期刊文献+

IPsec VPN安全网关的认证优化设计与实现 被引量:4

OPTIMIZED AUTHENTICATION DESIGN AND IMPLEMENTATION OF IPSEC VPN SECURITY GATEWAY
下载PDF
导出
摘要 IPsec VPN网关在使用数字证书对IPsec对等实体(远程用户、远程VPN网关)进行身份认证建立安全关联时,存在有效CRL及时性差、IPsec VPN安全网关开销过大和IKE认证时延过长等问题。为解决此类问题,给出了两种设计方案,分别为根据静态固定查询周期和根据自适应算法动态调整查询周期从LDAP服务器上获取CRL。这两种方案能有效平衡网关开销、提高认证速度并能较大提高有效CRL的及时性。 When IPsec VPN gateway carries out the IPSec peer entity( e. g. remote users, distant VPN gateway)authentication with certificate for establishing SA in IKE interaction, there are some problems such as poor timeliness of effective CRLs, hight overhead of IPsec VPN gateway and long time-delay in IKE authentication. The paper proposes two design schemes to solve these problems,one gains CRLs from the LDAP server according to the statically fixed polling period and the other gains by dynamically adjusting the polling period using adaptive algorithm. The two approaches effectively balanced the overhead of IPsec VPN gateway, speeded up the authentication process and improved the timeliness of CRLs a lot.
出处 《计算机应用与软件》 CSCD 北大核心 2008年第5期59-61,共3页 Computer Applications and Software
基金 江苏省自然科学基金项目资助(BK2004039)。
关键词 LDAP IPSEC IKE X.509证书 LDAP IPsec IKE X. 509 certificate
  • 相关文献

参考文献4

  • 1Microsoft Windows Server 2003 TechCenter.撤销凭证与公布CRL[OL]. http ://www. microsoft.com/technet/prodtechnol/windowsserver2003/zh-cht/library/ServerHelp/a4331 df0-273-b-41a3-95 f5-8425d39543c7. mspx. 2005,1.
  • 2Kaufman C. RFCA306 : Intemet Key Exchange ( IKEv2 ) Protocol [ S ]. 2005,12.
  • 3Korver B. IETF Internet Draft:The Internet IP Security PKI Profile of IKEv1/ISAKMP. IKEv2, and PKIX[ S]. 2005,7.
  • 4Housley R, Ford W, Polk W, Solo D. RFC 2459 : Internet X. 509 Public Key InfrastructureCertificate and CRL Profile. 1999,1.

同被引文献27

引证文献4

二级引证文献7

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部