ZHANG Ling-ling,PAN Xue-zeng,CUI Yu-zeng

2005-01-01

Abstract:Comparing the difference between IKEv2 and IKE,the advantages of IKEv2 on the complex of the implementation and the low delay were analyzed.The message exchange and the generation of various keys of IKEv2 was introduced, an implementation approach of IKEv2 using the security coprocessor were proposed.This implementation can accelerate the process of key generation,message encryption and integrity verify check.

许进,马殿富,怀进鹏,李巍

DOI: https://doi.org/10.3969/j.issn.1001-5965.2001.04.004

2001-01-01

Abstract:IPSec is a suits of protocol that can seamless bring security into IP and it's the only one Security Protocol for all Internet traffic. Besides IPv4, the IPSec can be also used in the next generation IP——the IPv6. We analyzed the architecture of IPSec, designed an IPSec implementation in Windows NT/2000, and give some application of IPSec in Internet. Finally, we discussed the limitation and the farther development of IPSec.

陆敏锋,平玲娣,李卓

DOI: https://doi.org/10.3969/j.issn.1000-3428.2010.03.051

2010-01-01

Abstract:Aiming at the problem that the IPSec-based VPN product, this paper designs and achieves a IPSec-based VPN test system running on the Linux platform. This paper introduces the IPSec protocol and its architecture, and presents the design and achievement of the test system through analyzing the principle of the IPSec protocol. Experiment result shows that this test system is feasible and effective.

Wei Yang,Pla Information

2003-01-01

Abstract:The exploitation of security gateway or security router is based on the deep understanding of IPSec protocols.In fact, IKE protocol can realize th e automated management of IPSec security parameters, and has high superiority i n technique.From the point of view of realizing IKE protocol, this paper explai ns how IKE daemon thread works,and analyzes emphatically message negotiations o f IK E protocol.

ge qingeng,wang haihang,tan chengxiang

DOI: https://doi.org/10.3321/j.issn:1002-8331.2002.10.055

2002-01-01

Abstract:As one main research focus of network security,VPN puts forward a new solution of network-layer security architecture,and VPN based on the IPSec become more and more popular.In this paper,IPSec protocol architecture and Linux kernel structure are studied carefully.Then the paper presents the scheme of designing and implementing IPSec on the Linux-making changes to TCP/IP stack of Linux and implementing IPSec there.Also the key technique to accomplish this system is discussed in the paper in detail.

吴越,疏朝明,卜勇华,胡爱群,毕光国

DOI: https://doi.org/10.3321/j.issn:1001-0505.2002.04.003

2002-01-01

Abstract:IPSec (IP security) is the de facto standard of implementing virtual private network on network layer, while key exchange and management mechanism is crucial for IPSec protocols. A through study on fundamental concepts and principles of key exchange for IPSec based VPN (virtual private network) is conducted and the details of the security key exchange mechanism on non-secure public IP based network through a set of parameters negotiation is illustrated. A software implementation of Client/Server model VPN key exchange upon Linux operating system is presented and its security performance such as anti-denial-of-service, anti-connection lijacking, anti-the man-in-the-middle attack and anti-eavesdropping etc. are analyzed. Finally the paper gives a prospective view of IKE (Internet key exchange) research.

王昱白,汪海航,谭成翔

DOI: https://doi.org/10.3969/j.issn.1000-3428.2003.01.024

2003-01-01

Abstract:First the security of IKE is analysed and the method to keep away some attacks is discussed ,and then the basic model of IPSec security gateway and the interrelation among the IKE module and other modules are analysed after the IKE protocol and security are studied. Also the method to construct the IPSec model on the IP layer is put forward. Finally some problems about IKE protocol based on the IPSec gateway are described.

吴越,疏朝明,卜勇华,胡爱群,毕光国

DOI: https://doi.org/10.3321/j.issn:1000-436x.2003.08.025

2003-01-01

Abstract:This paper has an overall research on security communication mechanism for IPSec based Virtual Private Network,discusses fundamental principles of various security service such as data origin authentication,integrity protection,anti-replay protection and their software implementation,illustrates the details of the security key exchange mechanism on non-secure public IP based network through a set of parameters negotiation,then presents a software implementation of Client/Server model WN key exchange upon LINUX operation system ,at last it gives IPSec security analysis and prospective view of the future research.

Ya Hang Zhang,BoWen Cheng,Sihan Qing,Guang N. Zou,Weiping Wen

DOI: https://doi.org/10.1117/12.855391

2010-01-01

Abstract:To solve the conflict between TCP accelerating technology based on PEP middle node and IPSec protocol used in the Satellite Network, NASA and the Hughes Research Laboratory (HRL) each independently proposed a solution named Multilayer IPsec protocol which can integrate IPSec with TCP PEPs. The problem is: Traditional IKE protocol can't work with Multilayer IPSec protocol. In this study, the traditional IKE main mode and quick mode are enhanced for layered IPSec protocol, and an improved layered key distribution protocol: ML-IKE is proposed. This key distribution protocol is used for key exchange between peers and middle node, so that different nodes have different security associations (SA), and different security associations correspond to different IP packet fields, so different SA nodes have different authorization to different IP packet fields. ML-IKE protocol is suitable for layered IPSec, thus layered IPSec can be used for automatic key distribution and update.

CHEN Aiguo,LIN Wei,LUO Guangchun,ZHANG Qiang

2013-01-01

MANNED SPACEFLIGHT

Abstract:To solve the conflict between TCP segment-based transport layer performance enhancement technology and IPSec protocol,the multi-layer IPSec technology has been proposed. But traditional IKE protocols can not meet the needs of Multi-layer IPSec key exchange. Based on the IKEv2,a lightweight space Quadri-party Internet Key Exchange Protocol (LSQ-IKE) is presented which can operate in multi-layer IPSec. LSQ-IKE makes a key agreement for the four parties,including two communication sides and two trusted middle nodes. It creates two security associations (SA) and the corresponding session keys to protect the communication process. One of the SA protects the IP packet header and the other protects the payload field,which meets the requirements of multi-layer IPSec key exchange. The analysis shows that LSQ-IKE uses fewer steps to achieve a Quadri-party key exchange than protocols that already exists. So LSQ-IKE has the low-cost and lightweight features.

YANG Hao-miao,ZHANG Wen-ke,JIANG Lei

DOI: https://doi.org/10.3969/j.issn.1002-0802.2012.06.002

2012-01-01

Abstract:IPSec is a basic security protocol of the Internet.The communicating peers should implement mutual ID authentication prior to the building up of IPSec channel.Traditional experiment of IPSec ID authentication is based on "Pre-shared keys".Two more general experiments are designed,respectively based on "Kerberos Protocol" and "Certificate".And the experiment based on virtual machine platform is comparatively convenient and economical.In addition,various security apparatuses on Windows platform are also involved in the comprehensive experiment,including active directory,DNS server,DHCP server,firewall,certification authority(CA),and so on.

Yinghua Wu,Jianping Wu,Ke Xu,Mingwei Xu

DOI: https://doi.org/10.1109/TENCON.2002.1181240

2002-01-01

Abstract:IPSec protocols offer a standard security mechanism, used for security service to upper' protocols (such as UDP and TCP). This paper introduces the design and implementation of Router Security Subsystem based on IPSec, the important part of High Performance Security Router made by Tsinghua University. We complete consummate and reliable security functions, use various optimal methods to enhance the performance furthest.

XU Ming-liang,TAN Cheng-xiang,WANG Hai-hang

DOI: https://doi.org/10.3969/j.issn.1671-0428.2007.11.014

2007-01-01

Abstract:Virtual Private Network(VPN) is an important technique transfer private information under public networks. It can set up a temporary but safe connection to a public network (normally an internet) by data packing and encrypted transferring, and then achieve the aim of transferring private information on public network. Recently, two technologies are mainly used by enterprise to set up internal VPN: IPSec VPN and SSL VPN. This paper introduces the concept of IPSec technique and describes IPSec protocol architecture, communication steps, and finally discusses implementation of VPN based on IPSec by Openswan in detail.

马淑萍,阳小华,李海燕

DOI: https://doi.org/10.3969/j.issn.1673-0062.2004.02.018

2004-01-01

Abstract:In current VPN applications,IPSec-based VPN is followed with great interests.This paper analyzes safe system structure,implementation strategy of IPSec and problems needed to pay attention to.Some integrated solutions to realize VPN are also provided.

符松,金志权,陈佩佩

DOI: https://doi.org/10.3969/j.issn.1000-3428.2001.10.045

2001-01-01

Abstract:IPSec is a security architecture for the Internet protocol ,which provides transparent protection services for upper protocols. It consists of the protocols of automatic key management, authentication and encryption. In this paper, some modifications and a new protocol for the runtime detection are presented to enhance the efficiency and security of the original architecture.

HU Ning,WANG Yongjun

DOI: https://doi.org/10.3969/j.issn.1000-3428.2006.05.035

2006-01-01

Abstract:This article summarizes the implementation framework of the IPSec protocol,and then describes the main mechanism of network processor such as tree search engine.Finally,it discusses the IPSec protocol key component’s implementation using network processor and gives a conclusion.

Weiping Sun,Xia Yin,Xingang Shi

2006-01-01

Abstract:The performance of the IKE protocol will much affect the performance of IPSec. In this paper, a test system for performance of IKE protocol was designed and verified. After having analyzed the test requirements of IKE's performance, this paper designed a black box test system which satisfies the performance test requirements. This test system is formed by the self-developed platform of protocol integrated test system, the extensible test suite and the IKE reference implementation. By using this test system, the IKE protocol performance was tested and the impacts of different parameters on the IKE protocol performance are analyzed. The feasibility of test system was verified.

Liu Xiang-jiang

2009-01-01

Abstract:Since the Point-to-Point protocol (PPP) provides no protection for the negotiations of algorithms, the Internet key exchange (IKE) protocol is introduced into PPP for the negotiations of shared keys and authentication, compression and encryption algorithms. Through the integrity protection of the control messages, this method effectively solves the security problem of negotiations in PPP. The analysis of the method shows that it is much more secure and more effective than the original PPP.

CAO Yu-lin,HU Fei

DOI: https://doi.org/10.3969/j.issn.1001-7542.2006.01.015

2006-01-01

Abstract:Along with fly information-basedly to develop soon,the safe problem of the network information is more and more outstanding for the sake of raising and guaranteeing the safety of the network,studying the AH and ESP agreement,exchange the foundation of protocol in the thorough analytical IPSec encryption key up,as to it's the existent weakness carried on thorough analysis,and give conorete improvement measure.

Yunxiao Sun,Bailing Wang,Hongri Liu,Yuliang Wei,Di Wu,Jing Wang

DOI: https://doi.org/10.1155/2022/2605684

2022-01-01

Wireless Communications and Mobile Computing

Abstract:The IPSec has been a widely used VPN (virtual private network) protocol due to its security and convenience. The security of IPsec itself plays a fundamental role in the overall security of the application system. However, it can be found from the existing research that because of some insecurity issues in the application process, the IPsec protocol will suffer from the man-in-the-middle attack. In this paper, we constructed the first experiment environment of IKE (Internet Key Exchange) man-in-the-middle detecting, use normal distribution to detect the RTT (round-trip time), and get 90% of accuracy.