LI Jian-jun,XU Duan-qing,GUO Wei-qing

DOI: https://doi.org/10.3969/j.issn.1000-7024.2005.09.068

2005-01-01

Abstract:Combining with living examples and based on IPSEC,the realization of the VPN system was approached in many internet circumstances of remote access(such as gateway,broadband,xDSL etc.),and in view of the deficiency and the hidden troubles of the traditional static password,introduces a working mechanism was introduced which took into consideration both the tokencard two factor authentication and Windows AD,and proveds to be flexible and liable for the single-sign on clients.

YANG Xing-liang,HUA Bei,HU Xiang-hui,GUO Yan

DOI: https://doi.org/10.3969/j.issn.1006-9348.2006.08.036

2006-01-01

Abstract:With the rapid development of network technology and the ever-increasing communication requirement,Virtual Private Network(VPN) has become the most important technique for private network construction.Secure Socket Layer VPN(SSL VPN),due to its prominent advantages such as easy deployment and fine granularity configuration etc.compared with other VPNs,is widely employed in Remote Access VPN.However,SSL VPN is also faced with the security and efficiency challenges which seriously limit the development of the SSL VPN.This paper presents a new SSL VPN security authentication and acceleration scheme based on the discussion and analysis of the challenges,and also deduces a method for accelerator performance evaluation.

LI Zhi-tang,HE Gui-li,WANG Mei-zhen

DOI: https://doi.org/10.3969/j.issn.1001-3695.2007.12.105

2007-01-01

Abstract:The traditional SSL VPN was limited to support Web application,and could not meet the needs of many non-Web applications,such as OA,ERP,FTP,etc.Thus,in order to break through this limitation,this paper proposed an SSL VPN architecture based on virtual network interface card(VNICB-SSL VPN).It successfully solved the software collision in the NDIS framework,and it also avoided some problems such as reloading dynamic link library of WinSock2 and the incompleteness of filtration driver in transport layer to catch the network message.

Yanyuan Zhang

2007-01-01

Abstract:As traditional SSL VPN suffered from insufficient support for applications and weak security,an improved SSL VPN system architecture based on L2 switching technology was put forward.It accommodated three schemes: virtual switch deployed at SSL VPN proxy Server,data encapsulation standards and client firewall.The improved system not only meets all the applications,but also enhances the security of communication tunnels and client.Finally,the delay performance and concurrent performance testing of improved system were given.

XIA Tao,ZHOU Jing-Li,YU Sheng-Sheng,OUYANG Kai

2006-01-01

Computer Science

Abstract:The use of VPN to securely access the remote servers through Internet is one important technology in the current network security research. However, the tunneling technology of VPN makes it possible to bypass the control of firewall and compromise interior servers based on VPN server. Thus, this paper puts forth the Application-layer based Centralized Information Access Control Model, a new access control model for VPN. It integrates the features of the current mainstream access control models and the working mechanism of anti-virus and intrusion detection. On the basis of VPN communication stream, it also tightly couples access control with VPN tunnel and transmission mechanism to enhance network security. This paper also provides a prototype for the model.

Yan Shen,Qi-fei Zhang,Ling-di Ping,Yan-Fei Wang,Wen-juan Li

DOI: https://doi.org/10.1109/trustcom.2012.41

2012-01-01

Abstract:In the existing large-scale performance test of IPsec tunnel, it often needs special software and hardware. To solve the problem, this article proposed a new method, in which packet was encapsulated in user space, and a multi-tunnel controller was designed and implemented with the method of FSM(finite state machine), which controlled the negotiation and establishment of multiple tunnel, including L2tp, IKEv1, IKEv2, IKEv2+EAP and L2tp Over IPsec. Libpcap was used as the bottom layer driver of package, and the application of zero copy technique had reduced system cost immensely. At last, the result of the experiment verified the performance of the IKEv1 tunnel on Tunnel-mode and Transport-mode.

Yin Shu-ling

Abstract:Secure socket layer protocol is developed for the security of the data transmission,SSL VPN is a kind of VPN technology based on SSL protocol.It provides remote access and has been applied in the enterprises increasingly in recent years.It analyzed the components of SSL VPN and researched the key technologies.In view of the problem that the outside users can not access the resources of enterprise network,a solution of SSL VPN is designed.SSL VPN provides remote-access connectivity from almost any Internet-enabled location using a web browser that natively supports SSL encryption,the connection of SSL VPN,the connection of SSL VPN can help enterprise to improve efficient production and information protection in security access,and decrease the management and maintenance cost.

Engineering,Computer Science

OU Yang-Kai,Zhou Jing-li,XIA Tao,YU Sheng-Sheng

DOI: https://doi.org/10.3969/j.issn.1002-137x.2005.05.015

2005-01-01

Computer Science

Abstract:Aiming at the defects of the ordinary SSL VPN that the frequent setting-ups of tunnels will consume a large number of system resources,this paper presented a mechanism called STDM(Secure Tunnel Division Multiplexing).The kernel of this mechanism was Tunnel Caching,which implemented the shared use of secure tunnels by the independence of tunnel of a remote service.This mechanism would improve the efficiency of the system.

Lina Wang,Ge Yu,Guoren Wang,Xiaochun Yang,Dan Wang,Xiaomei Dong,Daling Wang,Zhe Mei

DOI: https://doi.org/10.1007/3-540-45151-x_16

2002-01-01

Abstract:The security requirements of a virtual enterprise information system are investigated and a virtual private network (VPN) is designed to ensure the security, taking the advantages of the integrated functionality of encryption, key management, user authentication, firewall, and certificate authority with low cost. Several novel techniques are adopted in the VPN: 1) An effective chaotic encryption algorithm by using Logistic chaotic mapping; 2) a chaos theory based user's "fingerprint" authentication algorithm by using mixed optically bistable chaotic model; 3) a reliable authentication mechanism by integrated Guillou-Quisquater digital signature with RSA encryption; 4) an efficient Certificate Authority (CA) and digit certificate mechanism. The details of the VPN are also presented, including a cryptography server, an auditing server, a digital signature server and an authenticating server.

陈静,谭成翔

DOI: https://doi.org/10.3969/j.issn.1671-0428.2009.01.015

IF: 5.105

2009-01-01

Computers & Security

Abstract:With the growth of a wide range of wireless remote access services, security has became one of the most popular concept in mobile community, Secure Socket Layer (SSL) is an security protocol that is commonly used on the Internet to secure the data by establish an virtual private network, This paper’s background is introduce a way to establish an private authentic secure SSL VPN tunnel in public net. At the beginning of this paper, we will introduce the SSL/TLS protocol in brief, and then presents our work relating an architecture and implication of remote access VPN based on SSL.

YU Ding-guo,SHU Ming-lei,TAN Cheng-xiang

DOI: https://doi.org/10.3969/j.issn.1002-137x.2011.01.028

2011-01-01

Computer Science

Abstract:We studied the current weaknesses of the mobile VPN based on traditional IPSec and SSL technology to present a solution of mobile SSL VPN based on socks5 proxy.This paper analysed the principle and the implementation process of the mobile SSL VPN,and introduced the framework and workflow of this system.Finally,we implemented and tested this system,and analyzed its security performance,access and data transmission efficiency.

Jun Luo

2008-01-01

Abstract:VPN(Virtual Private Network)is a technique that uses encryption and communication protocols to construct secure data transmission channels in public networks.Nowadays,it is the main choice to build secure VPNs using the SSL protocol.This paper analyses the internal working mechanism of tunnel-based SSL VPN,and presents a new SSL VPN solution which is based on the distributed tunnel model according to its performance bottleneck.By introducing the P2P technology,this solution uses the computing power of edge nodes to share the server's data transmission task.As a result,it does not only improve the performance of point-to-point transmission,but also enhance the whole throughput of a VPN system.

CHENG Shi-xun,LI Dong,HE Xin-hua

DOI: https://doi.org/10.3969/j.issn.1009-3044.2006.10.027

2006-01-01

Abstract:This article has discussed SSL VPN characteristic, analyzed its essential technology and the principle of work in detail, and researched that the Electronic Commerce based on WEB application uses SSL VPN to establish the security tunnel on application layer between two systems in order to ensure the users visit essential data and improve the security of significant information transmitting in the public network.

Shengsheng Yu,Changchun Ouyang,Jingli Zhou,Kai Ouyang

DOI: https://doi.org/10.3321/j.issn:1671-4512.2006.07.016

2006-01-01

Abstract:On the basis of NAP′s and NAC′s kernel philosophy, a security detecting system on the client sides of SSL VPN was designed to guarantee user′s security. The detection system protects the client from the hostile infringement of virus, malevolent code and being attacked by hacker through the detection to firewall, anti-virus software, OS patch in VPN client. An access control system was designed in SSL VPN server to control the access requests of different VPN clients. It is based on the result of client security state. The access control to requests of SSL VPN clients further enhances SSL VPN system security performance.

章寒芳,武君胜

DOI: https://doi.org/10.3969/j.issn.1002-2279.2008.03.021

2008-01-01

Microprocessors

Abstract:Along with development of e-business, organization or firm reinforce their business operation in internet. When organization or firm builds their long-rang net, they often consider some characters, such as security, reliability and manageable. The traditional way to build the net has been believed behind the times. Therefore, Virtual Private Net technology appears by the times required. This thesis introduces VPN definition, main technology, and application in e-business, and analyzes a VPN resolving in fact.

罗昕,张延园,马巍娜

DOI: https://doi.org/10.3969/j.issn.1007-757x.2008.05.014

2008-01-01

Abstract:As two kinds of popular VPN system,the SSL VPN is cheaper and easier to deploy and operate than the IPSec VPN.After compared normal VPN systems,the authors investigate OpenVPN,one product based on SSL VPN,and combine the Ethernet over SSL,Mail Callback,Relay Sever technologies to enhance VPN’s adaptability,and propose the Client Firewall strategy to improve the system security.At last through modeling the system with GSPN model,the experiment,which compared the estimative value with the experimental values,proves that the new structure of VPN system has the same outstanding performance.

Yun He Zhang,Xiao Hui Kou,Mei Zhen Wang,Ling Xiao,Wei Ming Li

DOI: https://doi.org/10.4028/www.scientific.net/amr.660.207

2013-01-01

Advanced Materials Research

Abstract:Considering the inadequacy of deploying the SSL VPN on mobile devices, we proposed a mobile SSL VPN system which can be used on mobile devices without any complex setups. The system mainly based on port forwarding and OPENVPN. This paper analysed the principle of this system and processing flow, then we collected the experimental results and made some improvement.

陈兴蜀,沈昌祥,蒋玉明,戴宗坤

2004-01-01

Abstract:With the development of information technology and network technology,the concept of virtual enterprise has been widely applied. But an entire solution for the security problems in the virtual enterprise's information system is still lacking. The paper brings forward the concept of virtual application network (VAN). It also describes VAN's network stack structure and realization in client,and how to realize user-based and application-based route control model of application layer in sever. Through research and implementation of the VAN,a user-based and application-based access control can be offered to the virtual enterprise's information system,thus a safe,unified and transparent network platform can be provided to the virtual enterprise.

Zhao Ling

Abstract:This paper is the research of security gateway that can set up a Virtual Private Network(VPN),the gateway adopts IPSec protocol as the security protocol of the network layer.Firstly,introduces the concept of VPN and its critical techniques;Secondly,describes the key technique to implement VPN security gateway—IPSec and its architecture,working mode and implement structure; Finally,analyzes the important role of security gateway in VPN system in detail.

Engineering,Computer Science

YANG Hao-miao,CHENG Hong-rong,ZHANG Wen-ke

DOI: https://doi.org/10.3969/j.issn.1009-8054.2012.06.026

2012-01-01

Abstract:A virtual private network(VPN) is a technology in build up the private network on the public communication infrastructures such as the Internet,which could be built up on PPTP,L2TP over IPSec,or SSTP tunnels.Traditional VPN Experiment is based on SSTP Protocol.Two more general Experiments,respectively based on L2TP/IPSec Protocol and SSTP Protocol,are designed.However,these experiments based on virtual machine platform are more convenient and economical.In addition,various security apparatuses on Windows system platform are also involved in the comprehensive experiment,such as active directory,DNS server,DHCP server,firewall,certification authority(CA),and so on.