VPN产品中IPSec协议分析及产品的测试方法研究
|
摘要
随着信息时代的到来,信息安全受到国内外各界人士的高度重视,因为它是信息系统健康发展的基础。IPSec协议,即IP协议层的安全体系结构,是对网络层的IP协议进行安全扩展,加入安全关联协商、数据报的加密、认证和面向主机的访问控制等安全措施,为上层的协议和应用程序提供Internet上一致的安全保护。
对根据IPSec协议开发的VPN(虚拟专用网)产品的安全性测试、评估和认可是使其广泛应用的基础。其中测试又是为评估和认可提供最可信的依据,因此对测试进入深入研究显得迫切而需要。
本文详细介绍了IPSec协议的工作原理及安全机制,并根据信息技术安全评估通用准则(CC)和实际对VPN产品的测试经验,导出了VPN产品的保护轮廓,提出了VPN产品的安全功能和安全保证要求。在此基础上,推导出了VPN产品的测试要求,根据自己所写的测试要求,撰写测试要求和大纲。
所有送检产品的测试都必须依据相应的测试准则,测试VPN产品的基本参考资料就是VPN产品保护轮廓。在此基础上,本文作者提出了VPN产品的导出测试要求(以下称为DTR),根据自己所写的导出性测试,撰写测试要求和大纲,并且,以上述两准则为依据,联系测试实际,将测试的几大方面即性能测试、功能测试、协议一致性测试和安全性测试的每个方面均以分类、定量的方法细分成多个测试项,且每个测试项都有对应的测试指标和测试结果。
本文还设计开发了一套基于FreeBSD操作系统的测试工具。该测试工具可以测试出VPN产品对IPSec协议的实现是否遵守有关的RFC以及相关的密码算法是否正确,并用它测试了一些VPN产品。在测试原理上,摒弃了已往“记录通信双方会话数据做离线分析”的测试原理,采用了“测试机与被测机直接对话”的测试原理,具有易如实现、测试结果精确等优点。对IPSec协议一致性的测试在国内、国外目前还没有人做过,属于开创性的工作,具有重要的理论意义和实用价值。
As the Information time coming, information security is grasping more and more attention from the home and abroad because it is the foundation of information system. IPSec protocol, security architecture of IP protocol, is the security extension of IP protocol of network layer. Joined by security association negotiation encryption of datagram authentication and access control basing host-oriented and otherwise security measure, it can provide security protection for the upper protocol and application.
Security test evaluation and certification of VPN production basing on IPSec protocol provide the foundation for its popular application. Because test can provide the most believable thereunder for evaluation and certification, it is urgent and needful for us to research the test deeply.
This paper detailedly introduces the principle and security mechanism of IPSec protocol. Based on the common criteria for information technology security evaluation (CC) and the experience of test VPN production practically, we have derived the protection profile of VPN production and put forward the security functions and assurance requirements of VPN production. Upon this achievement, the test requirements of VPN production is derived and brought forward and the test requirements and outline is scribed.
All alpha stage products should be tested under the prescribed test standard, the main testing reference is protect outline of VPN product. Based on above, the author proposed the Derived Test Requirement (DTR), write the test requirement and brief follow the self-written DTR, and according to above standards, considering the test practice, the author divide every aspects of performance tes functional tes protocol conformance test and security test into many test items with the methods of classification and quantification, and every test item has its related test index and test result.
. There is a very important one in the tests to the VPN production-EPSec protocol conformance test. This paper designed and developed a test tool basing FreeBSD. The bottom modules of the test tool are realized by C language and the top ones are developed by Perl language. This test tool can detect if the VPN production abides by the related RFCs and the related cipher arithmetics are correct. Some VPN productions have been tested by this tool. On the aspect of test principle, the author abandoned the principle of 'off-line analysis of communication record data' , adapted the principle of 'direct dialog of tester and testee' . With this approach, the system has the advantages of easy to realize and having accurate testing result. The conformance test towards the IPSec protocol is the first instance in the world, It belongs to the initiate work, and has important theoretic meanings and pratical value.
对根据IPSec协议开发的VPN(虚拟专用网)产品的安全性测试、评估和认可是使其广泛应用的基础。其中测试又是为评估和认可提供最可信的依据,因此对测试进入深入研究显得迫切而需要。
本文详细介绍了IPSec协议的工作原理及安全机制,并根据信息技术安全评估通用准则(CC)和实际对VPN产品的测试经验,导出了VPN产品的保护轮廓,提出了VPN产品的安全功能和安全保证要求。在此基础上,推导出了VPN产品的测试要求,根据自己所写的测试要求,撰写测试要求和大纲。
所有送检产品的测试都必须依据相应的测试准则,测试VPN产品的基本参考资料就是VPN产品保护轮廓。在此基础上,本文作者提出了VPN产品的导出测试要求(以下称为DTR),根据自己所写的导出性测试,撰写测试要求和大纲,并且,以上述两准则为依据,联系测试实际,将测试的几大方面即性能测试、功能测试、协议一致性测试和安全性测试的每个方面均以分类、定量的方法细分成多个测试项,且每个测试项都有对应的测试指标和测试结果。
本文还设计开发了一套基于FreeBSD操作系统的测试工具。该测试工具可以测试出VPN产品对IPSec协议的实现是否遵守有关的RFC以及相关的密码算法是否正确,并用它测试了一些VPN产品。在测试原理上,摒弃了已往“记录通信双方会话数据做离线分析”的测试原理,采用了“测试机与被测机直接对话”的测试原理,具有易如实现、测试结果精确等优点。对IPSec协议一致性的测试在国内、国外目前还没有人做过,属于开创性的工作,具有重要的理论意义和实用价值。
As the Information time coming, information security is grasping more and more attention from the home and abroad because it is the foundation of information system. IPSec protocol, security architecture of IP protocol, is the security extension of IP protocol of network layer. Joined by security association negotiation encryption of datagram authentication and access control basing host-oriented and otherwise security measure, it can provide security protection for the upper protocol and application.
Security test evaluation and certification of VPN production basing on IPSec protocol provide the foundation for its popular application. Because test can provide the most believable thereunder for evaluation and certification, it is urgent and needful for us to research the test deeply.
This paper detailedly introduces the principle and security mechanism of IPSec protocol. Based on the common criteria for information technology security evaluation (CC) and the experience of test VPN production practically, we have derived the protection profile of VPN production and put forward the security functions and assurance requirements of VPN production. Upon this achievement, the test requirements of VPN production is derived and brought forward and the test requirements and outline is scribed.
All alpha stage products should be tested under the prescribed test standard, the main testing reference is protect outline of VPN product. Based on above, the author proposed the Derived Test Requirement (DTR), write the test requirement and brief follow the self-written DTR, and according to above standards, considering the test practice, the author divide every aspects of performance tes functional tes protocol conformance test and security test into many test items with the methods of classification and quantification, and every test item has its related test index and test result.
. There is a very important one in the tests to the VPN production-EPSec protocol conformance test. This paper designed and developed a test tool basing FreeBSD. The bottom modules of the test tool are realized by C language and the top ones are developed by Perl language. This test tool can detect if the VPN production abides by the related RFCs and the related cipher arithmetics are correct. Some VPN productions have been tested by this tool. On the aspect of test principle, the author abandoned the principle of 'off-line analysis of communication record data' , adapted the principle of 'direct dialog of tester and testee' . With this approach, the system has the advantages of easy to realize and having accurate testing result. The conformance test towards the IPSec protocol is the first instance in the world, It belongs to the initiate work, and has important theoretic meanings and pratical value.
引文
1、林瑶、蒋慧、杜蔚轩等译,Douglas E. Comer著,“用TCP/IP进行网际互连(第一卷):原理、协议和体系结构(第三版)”,电子工业出版社,1998.4。
2、黄允聪,严望佳:《网络安全基础》,清华大学出版社
3、RFC2402-1998 IP Authentication Header (AH).
4、RFC2406-1998 IP Encapsulating Security Payload (ESP).
5、Harkins, D.,Carrel, D.," Internet Key Exchange (IKE)," Request for Comments(RFC 2409), November 1998.
6、Piper, D.," The Internet IP Security Domain of Interpretation for ISAKMP," Request for Comments(RFC 2407),November 1998
7、Postel, J.B.," User Datagram Protocol," Request for Comments(RFC 768),Auqust 1980
8、Postel, J.B.," Internet Protocol," Request for Comments(RFC 791),Auqust 1981
9、Postel, J.B.," Transmission Control Protocol," Request for Comments(RFC 793),September 1981
10、Kipp E.B. Hickman, Netscape Communications Corp., SSL 2.0 PROTOCOL SPECIFICATION, NOVEMBER 29TH, 1994
11、Common Criteria for Information Technology Security Evaluation, Version 2.0, CCIB-98-027A, May 1998
12、Murray G. Donaldson, Guide for the Production of PPs and STs, Version 0.8, ISO/IEC JTC 1.27.22, 1999-07-01
13、Steven M. Bellovin.Cryptography and Internet, Advanced in Cryptology-CRYPT'98, Springer-Verlag(1998)46—55.
14、T. M. Cover and J. A. Thomas, Elements of information theory, Wiley Series in Telecommunications. (1992).
15、D.R. Stinson, Cryptography: Theory & Practice,CRC Press, Inc, 1995.03.
16、G.J. Simmons, Authentication theory/coding theory, Lecture Notes in Comp. Sci. Vol196, pp411-431, Crypto 84.
17、A Survey Of Public Key Infrastructures, Marc Branchaud, March 1997
18、Public Key Infrastructure Architecture, Jamie Lewis, July 1997
19、Andrew S.Tanenbaum(Third Edition),Computer Networks,北京:清华大学出版社,1995
20、谢冬青编著,计算机安全保密技术,湖南大学出版社,1998
21、Bruce Schneier著。吴世忠、祝世雄、张文政译,应用密码学:协议、算法与C源程序,北京;机械工业出版社,1998
22、冯登国,裴定一.密码学导引,北京,科学出版社,1999
23、王育民,刘建伟.通信网的安全—理论与技术.西安,西安电子科技大学出版社,1998
24、王锐、陈靓等译,(美)无名氏著;“网络最高安全技术指南”,机械工业出版社,1998.5。
25、刘素丽、李彤红等译,Kris jamsa博士和Ken Cope著,“INTERNET编程”,电子工业出版社,1998.4。
26、刘成勇等译,Chris Hare,Karanjit Siyan著,“Internet防火墙与网络安全”,机械工业出版社,1998.5。
27、RFC2401-1998 Security Architecture for the Internet Protocol(IPSec).
28、周明天,汪文勇:《TCP/IP网络原理与技术》,清华大学出版社
29、Craig Zacker:《TCP/IP网络管理》,中国水利水电出版社
30、Douglas E.Comer,David L.Stevens:《用TCP/IP进行网络互连》,电子工业出版社
31、W.Richard Stevens:《UNIX NETWORK PROGRAMMING》
32、朱三元,杨明,薛钫:《网络通信软件设计指南》,清华大学出版社
33、张尧学,史美林:《计算机操作系统教程》,清华大学出版社
34、Maughan, D.,Schertler, M.,Schneider, M.,Turner, J.,"Internet Security Association and Key Management Protocol," Request for Comments(RFC 2408),November 1998.
35、张小斌,严望佳:《黑客分析与防范技术》,清华大学出版社
36、张小斌,严望佳:《计算机网络安全工具》,清华大学出版社
37、黄允聪,严望佳:《防火墙的选型.配置.安装和维护》,清华大学出版社
38、Phil Cornes: 《The Linux A-Z》
39、Fort George G. Meade, Maryland: Network Security Infrastructure。
40、John P. Wack and Lisa J. Carnahan: Keeping Your Site Comfortably Secure: An Introduction to Internet Firewalls。
41、Willian M. Daley, Gary R. Bachula, Robert E. Hebner: INTERNET SECURITY POLICY: A TECHNICAL GUIDE, Information Technology Laboratory Computer Security Devision January 6,1998。
42、Fort George G, Meade: trusted Product Evalution Questionaire. May 2,1992。
43、舒若平、朱孝明等译,D.Brent Chapman & Elizabeth D.Zwicky著,“构筑因特网防火墙”,电子工业出版社,1998.1。
44、T. Dierks and C. Allen. The TLS protocol version 1.0. Internet Request for Comment RFC 2246, Jan.1999. Proposed Standard.
45、A. O. Freier, P. Kariton, and P. C. Kocher. The SSL protocol: Version 3.0. Technical report, Internet Draft, 1996.
46、A. Medvinsky and M. Hur. Addition of kerberos cipher suites to transport layer security (TLS). Internet Draft, Aug. 1999. Expires January 22,2000.
47、J. T. Kohl and B. C. Neurnan. The Kerberos network authentication service(V5). Internet Request for Comment RFC 1510, Project Athena, MIT,1993.
48、T. Wu. A real-world analysis of kerberos password security. In Symposium on Network and Distributed System Security(NDSS'99), San Dicgo,CA, Feb. 1999. Internet Society.
49、S. M. Bellovin and M. Merrit. Encrypted key exchange: Password-based protocols secure against dictionary attacks. In Proceedings of the IEEE Symposium on Research in Security and Privacy, May 1992.
50、Blum, L., Blum, M. and Shub, M., A simple unpredictable pseudo-random number generator, SIAM Journal on Computing, Vol. 15, No. 2, pp. 364-383, 1986.
51、M. Steiner, G. Tsudik, and M. Waidner. Refinerment and extension of encrypted key exchange. ACM Operating Systems Review, 29(3):22-30, July 1995.
52、D. P. Jablon. Extended password key exchange protocols immune to dictionary attack. In Proceedings of the WETICE'97 Workshop on Enterprise Security, Cambridge, MA, USA, June 1997.
53、谢冬青、熊正光,可抵御字典式攻击的传输层安全方案,小型微型计算机系统,已录用。
54、熊正光、谢冬青,基于通行字的传输层安全,计算机工程,已录用。
2、黄允聪,严望佳:《网络安全基础》,清华大学出版社
3、RFC2402-1998 IP Authentication Header (AH).
4、RFC2406-1998 IP Encapsulating Security Payload (ESP).
5、Harkins, D.,Carrel, D.," Internet Key Exchange (IKE)," Request for Comments(RFC 2409), November 1998.
6、Piper, D.," The Internet IP Security Domain of Interpretation for ISAKMP," Request for Comments(RFC 2407),November 1998
7、Postel, J.B.," User Datagram Protocol," Request for Comments(RFC 768),Auqust 1980
8、Postel, J.B.," Internet Protocol," Request for Comments(RFC 791),Auqust 1981
9、Postel, J.B.," Transmission Control Protocol," Request for Comments(RFC 793),September 1981
10、Kipp E.B. Hickman, Netscape Communications Corp., SSL 2.0 PROTOCOL SPECIFICATION, NOVEMBER 29TH, 1994
11、Common Criteria for Information Technology Security Evaluation, Version 2.0, CCIB-98-027A, May 1998
12、Murray G. Donaldson, Guide for the Production of PPs and STs, Version 0.8, ISO/IEC JTC 1.27.22, 1999-07-01
13、Steven M. Bellovin.Cryptography and Internet, Advanced in Cryptology-CRYPT'98, Springer-Verlag(1998)46—55.
14、T. M. Cover and J. A. Thomas, Elements of information theory, Wiley Series in Telecommunications. (1992).
15、D.R. Stinson, Cryptography: Theory & Practice,CRC Press, Inc, 1995.03.
16、G.J. Simmons, Authentication theory/coding theory, Lecture Notes in Comp. Sci. Vol196, pp411-431, Crypto 84.
17、A Survey Of Public Key Infrastructures, Marc Branchaud, March 1997
18、Public Key Infrastructure Architecture, Jamie Lewis, July 1997
19、Andrew S.Tanenbaum(Third Edition),Computer Networks,北京:清华大学出版社,1995
20、谢冬青编著,计算机安全保密技术,湖南大学出版社,1998
21、Bruce Schneier著。吴世忠、祝世雄、张文政译,应用密码学:协议、算法与C源程序,北京;机械工业出版社,1998
22、冯登国,裴定一.密码学导引,北京,科学出版社,1999
23、王育民,刘建伟.通信网的安全—理论与技术.西安,西安电子科技大学出版社,1998
24、王锐、陈靓等译,(美)无名氏著;“网络最高安全技术指南”,机械工业出版社,1998.5。
25、刘素丽、李彤红等译,Kris jamsa博士和Ken Cope著,“INTERNET编程”,电子工业出版社,1998.4。
26、刘成勇等译,Chris Hare,Karanjit Siyan著,“Internet防火墙与网络安全”,机械工业出版社,1998.5。
27、RFC2401-1998 Security Architecture for the Internet Protocol(IPSec).
28、周明天,汪文勇:《TCP/IP网络原理与技术》,清华大学出版社
29、Craig Zacker:《TCP/IP网络管理》,中国水利水电出版社
30、Douglas E.Comer,David L.Stevens:《用TCP/IP进行网络互连》,电子工业出版社
31、W.Richard Stevens:《UNIX NETWORK PROGRAMMING》
32、朱三元,杨明,薛钫:《网络通信软件设计指南》,清华大学出版社
33、张尧学,史美林:《计算机操作系统教程》,清华大学出版社
34、Maughan, D.,Schertler, M.,Schneider, M.,Turner, J.,"Internet Security Association and Key Management Protocol," Request for Comments(RFC 2408),November 1998.
35、张小斌,严望佳:《黑客分析与防范技术》,清华大学出版社
36、张小斌,严望佳:《计算机网络安全工具》,清华大学出版社
37、黄允聪,严望佳:《防火墙的选型.配置.安装和维护》,清华大学出版社
38、Phil Cornes: 《The Linux A-Z》
39、Fort George G. Meade, Maryland: Network Security Infrastructure。
40、John P. Wack and Lisa J. Carnahan: Keeping Your Site Comfortably Secure: An Introduction to Internet Firewalls。
41、Willian M. Daley, Gary R. Bachula, Robert E. Hebner: INTERNET SECURITY POLICY: A TECHNICAL GUIDE, Information Technology Laboratory Computer Security Devision January 6,1998。
42、Fort George G, Meade: trusted Product Evalution Questionaire. May 2,1992。
43、舒若平、朱孝明等译,D.Brent Chapman & Elizabeth D.Zwicky著,“构筑因特网防火墙”,电子工业出版社,1998.1。
44、T. Dierks and C. Allen. The TLS protocol version 1.0. Internet Request for Comment RFC 2246, Jan.1999. Proposed Standard.
45、A. O. Freier, P. Kariton, and P. C. Kocher. The SSL protocol: Version 3.0. Technical report, Internet Draft, 1996.
46、A. Medvinsky and M. Hur. Addition of kerberos cipher suites to transport layer security (TLS). Internet Draft, Aug. 1999. Expires January 22,2000.
47、J. T. Kohl and B. C. Neurnan. The Kerberos network authentication service(V5). Internet Request for Comment RFC 1510, Project Athena, MIT,1993.
48、T. Wu. A real-world analysis of kerberos password security. In Symposium on Network and Distributed System Security(NDSS'99), San Dicgo,CA, Feb. 1999. Internet Society.
49、S. M. Bellovin and M. Merrit. Encrypted key exchange: Password-based protocols secure against dictionary attacks. In Proceedings of the IEEE Symposium on Research in Security and Privacy, May 1992.
50、Blum, L., Blum, M. and Shub, M., A simple unpredictable pseudo-random number generator, SIAM Journal on Computing, Vol. 15, No. 2, pp. 364-383, 1986.
51、M. Steiner, G. Tsudik, and M. Waidner. Refinerment and extension of encrypted key exchange. ACM Operating Systems Review, 29(3):22-30, July 1995.
52、D. P. Jablon. Extended password key exchange protocols immune to dictionary attack. In Proceedings of the WETICE'97 Workshop on Enterprise Security, Cambridge, MA, USA, June 1997.
53、谢冬青、熊正光,可抵御字典式攻击的传输层安全方案,小型微型计算机系统,已录用。
54、熊正光、谢冬青,基于通行字的传输层安全,计算机工程,已录用。
© 2004-2018 中国地质图书馆版权所有 京ICP备05064691号 京公网安备11010802017129号 地址:北京市海淀区学院路29号 邮编:100083 电话:办公室:(+86 10)66554848;文献借阅、咨询服务、科技查新:66554700 |