跳到主要內容

臺灣博碩士論文加值系統

(3.236.84.188) 您好!臺灣時間:2021/08/03 14:40
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

我願授權國圖
: 
twitterline
研究生:張知穎 
研究生(外文):Chih-ying Chang
論文名稱:在IPv6網路執行安全與效率傳輸之效率安全通道設計
論文名稱(外文):Efficient Secure Pipe: Achieving Security and Efficiency in IPv6 Networks
指導教授:李忠憲李忠憲引用關係
指導教授(外文):Jung-Shian Li
學位類別:碩士
校院名稱:國立成功大學
系所名稱:電腦與通信工程研究所
學門:工程學門
學類:電資工程學類
論文種類:學術論文
論文出版年:2008
畢業學年度:96
語文別:英文
論文頁數:64
中文關鍵詞:IPsecEfficient Secure PipeIPsecHC標頭壓縮
外文關鍵詞:Header CompressionEfficient Secure PipeIPsecHCIPsec
相關次數:
  • 被引用被引用:0
  • 點閱點閱:120
  • 評分評分:
  • 下載下載:0
  • 收藏至我的研究室書目清單書目收藏:0
隨著無線網路的發展,越來越多的裝置需要連上網路進行通訊,「網路安全」的議題日漸受到矚目,然而在傳輸效能與網路安全之間存在著得與失的權衡問題。IPsec是常見應用於兩端閘道器上保護兩端之間資料傳輸的架構,它擁有強大的安全機制,但是因此付出的代價卻影響到傳輸的效能。

於是我們提出一個在IPv6網路上的效率安全通道設計(Efficient Secure Pipe),其目的為整合封包的資料壓縮、標頭壓縮與IPsec架構,兼顧安全與效率的傳輸。我們針對TCP封包與RTP封包不同的特性,分別執行資料壓縮與標頭壓縮。由於現有的標頭壓縮演算法是基於hop-by-hop而設計,不適合直接移植到IPsec架構下,所以Efficient Secure Pipe所使用的標頭壓縮IPsecHC,是我們針對在IPsec架構下特別設計的壓縮演算法。

Efficient Secure Pipe與傳統的IPsec相比,具有方便安裝佈署於無線IPv6網路上的特性,並且以一種模式同時達成IPsec下的通道模式與傳輸模式,最重要的,透過實作結果顯示,Efficient Secure Pipe對於TCP與RTP的傳輸,能在不影響安全的條件下減少傳輸時間,達到既安全又有效率的傳輸。
For the growth up of the wireless networks, more and more devices need to be connected in the networks. The “network security” issue has become important in recent years. However, the trade-off between the security and efficiency always exits. IP security is considered as the most popular security architecture for the communication between two gateways. But the kind of security solution always brings the larger size packets and long processing time.

This thesis proposed a new architecture, called Efficient Secure Pipe. It integrates the payload and header compression mechanisms in IP security architecture to achieve both security and efficiency in IPv6 networks. The traditional header compression algorithms are based on a hop-by-hop architecture. Therefore we present a new header compression algorithm, called IPsecHC for Efficient Secure Pipe, to be performed in a path.

The difference between the traditional IPsec and Efficient Secure Pipe is that Efficient Secure Pipe provides different compressions to different traffic types. It is easy to deploy in the wireless IPv6 networks. Furthermore, Efficient Secure Pipe uses only one mode to replace transport mode and tunnel mode in the traditional IPsec. Most importantly, the implementation results show that the compression has active influence on encryption no matter for TCP traffic or RTP streams. Therefore, Efficient Secure Pipe can achieve both security and efficiency.
CHAPTER1. INTRODUCTION 1
1.1 INTRODUCTION 1
1.2 MOTIVATION 2
1.3 PROPOSED GOALS 5
1.4 DOCUMENT OUTLINE 5
CHAPTER2. RELATED WORK AND BACKGROUND 7
2.1 RELATED WORK 7
2.1.1 Virtual Private Networks 7
2.1.2 Header Compression 8
2.2 IPV6 NETWORKS 8
2.3 IPSEC VPN 10
2.3.1 VPN Protocols 10
2.3.2 IPsec 11
2.3.3 AH, ESP and IKE protocols 12
2.3.4 Summary 14
2.4 HEADER COMPRESSION 14
2.4.1 Overview 14
2.4.2 Header Compression Standards 15
2.4.2.1 IPHC 16
2.4.2.2 CRTP and ECRTP 16
2.4.2.3 ROHC 17
2.4.3 Summary 19
CHAPTER3 EFFICIENT SECURE PIPE ARCHITECTURE 20
3.1 EFFICIENT SECURE PIPE OVERVIEW 20
3.2 LEMPEL-ZIV-STAC COMPRESSION 22
3.3 IPSECHC 24
3.3.1 Classification of Header Fields 25
3.3.2 IPsecHC Header Format 31
3.4 IPSECX 34
3.4.1 Outbound Packets 35
3.4.2 Inbound Packets 36
CHAPTER4 IMPLEMENTATION 38
4.1 IMPLEMENTATION ENVIRONMENT 38
4.2 TOOLS AND PROTOCOLS 40
4.2.1 RADVD 40
4.2.2 StrongSWAN 41
4.2.3 OpenSER 42
4.2.4 SIP 43
4.2.5 Minisip 44
4.3 PACKETS IN LINUX KERNEL 45
4.4 PACKETS TO USER SPACE 46
CHAPTER5 RESULTS ANALYSIS 49
5.1 CHARACTERISTICS 49
5. 2 RESULTS 50
5.2.1 TCP Traffic 51
5.2.2 RTP Streams 54
5.3 SUMMARY 56
CHAPTER6 DISCUSSIONS AND CONCLUSIONS 57
6.1 DISCUSSIONS 57
6.2 CONCLUSIONS 59
REFERENCES 62
[1]A. A. Joha, F. B. Shatwan, M. Ashibani, “Performance Evaluation for Remote Access VPN on Windows Server 2003 and Fedora Core 6”. In Proc. of Telecommunications in Modern Satellite, Cable and Broadcasting Services. TELSIKS 2007. 8th International Conference, pages 587-592, Sep. 2007
[2]C. A. Shue, M. Gupta, S. A. Myers, “IPsec: Performance Analysis and Enhancements”. In Proc. of Communications, 2007. ICC '07. IEEE International Conference, on pages 1527-1532, Jun. 2007.
[3]C. Shue, Y. Shin, M. Gupta, J. Y. Choi, “Analysis of IPsec Overheads for VPN Servers”. In Proc. of Secure Network Protocols, 2005. (NPSec). 1st IEEE ICNP Workshop, on pages 25- 30, Nov. 2005.
[4]E. Brower, E. Ertekin, C. A. Christou, S. O’Keeffe, “The application of header compression to IPsec encrypted networks”. In proc. of Military Communications Conference, MILCOM 2005. IEEE, on pages 2844- 2850 Vol. 5 Oct. 2005.
[5]E. Brower, L. Jeffress, J. Pezeshki, R. Jasani, E. Ertekin, “Integrating header compression with IPsec”. In proc. of Military Communications Conference. MILCOM 2006, on pages: 1-6, Oct. 2006
[6]E. Ertekin, C. Christou, B. A. Hamilton, “Internet Protocol Header Compression, Robust Header Compression, and Their Applicability in the Global Information Grid”. In proc. of Communications Magazine, IEEE, Volume: 42, Issue: 11, on pages: 106- 116, Nov. 2004
[7]N. Fukumoto, H. Yamada, “Performance Enhancement of Header Compression over Asymmetric Wireless Links based on the Objective Speech Quality Measurement”, in Proc. IEEE International Symposium on Applications and the Internet (SAINT’07), on page: 16, 2007.
[8]S. Ayed, A. Minaburo, L. Toutain, “Enhancing robust header compression over IEEE 802 networks”, in proc. of Wireless and Mobile Computing, Networking and Communications (WiMob'2006). IEEE International Conference, on pages: 380-385, Jun. 2006
[9]S. Khanvilkar, A. Khokhar, “Virtual Private Networks: An Overview with Performance Evaluation”, in proc. of Communications Magazine, IEEE, volume: 42, issue: 10 on pages: 146- 154, Oct. 2004
[10]W. B. Diab, S. Tohme, C. Bassil, “Critical VPN Security Analysis and New Approach for Securing VoIP Communications over VPN Networks”, in proc. of the 3rd ACM workshop on Wireless multimedia networking and performance modeling (WMuNeP’ 07), on pages: 92 – 96, 2007
[11]IEEE 802.11, Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) specifications, IEEE, Aug. 1999.
[12]ITU Recommendation G.711 (11/88): Pulse code modulation (PCM) of voice frequencies, available at http://www.itu.int/rec/T-REC-G.711/e
[13]ITU Recommendation G.729: Coding of speech at 8 kbit/s using conjugate-structure algebraic-code-excited linear prediction (CS-ACELP) , available at http://www.itu.int/rec/T-REC-G.729/e
[14]J. Postel, “Internet Protocol Specification”, RFC 791, 1981.
[15]V. Jacobson, “Compressing TCP/IP Headers for Low-Speed Serial Links”, RFC 1144, 1990.
[16]R. Atkinson, “IP Encapsulating Security Payload”, RFC 1827, 1995.
[17]R. Friend R., Monsour, “IP Payload Compression Using LZS”, RFC 2395, 1998.
[18]S. Kent, R. Atkinson, “Security Architecture for the Internet Protoco”l, RFC 2401, 1998.
[19]S. Kent, R. Atkinson, “IP Authentication Header”, RFC 2402, 1998.
[20]D. Harkins, D. Carrel, “The Internet Key Exchange (IKE)”, RFC 2409, 1998.
[21] S. Deering, R. Hinden, “Internet Protocol, Version 6 (IPv6) Specification”, RFC 2460, 1998.
[22] T. Narten, E. Nordmark, W. Simpson, "Neighbor Discovery for IP Version 6 (IPv6)" ,RFC 2461, 1998
[23]M. Degermark, B. Nordgren, S. Pink, “IP Header Compression”, RFC 2507, 1999.
[24]S. Casner, V. Jacobson, “Compressing IP/UDP/RTP Headers for Low-Speed Serial Links”, RFC 2508, 1999.
[25]B. Gleeson, A. Lin, J, Heinanen, G. Armitage, A. Malis, “A Framework for IP Based Virtual Private Networks”, RFC 2764, 2000.
[26]C. Burmeister et al., “RObust Header Compression (ROHC): Framework and four profiles: RTP, UDP, ESP, and uncompressed”, RFC 3095, 2001.
[27]J. Rosenberg, "SIP: Session Initiation Protocol", RFC 3261, 2002.
[28]T. Koren et al., “Enhanced Compressed RTP (CRTP) for Links with High Delay, Packet Loss and Reordering”, RFC 3545, 2003.
[29]StrongSwan:the OpenSource IPsec-based VPN Solution for Linux, available at http://www.strongswan.org/
[30]OpenSER: the Open Source SIP Server, available at http://www.openser.org/
[31]MySQL: The world's most popular open source database, available at http://www.mysql.com/
[32]Minisip: SIP based phone, available at http://www.minisip.org/
[33]Netfilter: the software of the packet filtering framework, available at http://www.netfilter.org/
連結至畢業學校之論文網頁點我開啟連結
註: 此連結為研究生畢業學校所提供,不一定有電子全文可供下載,若連結有誤,請點選上方之〝勘誤回報〞功能,我們會盡快修正,謝謝!
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top