èŠ‚ç‚¹æ–‡çŒ®

åˆ†å¸ƒå¼è™šæ‹Ÿä¸“ç”¨ç½‘å…³é”®æŠ€æœ¯çš„ç ”ç©¶â€”â€”Internetå¯†é’¥äº¤æ¢æ¨¡å—çš„è®¾è®¡ä¸Žå®žçŽ°

åˆ†é¡µä¸‹è½½
åˆ†ç« ä¸‹è½½
æ•´æœ¬ä¸‹è½½
åœ¨çº¿é˜…è¯»
ä¸æ”¯æŒè¿…é›·ç‰ä¸‹è½½å·¥å…·ï¼Œè¯·å–æ¶ˆåŠ é€Ÿå·¥å…·åŽä¸‹è½½ã€‚

ã€ä½œè€…ã€‘ åˆ˜å†›ï¼›

ã€ä½œè€…åŸºæœ¬ä¿¡æ¯ã€‘ ç”µåç§‘æŠ€å¤§å¦ ï¼Œ è®¡ç®—æœºåº”ç”¨ï¼Œ 2004ï¼Œ ç¡•å£«

ã€æ‘˜è¦ã€‘ IKE(Internet Key Exchange)åè®®æ˜¯IPSec(IP Security) åè®®ç°‡çš„é‡è¦åè®®ä¹‹ä¸€,è´Ÿè´£åŠ¨æ€åå•†å’Œç®¡ç†IPSec SA(Security Association , å®‰å…¨å…³è”)ã€‚è®ºæ–‡ä¸»è¦ç ”ç©¶äº†åè®®çš„è¯¦ç»†å†…å®¹ã€å®žçŽ°æœºåˆ¶åŠåè®®æœ¬èº«å˜åœ¨çš„ä¼˜ç¼ºç‚¹,å¹¶å…·ä½“å®žçŽ°äº†IKEåè®®çš„ä¸»æ¨¡å¼å’Œå¿«é€Ÿæ¨¡å¼ã€‚é¦–å…ˆä»‹ç»äº†VPN(Virtual Private Network,è™šæ‹Ÿä¸“ç”¨ç½‘)æŠ€æœ¯,æ¯”è¾ƒäº†ä¼ ç»Ÿè™šæ‹Ÿä¸“ç”¨ç½‘ä¸Žåˆ†å¸ƒå¼è™šæ‹Ÿä¸“ç”¨ç½‘(DVPN)çš„å·®å¼‚å’Œå„è‡ªçš„ç‰¹ç‚¹,åŒæ—¶ä»‹ç»äº†ç›®å‰æµè¡Œçš„VPNå…³é”®æŠ€æœ¯ã€‚åœ¨åˆ†æžIPSecåè®®çš„åŸºç¡€ä¸Š,æŒ‡æ˜ŽIKEåè®®åœ¨å…¶ä¸çš„åœ°ä½å’Œä½œç”¨ã€‚å…¶æ¬¡,è®ºæ–‡æ·±å…¥åˆ†æžäº†IKEåè®®,åŒ…æ‹¬IKEåè®®çš„ç»„æˆ,IKEåå•†çš„è¿‡ç¨‹,IKEæ¶ˆæ¯çš„æ ¼å¼åŠIKEåè®®çš„å®‰å…¨æ€§,å¹¶åœ¨æ¤åŸºç¡€ä¸Šæå‡ºäº†ä¸€ä¸ªå¯è¡Œçš„IKEå®žçŽ°æ–¹æ¡ˆ,ç»™å‡ºäº†ä¸€ä¸ªå…¨æ–°çš„æ¨¡å—æž¶æž„ã€‚ç„¶åŽ,æè¿°äº†è¯¥æ–¹æ¡ˆçš„å„ä¸ªæ¨¡å—çš„è®¾è®¡æ€æƒ³å’ŒåŠŸèƒ½åˆ’åˆ†,å¹¶å¯¹ç›¸å…³çš„ä¸»è¦æ•°æ®ç»“æž„å’Œæµç¨‹è¿›è¡Œäº†ä»‹ç»ã€‚åŒæ—¶æ·±å…¥åˆ†æžäº†WINDOWSç³»ç»Ÿä¸‹åº”ç”¨ç¨‹åºä¸Žæ ¸å¿ƒå±‚é€šä¿¡çš„æ¶ˆæ¯æœºåˆ¶ã€‚æœ€åŽ,å¯¹IKEå¯†é’¥äº¤æ¢æ¨¡å—è¿›è¡Œäº†æµ‹è¯•,åˆ†æžäº†æµ‹è¯•ç»“æžœ,å¹¶æå‡ºäº†å¯èƒ½çš„æ”¹è¿›æ–¹æ¡ˆ;è®ºè¿°äº†IKEåŠŸèƒ½çš„æ‰©å±•å’ŒIKEä»ŠåŽçš„å‘å±•ã€‚è®ºæ–‡çš„ä¸»è¦å·¥ä½œåœ¨äºŽç¼–ç¨‹å®žçŽ°äº†IKEçš„ä¸»æ¨¡å¼å’Œå¿«é€Ÿæ¨¡å¼,ä¸ºIPSecæä¾›äº†åŠ¨æ€çš„SA,ä½¿VPNç³»ç»Ÿæ›´åŠ å®Œå–„å’Œå®‰å…¨ã€‚æ›´å¤š è¿˜åŽŸ

ã€Abstractã€‘ IKE protocol, which is responsible for the dynamic negotiation and management of IPSec SA, is an essential element of the IPSec protocol family. The thesis investigates the details of protocol content, the mechanisms of realizing the key exchange, as well as the pros and cons of the protocol itself. The thesis provides a practical mechanism to realize the Main Mode and the Quick Mode of IKE protocol.The thesis first introduces the technology of VPN. The concept and the design of the distributed VPN are described. The differences and their characteristics of the traditional VPN and the distributed VPN are then compared. Essential VPN technologies currently being deployed broadly are presented. On the base that IPSec protocol has been analysed, the status and action of IKE protocol in it is presented. The thesis then provides in-depth analysis of IKE protocol, including components of the protocol, the negotiating process of IKE, the format of IKE messages, and the security of the protocol. Based on the existing protocol, a new practical mechanism for realizing the IKE, as well as a new mode, is proposed. The design principles and the functionalities of each component are then illustrated. The main data structure and the procedures are also discussed. Meanwhile, the thesis provides a complete analysis of the message mechanism under Windows system, which describes how the application communicates with the kernel. The thesis finally examines the components for secret key exchange in the IKE, analyses the examination and brings forward a proposal. Then the expansion of functionalities and future development of IKE are discussed.The main achievement is that the thesis provides a group of program to realize the Main Mode and the Quick Mode of IKE protocol. Dynamic SAs have been provided for IPSec, and make the VPN system more perfect and safe.æ›´å¤š è¿˜åŽŸ

ã€å…³é”®è¯ã€‘ VPNï¼› IPSecåè®®ï¼› IKEåè®®ï¼› SAï¼› ä¸»æ¨¡å¼ï¼› å¿«é€Ÿæ¨¡å¼ï¼›
ã€Key wordsã€‘ Virtual Private Networkï¼› Internet Key Exchange Protocolï¼› IP Security Protocolï¼› Security Associationï¼› Main Modeï¼› Quick Modeï¼›

ã€ç½‘ç»œå‡ºç‰ˆæŠ•ç¨¿äººã€‘ ç”µåç§‘æŠ€å¤§å¦

ã€åˆ†ç±»å·ã€‘TP393.08
ã€ä¸‹è½½é¢‘æ¬¡ã€‘119

çŸ¥ç½‘èŠ‚ä¸‹è½½

èŠ‚ç‚¹æ–‡çŒ®ä¸ï¼š

æœ¬æ–‡é“¾æŽ¥çš„æ–‡çŒ®ç½‘ç»œå›¾ç¤º:

æœ¬æ–‡çš„å¼•æ–‡ç½‘ç»œ

èŠ‚ç‚¹æ–‡çŒ®

èŠ‚ç‚¹æ–‡çŒ®

åˆ†å¸ƒå¼è™šæ‹Ÿä¸“ç”¨ç½‘å…³é”®æŠ€æœ¯çš„ç ”ç©¶â€”â€”Internetå¯†é’¥äº¤æ¢æ¨¡å—çš„è®¾è®¡ä¸Žå®žçŽ°

æœ¬æ–‡é“¾æŽ¥çš„æ–‡çŒ®ç½‘ç»œå›¾ç¤º:

åˆ†å¸ƒå¼è™šæ‹Ÿä¸“ç”¨ç½‘å…³é”®æŠ€æœ¯çš„ç ”ç©¶â€”â€”Internetå¯†é’¥äº¤æ¢æ¨¡å—çš„è®¾è®¡ä¸Žå®žçŽ°