跳到主要內容

臺灣博碩士論文加值系統

(44.222.64.76) 您好!臺灣時間:2024/06/14 04:31
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

: 
twitterline
研究生:林育德
研究生(外文):Yu-Te Lin
論文名稱:在VPN路由器上設計並實作IKE
論文名稱(外文):Implement IKE over a VPN router
指導教授:林金城林金城引用關係
指導教授(外文):Jin-Chen Lin
學位類別:碩士
校院名稱:大同大學
系所名稱:資訊工程研究所
學門:工程學門
學類:電資工程學類
論文種類:學術論文
論文出版年:2001
畢業學年度:89
語文別:英文
論文頁數:64
中文關鍵詞:網路安全個人虛擬網路
外文關鍵詞:Network SecurityVPNIKE
相關次數:
  • 被引用被引用:0
  • 點閱點閱:240
  • 評分評分:
  • 下載下載:22
  • 收藏至我的研究室書目清單書目收藏:2
網路安全一直是個重要的議題,然而直到最近才漸漸被大家所重視。現在大家所討論的並不是該不該加強網路的安全性,而是如何在現有網上找到一個合適的安全實作方式。雖然目前已有各式各樣的網路安全實作方法,在這裡我們將集中於探討如何以虛擬私有網路(Virtual Private Network)來達到網路的安全。在這篇論文中,我們先探討何謂虛擬私有網路及其相關的各種技術。接下來我們將實作虛擬私有網路中重要的核心架構 ─ 以IKE(Internet Key Exchange Protocol)在不安全的網路環境中協商取得加解密金鑰及安全參數的相關資訊;並對此架構進行測試。由於IKE的第二段協商過程並需與IPSEC模組整合後才能完成進一步的測試,在此我們將此部份留待未來與IPSEC模組整合後再進行。
Network security has always been a concern, but a recognized priority today. The issue is not if security should be implemented on a network; rather, the question to ask is if security has been implemented properly. Although there are various ways to perform a secure network environment, we will focus on the implementation method with Virtual Private Networks (VPNs). In this paper, we discuss what a VPN is and its related techniques. Then we implement and test the framework of the most significant factors of VPN, the negotiations methods of keying materials and security associations with IKE, Internet Key Exchange Protocol. Because the testing of IKE phase 2 negotiations must combine with IPSEC, thus we will put the job as future work when the system integrates with IPSEC module.
Table of Contents
AbstractI
致謝II
Table of ContentsIII
List of FiguresV
Chapter 1 Introduction1
1.1 What VPN Is?2
1.2 Types Of VPN2
1.3 How VPN Works4
Chapter 2 Related Work8
2.1 Background8
2.2 Diffie-Hellman Concepts And Exchange11
2.3 Problem of Diffie-Hellman Exchange and Solutions12
Chap 3 System Architecture17
3.1 Real-Time OS18
3.2 TCP/IP Protocol Stack19
3.3 VPN Modules20
3.3.1 IKE Protocol Engine21
3.3.2 UDP Interface22
3.3.3 Key Management Module22
3.3.4 IPSEC Security Policy Database Interface23
3.3.5 Certificate Database APIs24
Chap 4 Implementing Framework of IKE25
4.1 Initialization Process26
4.1.1 RTOS Initialization.26
4.1.2 TCP/IP Protocol Stack Initialization27
4.1.3 VPN Modules Initialization28
4.2 IKE Retransmission Mechanism30
4.3 IKE Protocol Handler31
4.4 Interfaces Between IKE And IPSEC32
4.4.1 Communicating Directly By Calling To Associated Functions32
4.4.2 Communicating Through IP Stack32
4.5 Implementing Experience34
Chap 5 Framework Testing36
5.1 Set Up Testing Environment36
5.2 Result Packets Analysis37
5.2.1 Phase 1 — Performing ISAKMP SA38
5.2.2 Phase 2 — Performing IPSEC SA53
Chap 6 Conclusion and Future Work59
Reference61
Bibliography63
[Book01]William Stallings, “Cryptography and Network Security Principle and Practice”, 2nd Edition, July 1998.
[Bore00]Michael S. Borella, “Methods and Protocols for Secure Key Negotiation Using IKE”, IEEE Network, July-August 2000.
[Chun]Ying Chung Lung, “Design and Implement IPSEC over VPN Router”, June 2001.
[Diff76]Diffie W., Hellman M. “New Directions in Cryptography”, IEEE Transactions on Information Theory, November 1976.
[Micr]http://www.microsoft.com/windows2000/en/server/help/default.asp
[Perl00]Radia Perlman, Charlie Kaufman, “Key Exchange in IPSEC: Analysis of IKE”, IEEE Internet Computing, November-December 2000.
[RFC2401]S. Kent, R. Atkinson, “Security Architecture for the Internet Protocol”, RFC 2401, November 1998.
[RFC2402]S. Kent, R. Atkinson, “IP Authentication Header”, RFC 2402, November 1998.
[RFC2406]S. Kent, R. Atkinson, “IP Encapsulating Security Payload (ESP)”, RFC 2406, November 1998.
[RFC2407]D. Piper, “The Internet IP Security Domain of Interpretation for ISAKMP”, RFC 2407, November 1998.
[RFC2408]D. Maughan, M. Schertler, M. Scheneider, J. Turner, “Internet Security Association and Key Management Protocol (ISAKMP)”, RFC 2408, November 1998.
[RFC2409]D. Harkins, D. Carrel, “The Internet Key Exchange (IKE)”, RFC 2409, November 1998.
[RFC2412]H. Orman, “The OAKLEY Key Determination Protocol”, RFC 2412, November 1998.
[RFC2631]E. Rescorla, “Diffie-Hellman Key Agreement Method”, RFC 2631, June 1999.
[RFC2764]B. Gleeson, A. Lin, J. Heinanen, G. Armitage, A. Malis, “A Framework for IP Based Virtual Private Networks”, RFC 2764, February 2000.
[Secu01]VPN Mailing Lists from SecurityFocus.com, moderated by Tina Bird, Counterpane Internet Security, Inc.
[RFC1828]P. Metzger, W. Simpson, “IP Authentication using Keyed MD5”, RFC 1828, August 1995.
[RFC1829]P. Karn, P. Metzger, W. Simpson, “The ESP DES-CBC Transform”, RFC 1829, August 1995.
[RFC 2085]M. Oehler, R. Glenn, “HMAC-MD5 IP Authentication with Replay Prevention”, RFC 2085, February 1997.
[RFC2104]H. Krawczyk, M. Bellare, R. Canetti, “Keyed-Hashing for Message Authentication”, RFC 2104, February 1997.
[RFC2403]C. Madson, R. Glenn, “The Use of HMAC-MD5-96 within ESP and AH”, November 1998.
[RFC2404]C. Madson, R. Glenn, “The Use of HMAC-SHA-1-96 within ESP and AH”, November 1998.
[RFC2405]C. Madson, N. Doraswamy, “The ESP DES-CBC Cipher Algorithm With Explicit IV”, November 1998.
[RFC2410]R. Glenn, S. Kent, “The NULL Encryption Algorithm and Its Use With Ipsec”, November 1998.
[RFC2411]R. Thayer, N. Doraswamy, R. Glenn, “IP Security Document Roadmap”, November 1998.
[RFC2451]R. Pereira, R. Adams, “The ESP CBC-Mode Cipher Algorithms”, November 1998.
[RFC2857]A. Keromytis, N. Provos, “The Use of HMAC-RIPEMD-160-96 with ESP and AH”, June 2000.
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top