跳到主要內容

臺灣博碩士論文加值系統

(44.201.97.138) 您好!臺灣時間:2024/09/16 00:55
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

: 
twitterline
研究生:翁木龍
研究生(外文):Mu-Lung Weng
論文名稱:Linux環境下以AES及SHA-256強化VPN的設計與實現
論文名稱(外文):The design and implementation of enhanced VPN by applying AES and SHA-256 on Linux platform
指導教授:楊中皇楊中皇引用關係
指導教授(外文):Chung-Huang Yang
學位類別:碩士
校院名稱:國立高雄第一科技大學
系所名稱:資訊管理所
學門:電算機學門
學類:電算機一般學類
論文種類:學術論文
論文出版年:2002
畢業學年度:90
語文別:中文
論文頁數:91
中文關鍵詞:先進加密標準AES公開原始碼FreeS/WANIP安全協定預共享密鑰安全雜湊標準SHA虛擬專用網
外文關鍵詞:AESFreeS/WANIPSecPre-share keySHAVPN
相關次數:
  • 被引用被引用:6
  • 點閱點閱:542
  • 評分評分:
  • 下載下載:115
  • 收藏至我的研究室書目清單書目收藏:2
在Internet網路上,安全的通訊一直都是組織及個人最為重視的一環,對於安全通訊的高度需求也造成一股研究VPN的風潮。其中IETF制定的IPSec協定是目前VPN應用中最廣泛的開放標準之一,而FreeS/WAN是在linux、freebsd平臺下對IPSec的實作,這些標準跟實作都可以免費取得,也成為本論文的發展平台。另外AES及SHA-256是目前更安全及更有效率的加密及認證演算法之一。本篇論文透過對IPSec RFC的研讀,以及對FreeS/WAN開放原始碼(open source code)的修改,並將AES-128及SHA-256加入FreeS/WAN之中,來提高其安全性及效率。其次再將IPSec通信中的Pre-Shared key寫入IC卡中,配合低成本的讀卡機設備,使得密鑰管理更完善。最後提出整個IPSec VPN環境的建置步驟,以及展現實作的成果。經由本論文的方法不但可以強化 VPN 的通信環境,也使得 IPSec VPN 的建立花費更少、更有效率、也更安全。
The communication security in Internet is always emphasized by most organizations and people. The highly demand of Internet security generates the wide application of VPN (Virtual Private Network). IPSec (IP security protocol) defined by the IPSec Working groups of the IETF (Internet Engineering Task Force) is the most common solution of VPN. IPSec can accommodate newer cryptographic algorithms because of it’s open framework. And FreeS/WAN is a linux implementation of the IPSec. FreeS/WAN is also an open source software. So everyone can freely get and modify under GUN license. AES and SHA-256 are the newer cryptographic algorithms. They are more secure and efficient than 3DES and SHA-1 that FreeS/WAN implemented now. In this thesis AES and SHA-256 cryptographic algorithms are applied to FreeS/WAN source code modification. Then the IPSec pre-share key is saved in the IC card that combined with an IC card reader. Through the integration of the above enhancement, the communication security of the VPN has been well improved. And the IPSec VPN environment becomes more economic, efficient, secure and managiable.
中文摘要-----------------------------------------i
英文摘要----------------------------------------ii
致謝-------------------------------------------iii
目錄--------------------------------------------iv
圖目錄------------------------------------------vi
壹、VPN 簡介-------------------------------------1
一、什麽是VPN -----------------------------------1
二、使用VPN的優點--------------------------------2
三、 VPN的各種應用場合---------------------------3
四、目前VPN標準----------------------------------4
貳、IPSec 體系-----------------------------------6
一、IPSec 架構-----------------------------------6
二、 IPSec模式-----------------------------------7
三、 安全聯盟------------------------------------9
四、 SA 管理------------------------------------11
五、安全策略(Security Policy)-----------------13
六、 IPSec 處理---------------------------------15
參、ESP和AH通訊協定-----------------------------17
一、 ESP封包格式--------------------------------17
二、 ESP 處理模式-------------------------------19
三、AH封包格式----------------------------------22
四、 AH 處理模式--------------------------------24
肆、Internet Key Exchange-----------------------27
一、ISAKMP--------------------------------------27
二、IKE-----------------------------------------40
伍 FreeS/WAN設計概要及研究架構------------------58
一、FreeS/WAN目錄結構---------------------------58
二、FreeS/WAN 接收及發送封包過程分析------------62
三、FreeS/WAN互相操作性-------------------------63
四、FreeS/WAN未來展望---------------------------64
五、研究架構------------------------------------65
陸、以AES及SHA-256增強VPN功能及認證密鑰管理-----67
一、AES簡介-------------------------------------67
二、將AES應用在IPSec----------------------------68
三、HMAC-SHA-256簡介----------------------------71
四、將HMAC-SHA-256應用在IPSec-------------------72
五、認證密鑰管理--------------------------------74
六、IPSec VPN建置過程---------------------------75
柒、結論與未來工作------------------------------78
參 考 文 獻-------------------------------------80
1.Alcatel Networks Corp.(2000),Understanding the IPSec Protocol Suite http://www.alcatel.com/2.Angelos D.Keromytis ,John Ioannidis,Joan M. Smith (1997)Implementing IPSec3.C. Madson and N. Doraswamy(1998), The Use of HMAC-SHA-1-96 within ESP and AH, RFC2404, IETF 4.C. Madson and R. Glenn(1998),The Use of HMAC-MD5-96 within ESP and AH,RFC 2403,IETF5.Carlton R. Davis(2001),IPSec Securing VPNs ,Osborne6.D. Harkins, D. Carrel(1998),The Internet Key Exchange (IKE),RFC 2409,IETF 7.D. Maughan, M. Schertler, M. Schneider and J. Turner(1998), Internet Security Association and Key Management Protocol, RFC2408,IETF 8.D. McDonald ,C. Metz ,B. Phan (1998),PF_KEY Key Management API, Version 2 ,RFC 2367,IETF9.D. Piper(1998), The Internet IP Security Domain of Interpretation for ISAKMP, RFC2407,IETF 10.FreeS/WAN official Home Page,http://www.freeswan.org11.H. Krawczyk ,M. Bellare ,R. Canetti (1997),HMAC: Keyed-Hashing for Message Authentication ,RFC 2104,IETF12.H. Orman(1998),The OAKLEY Key Determination Protocol ,RFC 2412,IETF13.James S. Tiller, Jim S. Tiller(2000),A Technical Guide to Ipsec Virtual Private Networks ,Auerbach Publications14.Jong-Hyeon Lee (1997),A Survey on IPSEC Key Management Protocols15.Martin Murhammer, et al.(1999) ,A Comprehensive Guide to Virtual Private Networks ,IBM http://www.redbooks.ibm.com16.Naganand Doraswamy, Dan Harkins (1999),Ipsec: The New Security Standard for the Internet,Intranets,and Virtual Private Networks,Prentice Hall PTR 17.Niklas Hallqvist and Angelos D.Keromytis ,Implementing Internet Key Exchange(IKE)18.P. Karn ,P. Metzger and W. Simpson (1995),The ESP Triple DES Transform ,RFC 1851,IETF19.P. Karn,P. Metzger and W. Simpson (1995),The ESP DES-CBC Transform,RFC 1829,IETF20.Paul Ferguson and Geoff Huston(1998),What is a VPN?, http://www.employees.org/~ferguson/vpn.pdf21.Peter Loshin, Pete Loshin (1999),Big Book of IPsec RFCs: Internet Security Architecture, Morgan Kaufmann Publishers22.R. Pereira and R. Adams (1998),The ESP CBC-Mode Cipher Algorithms,RFC 2451,IETF23.R. Thayer, N. Doraswamy and R. Glenn(1998), IP Security Document Roadmap, RFC2411,IETF24.Radia Perlman and Charlie Kaufman (2000),Key Exchange in IPSec:Analysis of IKE Security Solution ,IEEE Internet Computer Nov、 Dec25.S. Frankel,S. Kelly(2001),The AES Cipher Algorithm and Its Use With IPsec, Internet Draft ,IETF 26.S. Frankel,S. Kelly(2001),The HMAC-SHA-256-96 Algorithm and Its Use With IPsec ,Internet Draft ,IETF27.S. Kent and R. Atkinson(1998) ,IP Authentication Header ,RFC 2402,IETF28.S. Kent and R. Atkinson(1998), IP Encapsulating Security Payload,RFC2406,IETF29.S. Kent and R. Atkinson(1998),Security Architecture for the Internet Protocol, RFC2401,IETF30.Sheila Frankel(2001),Demystifying the Ipsec Puzzle ,Artech House31.T. Braun, M. Günter, M. Kasumi, I. Khalil(1999), Virtual Private Network Architecture 32.何美秀(2000),VPN服務介紹,中華電信訓練所網路教學課程33.林育德(2001), 在VPN路由器上設計並實作IKE,大同大學碩士論文34.高笙庭(2000), 利用IPSEC達成封包傳輸隱匿之目的,台灣大學碩士論文 35.張智勝.陳伯偉譯(2001)Douglas Comer原著 ,TCP/IP互連網路-第四版,全華科技圖書公司36.楊慶隆(1997),IPSec機制探討,網路通訊雜誌,民88.0837.應中龍(2001),在VPN路由器中設計並實作IPSEC, 大同大學碩士論文
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top
無相關期刊