摘要
IKE协议是IPsec协议簇的重要组成部分,用来动态地建立和维护安全关联SA,是IPsecVPN安全传输的先决条件和保证。文章在研究现有IKE协议的基础上,将公钥基础设施PKI体系引入其中,提出将ECC技术、X.509数字证书、访问控制技术同IKE协议相结合,设计了一个基于PKI身份认证和访问控制的增强型IKE协议,从而提高了IPsecVPN网关的安全性和可扩展性,有效保护了VPN网络资源的安全。最后给出了基于最新Linux2.6内核的实现方案,并对由此构建的IPsecVPN安全网关原型系统的工作过程作了说明。
Internet Key Exchange (IKE) is one of the important protocols in IPsec protocol suite. As used to dynamically establish and maintain security associations (SAs), IKE is the prerequisite and guarantee for secure communication with IPsec VPN. This paper has researched on current IKE protocol, and proposed to introduce the public key infrastructure and to combine the techniques of ECC, X.509 digital certificate and access control with IKE, so as to design an enhanced IKE protocol based on authentication and access control with PKI, improving the security and extensibility of IPsec VPN gateway and protecting VPN network resources effectively. In the end, the paper has given out an implementing scheme based on the latest Linux kernel 2.6 and some explanations for processing on this IPsec VPN security gateway prototype.
出处
《微电子学与计算机》
CSCD
北大核心
2006年第5期72-75,共4页
Microelectronics & Computer
基金
江苏省自然科学基金项目(BK2004039)
