摘要
本文研究了Internet网络层IP安全协议亟待解决的理论和技术问题,提出一种适合于非连接IP数据加密业务密码同步的滑动窗口机制,从理论上描述了安全协议的运行状态,并对安全协议进行了扩展.针对非连接IP的特点以及目前sessionlessSKIP密钥管理的弱点,本文给出了无会话密钥管理的定义,提出了一种基于椭圆曲线理论的非会话密钥管理方案,该方案与传统方案相比可减少密钥长度,提高安全性能,同时有效地减少密钥计算的时间.最后,本文描述了安全IP在UNIX内核中的实现技术,该实现技术可使安全IP跨多种平台运行.
This paper investigates the theory and technique of Internet network layer secure protocols. It can also be considered as the extension of IETF's IPSEC such as RFCs and drafts. In order to synchronize the cryptographic algorithms through the connectionless oriented Internet Protocol, a new slipping window mechanism is presented, then the state of secure IP is described on the view of theory. The Simple Key management for Internet Protocol, SKIP, is a sessionless oriented protocol adapting to the connectionless oriented protocol IP. The great disadvantage of SKIP is that the computing efficiency will decrease quickly as the key length increases, when one wants to get more security based on Diffie Hellman key agreement. So this paper suggests a new sessionless oriented scheme, the elliptic curve public key exchange. It can reduce the key size and computing time meanwhile increase the difficulty of attack comparing to D H. Finally, the implementation of secure IP in UNIX kernel is described here, which can run on various hardware platforms with UNIX operating system.
出处
《计算机学报》
EI
CSCD
北大核心
1999年第2期171-176,共6页
Chinese Journal of Computers
关键词
密钥管理
INTERNET网
网络层协议
ATM
Secure IP, key management, elliptic curve public key, UNIX stream mechanism.
