黄益民,平玲娣,潘雪增

DOI: https://doi.org/10.3785/j.issn.1008-973x.2001.06.005

2001-01-01

Abstract:After study of existing security models; analysis of information flow model, Bell-LaPadula(BLP) access control model and Biba access control model; and collation and comparison of their advantages and disadvantages, an improved model is put forward that satisfies the actual demands of information security. An implementation strategy is put forward that ensures information security, reliability, practicality and compatibility in the designed security system. An implementation scheme of this security system and its components and functions is provided. This system combines the following functions: mandatory access contro1, privilege separation, security audit, identity authentication and self-protection. It achieves the level 3 of national information security standard and level B1 of TCSEC standard. It was implemented in the Windows NT and Linux operating system and has yielded good resultsin application.

Li Qi,Xu Mingwei,Xu Ke

DOI: https://doi.org/10.1109/ICOIN.2008.4472762

2008-01-01

Abstract:IP Security (IPSec) is an important protection mechanism for securing the Internet communication. However, IPSec is a complex security protocol family, and the management issue is still a challenge for mass deployment. Many researchers have investigated the IPSec management issue with various approaches, the policy configuration and distribution issue remain to be efficiently resolved. A certificate-based scheme to manage IPSec endpoints is proposed in this paper. A Role-based Access Control (RBAC) model is introduced to simplify the process of policy configuration, and policy control mechanism is proposed to check whether new security association conforms to local security policies. The analysis of the scheme shows the flexibility and efficiency of our approach. Based on our proposed scheme, we implement a prototype system with the proof-of-concept and conduct experimental studies to demonstrate the feasibility and performance of our approach.

吴越,疏朝明,卜勇华,胡爱群,毕光国

DOI: https://doi.org/10.3321/j.issn:1000-436x.2003.08.025

2003-01-01

Abstract:This paper has an overall research on security communication mechanism for IPSec based Virtual Private Network,discusses fundamental principles of various security service such as data origin authentication,integrity protection,anti-replay protection and their software implementation,illustrates the details of the security key exchange mechanism on non-secure public IP based network through a set of parameters negotiation,then presents a software implementation of Client/Server model WN key exchange upon LINUX operation system ,at last it gives IPSec security analysis and prospective view of the future research.

许进,马殿富,怀进鹏,李巍

DOI: https://doi.org/10.3969/j.issn.1001-5965.2001.04.004

2001-01-01

Abstract:IPSec is a suits of protocol that can seamless bring security into IP and it's the only one Security Protocol for all Internet traffic. Besides IPv4, the IPSec can be also used in the next generation IP——the IPv6. We analyzed the architecture of IPSec, designed an IPSec implementation in Windows NT/2000, and give some application of IPSec in Internet. Finally, we discussed the limitation and the farther development of IPSec.

Wei Qian,Xia Qingguo

DOI: https://doi.org/10.3969/j.issn.1009-8054.2006.07.049

2006-01-01

Abstract:The paper analyzes the security & privacy management mechanism of SNMP v3 Based on AES algorithm,emphati-cally analyzes the lack of security and the attacks subject to encounter,and puts forward a certain resolve method against the lack and attacks.

吴越,疏朝明,卜勇华,胡爱群,毕光国

DOI: https://doi.org/10.3321/j.issn:1001-0505.2002.04.003

2002-01-01

Abstract:IPSec (IP security) is the de facto standard of implementing virtual private network on network layer, while key exchange and management mechanism is crucial for IPSec protocols. A through study on fundamental concepts and principles of key exchange for IPSec based VPN (virtual private network) is conducted and the details of the security key exchange mechanism on non-secure public IP based network through a set of parameters negotiation is illustrated. A software implementation of Client/Server model VPN key exchange upon Linux operating system is presented and its security performance such as anti-denial-of-service, anti-connection lijacking, anti-the man-in-the-middle attack and anti-eavesdropping etc. are analyzed. Finally the paper gives a prospective view of IKE (Internet key exchange) research.

CAO Yu-lin,HU Fei

DOI: https://doi.org/10.3969/j.issn.1001-7542.2006.01.015

2006-01-01

Abstract:Along with fly information-basedly to develop soon,the safe problem of the network information is more and more outstanding for the sake of raising and guaranteeing the safety of the network,studying the AH and ESP agreement,exchange the foundation of protocol in the thorough analytical IPSec encryption key up,as to it's the existent weakness carried on thorough analysis,and give conorete improvement measure.

X Guo,K Yang,A Galis,Xc Cheng,B Yang,Dy Liu

DOI: https://doi.org/10.1109/ICCT.2003.1209840

2003-01-01

Abstract:Even though IP VPN has practically proven itself to be a cost-effective solution, the lack of centralized network management capabilities of current IP VPN deployment makes the management of growing VPN networks an extremely tedious procedure. This paper proposes to use policy-based network management method to address this challenge. Firstly, a policy-based IP VPN management architecture is presented, mainly explaining the operational components concerning the IPsec. Then a detailed discussion with respect to policy definition language and IP VPN policy information model is given. Finally, a case study for interdomain IP VPN configuration exemplifies the design and implementation of this management system based on the test-bed developed in the Networks & Services Group of University College London (UCL).

吴越,史小红,曹秀英,毕光国

DOI: https://doi.org/10.3969/j.issn.0255-8297.2003.02.018

2003-01-01

Journal of Applied Sciences

Abstract:This paper describes the vulnerability of the wired equivalent privacy(WEP) protocol in current IEEE802. 11 WLAN standard, such as key sequence reuse, key management and refreshment, message authentication and integrity, etc. It also presents a security solution for WLAN based on IP Security (IPSec) and discusses the fundamental principles of data origin authentication, integrity protection, anti-replay protection and key exchange, Finally it describes their software implementations, makes a security analysis of the solution and looks into the future research.

罗昕,张延园,马巍娜

DOI: https://doi.org/10.3969/j.issn.1007-757x.2008.05.014

2008-01-01

Abstract:As two kinds of popular VPN system,the SSL VPN is cheaper and easier to deploy and operate than the IPSec VPN.After compared normal VPN systems,the authors investigate OpenVPN,one product based on SSL VPN,and combine the Ethernet over SSL,Mail Callback,Relay Sever technologies to enhance VPN’s adaptability,and propose the Client Firewall strategy to improve the system security.At last through modeling the system with GSPN model,the experiment,which compared the estimative value with the experimental values,proves that the new structure of VPN system has the same outstanding performance.

Xuekai Du,Chengrong Wu,Ming Yan

DOI: https://doi.org/10.3969/j.issn.1000-386x.2017.01.054

2017-01-01

Abstract:IPv6 network is now popularized gradually because IPv6 can satisfy the demand of possessing exclusive address of global network nodes, and more and more people use the IPSEC technology to communicate with each other.However, the lawful interception in IPSEC communication is becoming difficult for many institutions;it is a problem that needs to be solved.To address this problem, an IPSEC security audit method of combining man-in-the-middle attack and key escrow system in IPv6 network is proposed and a prototype system is also built to realize the IPSEC security audit in and between the IPv6 networks.After functional verification and performance analysis in IPv6 environment, the experiment demonstrates the efficiency of the proposed method as expected.

ge qingeng,wang haihang,tan chengxiang

DOI: https://doi.org/10.3321/j.issn:1002-8331.2002.10.055

2002-01-01

Abstract:As one main research focus of network security,VPN puts forward a new solution of network-layer security architecture,and VPN based on the IPSec become more and more popular.In this paper,IPSec protocol architecture and Linux kernel structure are studied carefully.Then the paper presents the scheme of designing and implementing IPSec on the Linux-making changes to TCP/IP stack of Linux and implementing IPSec there.Also the key technique to accomplish this system is discussed in the paper in detail.

XU Ming-liang,TAN Cheng-xiang,WANG Hai-hang

DOI: https://doi.org/10.3969/j.issn.1671-0428.2007.11.014

2007-01-01

Abstract:Virtual Private Network(VPN) is an important technique transfer private information under public networks. It can set up a temporary but safe connection to a public network (normally an internet) by data packing and encrypted transferring, and then achieve the aim of transferring private information on public network. Recently, two technologies are mainly used by enterprise to set up internal VPN: IPSec VPN and SSL VPN. This paper introduces the concept of IPSec technique and describes IPSec protocol architecture, communication steps, and finally discusses implementation of VPN based on IPSec by Openswan in detail.

马淑萍,阳小华,李海燕

DOI: https://doi.org/10.3969/j.issn.1673-0062.2004.02.018

2004-01-01

Abstract:In current VPN applications,IPSec-based VPN is followed with great interests.This paper analyzes safe system structure,implementation strategy of IPSec and problems needed to pay attention to.Some integrated solutions to realize VPN are also provided.

余冬梅,刘密霞,冯涛

DOI: https://doi.org/10.3969/j.issn.1673-629x.2004.02.041

2004-01-01

Abstract:The greater the availability of the network, the greater its vulnerability to threats from within and outside the organization. To an organization, an enterprise, constructing an appropriate network security system is very necessary. Based on a framework for network security system design put forwarded in, detailed analysis of the phase of network security design is made in this paper, and architecture model and policy management implemented model are given, which hangs security architecture, security policy implement and the enforced mechanism of network security together, and insures the transition between high-level security requirement analysis and the low-level system implementation smoothly.

LIN Chen,LI Zhi-tang

DOI: https://doi.org/10.3969/j.issn.1007-130x.2007.06.007

2007-01-01

Abstract:The VPN technology is an efficient way to solve the end-to-end security problem in networks. The most pivotal aspect is to build the fit network security policies, which consist of one or more rules that describe the specific actions. This paper studies the security policy module, proposes a security policy model,and analyses the roles and the state translation of rules in security policy management tools. The results of experiment show that our VPN system can work normally and steadily.

Wei Yang,Pla Information

2003-01-01

Abstract:The exploitation of security gateway or security router is based on the deep understanding of IPSec protocols.In fact, IKE protocol can realize th e automated management of IPSec security parameters, and has high superiority i n technique.From the point of view of realizing IKE protocol, this paper explai ns how IKE daemon thread works,and analyzes emphatically message negotiations o f IK E protocol.

Yao Jian,Shi Xinju,Xie Li

DOI: https://doi.org/10.3969/j.issn.1000-386X.2006.12.006

2006-01-01

Abstract:It is necessary for integrated security management platform to solve the management problems of different security devices from different manufactures.The key problems of common management information model and common security management protocol are analyzed.At last,an implementation of integrated security management platform is described.

Li Jin,Li Ya Chen

DOI: https://doi.org/10.1109/icebeg.2011.5882417

2011-05-01

Abstract:With the quick development of computer network, the network scale in school campus has been keeping on expanding. Therefore, security problems of network become a focus of research, a well-operated network management becomes the key issue for a normal and effective school campus network This article mainly analyzes the problems and solutions of the campus E-government network security, studies the security issue and its root in school campus network and mainly probes into the key technique of the school campus network security management system, then we provides the security strategy of network According to the practical situation in our campus, we designs and realizes the school campus security management system.

Zhitang Li,Xue Cui,Lin Chen

DOI: https://doi.org/10.1109/FCST.2006.10

2006-01-01

Abstract:IPSec has been proposed to provide integrity, confidentiality and authentication of data communications over IP networks. However, the complex semantics of IPSec policies results in potential conflicts, such as shielding conflict, redundancy conflict and overlapping conflict, et al. The conflict should be identified and detected to avoid Internet security threat. However, there has no research on identifying and defining IPSec security policy conflict formally and comprehensively. So it is necessary to give a depth analysis on policy conflict. Therefore, the paper presents a generic model that represents IPSec security policy semantics. Based on it, we classify and define conflicts formally that may exist in a single IPSec device or in some tunnels between different IPSec devices. That the conflict analysis is comprehensive is proved also. The research provides theoretical foundation for policy conflict detection and prevention in IPSec policy configuration