摘要
为了解决电子政务系统移动终端安全接入问题,文章设计并实现了一个面向移动终端的安全接入设备。该设备基于IPSecVPN技术,主要实现通信隧道的建立、通信双方身份认证、保障数据的机密性和完整性等功能。文章基于Strongswan软件框架的再开发技术完成系统各个模块的功能。密码算法作为设备安全设计的核心,现在通用的密码算法已经不能满足信息安全需求,使用国密算法标准成为设备的必然选择。Strongswan只提供了国际通用算法,因此有必要使用硬件密码卡来实现设备对国密算法的支持。通过修改Strongswan的算法库和策略库将国密算法注册到Strongswan中,同时对其功能模块进行设计改进,最终实现一个基于国密算法的安全接入设备。文章最后搭建测试环境验证了系统的可行性。
In order to solve the security access problem o f mobile terminal in E-govemment system, this paper designs a security access device for mobile terminal. The device is based on IPSec VPN technology, mainly to achieve the establishment of communication tunnel, the two sides5 identity authentication, protect the confidentiality and integrity of data and so on. The implementation of the system is based on the redevelopment of Strongswan software framework to complete the fimction of each module. At the same time, as the core of the security design, the cryptographic algorithm has been unable to meet the information security requirements. And Guomi algorithm becomes a necessary requirement of the equipment. Strongswan only provides the international common algorithm, so it is necessary to use the hardware encryption card to realize the equipment to the secret algorithm support.The algorithm of Strongswan and the strategy library are modified to register the state secret algorithm into Strongswan. At the same time,the design of the module is improved to realize a secure access device based on the national secret algorithm. At last, this paper establishment of environment to verify the system function and availability.
出处
《信息网络安全》
2016年第11期19-27,共9页
Netinfo Security
基金
北京市自然科学基金[416307]
