基于虚拟网卡的私有隧道协议的设计与实现

发布时间：2018-02-21 13:48

  本文关键词： 虚拟网卡 隧道协议 虚拟专用网 SSL协议 网络安全　出处：《哈尔滨工业大学》2016年硕士论文　论文类型：学位论文

【摘要】：随着经济的不断发展,企业业务及规模的逐步扩展,多数公司转型为分布式的组织结构,呈现出总部与多个分支机构协同办公模式。分支机构内部通常采用内部网络的形式进行组网,不同分支之间需要以安全的方式传递企业内部信息,而总部也需要将分布于各地的网络互联以方便统一管理。传统的解决方案是通过租用专用网络实现,但这种方式已经不能满足当前对于带宽及安全性的需求,而且需要支付高昂的费用。Internet的出现极大地方便了人们的信息交流过程。自80年代发展至今,越来越多的设备接入Internet,很多企业使用这一公共信道进行跨域资源访问。由于Internet最初设计是基于信任模型建立的,因此需要使用一定的机制为企业内部信息传输提供安全性保障,基于此诞生了包括防火墙及入侵检测系统等一系列的网络安全技术。虚拟专用网(VPN)通过在公共链路上虚拟出一条加密的通信隧道较好地满足了企业对于内部数据安全传输的需求。目前市场上VPN的种类繁多,实现方式更是层出不穷,较为主流的是使用隧道协议实现,包括工作在TCP/IP协议栈的第二层(数据链路层)的隧道协议PPTP,L2F,L2TP;网络层中基于IPSec的隧道协议;传输层中基于SSL的隧道协议。比较而言,二层协议的安全机制已经难以满足目前的需求;IPSec协议族是目前公认安全性最好的体系,但存在配置复杂性及难以通过NAT设备的缺点;基于SSL的隧道协议提供了一种在安全与易用两者之间较好的折衷方案。本课题综合了IPSec以及SSL两种方案的优点,设计并实现了一种基于虚拟网卡的私有隧道协议。并通过USB-Key作为硬件支持,依托于开源加密库Open SSL,以简单高效的方式保障了安全通信。通过系统的功能测试和性能测试,证明了本文设计实现的私有隧道协议具备较好的网络通信能力,能够满足用户在传输效率和数据安全性保障两方面的需求,具有较高的研究与实用价值。
[Abstract]:With the continuous development of the economy, and gradually expand the business scale and the majority of Companies in transition to distributed organizational structure, showing a pattern of collaborative office headquarters and multiple branches. The branches are usually used in the form of internal network within the network, the need to transfer between different branches of internal information in a secure manner, and headquarters needs to be distributed throughout the network to facilitate unified management. The traditional solution is by renting a dedicated network, but this way has been unable to meet the current demand for bandwidth and security, but also need to pay the high cost of the emergence of the.Internet greatly facilitates the exchange of information for people. Since 80s so far, access to Internet devices more and more, many enterprises use the public channel cross domain resource access. Because the original Internet design is based In the trust model, so it is necessary to use some mechanism to provide security for the enterprise internal information transmission, based on the birth of the network security technology includes a series of firewall and intrusion detection system. The virtual private network (VPN) through public communication link in a virtual tunnel encryption can better meet the enterprise the internal demand for secure data transmission. There are many kinds of VPN on the market, implementation is more mainstream is emerge in an endless stream, using the tunnel protocol, including work in the second layer of the TCP/IP protocol stack (data link layer) tunnel protocol PPTP, L2F, L2TP; network layer tunnel protocol based on IPSec transmission; layer tunnel protocol based on SSL. In comparison, the security mechanism of the two layer protocol has been difficult to meet the needs of the present; IPSec protocol is currently recognized as the best security system, but there are The configuration complexity and cannot pass the NAT equipment fault; tunnel protocol based on SSL provides a safe and easy to use a good compromise between the two. This paper combines the advantages of IPSec and SSL two programs, the design and implementation of a private tunnel protocol based on virtual NIC. And through USB-Key as hardware support based on the open source Open encryption library, SSL, in a simple and efficient way to protect the security of communication. Through the system function test and performance test, proved that the private tunnel protocol this paper introduces the design and implementation of network communication ability is good, can satisfy the users in the transmission efficiency and data security of the two aspects of demand, has high research with the practical value.

【学位授予单位】：哈尔滨工业大学
【学位级别】：硕士
【学位授予年份】：2016
【分类号】：TP393.08
，

本文编号：1522061