for a transaction.
The third part introduces cryptography including data encryption technology and some kinds of data encryption algorithms description such as RSA,DSS/DSA and Diffie-Hellman in detail. Encryption is used to ensure the confidentiality, integrity and authenticity of the two end points in the private network. So it is the key technology in implementation of VPN.
The fourth part is the software designs of getting prime number (using M-T-D method) and the RSA encryption/decryption algorithm. Additionally, I establish a demonstration model of RSA .
引文
(1) 卢铁城,信息加密技术,四川科学技术出版社
(2) 吴世忠、祝世雄、张文政,应用密码学:协议、算法与C源程序,机械工业出版社
(3) Martin W.Murhammer,et al.,虚拟私用网络技术,清华大学出版社
(4) 韩兆兵、李小进、方海英,Visual C++6.0网络开发技术,人民邮电出版社
(5) 潭浩强,C程序设计,清华大学出版社
(6) 周明天、汪文勇,TCP/IP网络原理与技术,清华大学出版社
(7) Uyless Black,TCP/IP及相关协议,学苑出版社
(8) 梁振军、梁波,计算机互联网络技术与TCP/IP协议,海洋出版社
(9) 俞时权、杨明,计算机网络TCP/IP的设计与标准(1、2册),海洋出版社
(10) Douglas E.Comer,DavidLStevens,用TCP/IP进行网际互连第1卷:原理、协议和体系结构(第2版),电子工业出版社,Prentice Hall出版公司
(11) RFC791 Intemet Protocol
(12) RFC793 Transmission Control Protocol
(13) RFC2409 The Intemet Key Exchange (IKE)
(14) RFC1321 The MD5 Message-Digest Algorithm
(15) Requirements for Intemet hosts-communication layers
(16) RFC1812 Requirements for IP Version 4 Routers
(17) RFC 2401 Security Architecture for the Intemet Protol
(2) 吴世忠、祝世雄、张文政,应用密码学:协议、算法与C源程序,机械工业出版社
(3) Martin W.Murhammer,et al.,虚拟私用网络技术,清华大学出版社
(4) 韩兆兵、李小进、方海英,Visual C++6.0网络开发技术,人民邮电出版社
(5) 潭浩强,C程序设计,清华大学出版社
(6) 周明天、汪文勇,TCP/IP网络原理与技术,清华大学出版社
(7) Uyless Black,TCP/IP及相关协议,学苑出版社
(8) 梁振军、梁波,计算机互联网络技术与TCP/IP协议,海洋出版社
(9) 俞时权、杨明,计算机网络TCP/IP的设计与标准(1、2册),海洋出版社
(10) Douglas E.Comer,DavidLStevens,用TCP/IP进行网际互连第1卷:原理、协议和体系结构(第2版),电子工业出版社,Prentice Hall出版公司
(11) RFC791 Intemet Protocol
(12) RFC793 Transmission Control Protocol
(13) RFC2409 The Intemet Key Exchange (IKE)
(14) RFC1321 The MD5 Message-Digest Algorithm
(15) Requirements for Intemet hosts-communication layers
(16) RFC1812 Requirements for IP Version 4 Routers
(17) RFC 2401 Security Architecture for the Intemet Protol