TSP隧道代理实现及安全增强型技术研究

发布时间：2018-02-24 19:49

本文关键词： 隧道隧道代理隧道建立协议安全性　出处：《哈尔滨工业大学》2014年硕士论文　论文类型：学位论文

【摘要】：随着互联网的快速发展，IPv4协议的不足日益暴露，32位构成的IP地址不足以满足网络节点增长所需，安全性和移动性方面又存在先天性缺陷，所以，设计出地址长度128位，使用加密协议保证安全性，移动性方面表现良好，与现存的其它各层协议相兼容的IPv6协议是互联网发展所必然的。但IPv4协议已经广泛应用，IPv6协议不能与IPv4协议兼容，将存在较长一段时间的过渡时期，在过渡时期，研究的重点是如何实现IPv4网络和新建IPv6网络之间的互通技术。在双栈技术，隧道技术，网络地址翻译技术三大类技术中，隧道技术在透明，廉价和灵活性方面等优势显著，不过其配置复杂工作量较大的缺点限制了它的大规模发展，为此，开始研究隧道代理技术来实现隧道的自动化配置。本文先深入研究了过渡时期隧道技术等互通技术的研究目的和意义和到现阶段的研究情况，重点研究了隧道技术的研究现状和相关的安全性问题。接着对三类技术的实现原理和工作方式进行了综述，主要进行三种技术的异同比较和优势分析，接着详细介绍了隧道技术和隧道代理技术，印证式说明本文要研究的隧道代理的原因。隧道代理系统的使用引出了一些安全问题，而且现在的安全监测系统并不监测隧道流量也不对其过滤，可以引发多种形式的外部攻击，加之隧道代理模型本身导致的缺陷，，非法分子可以利用这些安全缺陷向隧道代理模型节点发起攻击，所以，本文重点分析了隧道代理的安全性缺陷并给出安全性增强技术方案。接着设计并实现了基于TSP协议的隧道代理模型系统，详细描述了TSP协议和隧道代理服务器端的实现细节，隧道代理模型系统的整体构建，并进行功能性测试，深入分析隧道代理使用过程中的信息交互过程，加入内容过滤模块并进一步实验，对实验结果进行分析并对本文实现的隧道代理系统在性能上和功能上的进一步扩展进行了展望。
[Abstract]:With the rapid development of the Internet, the shortage of IPv4 protocol is increasingly exposed that the 32-bit IP address is not enough to meet the needs of network node growth, and there are congenital defects in security and mobility. Therefore, the address length of 128 bits is designed. The use of encryption protocol to ensure security, mobility performance is good, compatible with other existing protocols of the IPv6 protocol is inevitable in the development of the Internet, but the IPv4 protocol has been widely used in the IPv6 protocol can not be compatible with the IPv4 protocol, There will be a long period of transition. During the transition period, the emphasis of the research is how to realize the interworking technology between IPv4 network and new IPv6 network. In the three kinds of technologies, double stack technology, tunnel technology and network address translation technology, the two stacks technology, the tunnel technology, and the network address translation technology are three kinds of technologies. Tunnel technology has many advantages such as transparency, low cost and flexibility. However, its complex configuration and large workload limit its large-scale development. Therefore, tunnel agent technology has been studied to realize the automatic configuration of tunnel. In this paper, the purpose and significance of the interworking technology of tunnel technology in transition period and the current research situation are studied in depth. This paper focuses on the research status of tunnel technology and related security problems. Then, the realization principle and working mode of three kinds of technologies are summarized, and the similarities, differences and advantages of the three technologies are analyzed. Then the tunnel technology and the tunnel agent technology are introduced in detail, which explains the reasons of the tunnel agent to be studied in this paper. The use of the tunnel agent system leads to some safety problems. Moreover, the current security monitoring system does not monitor the tunnel flow nor filter it, which can lead to various forms of external attacks, plus the defects caused by the tunnel agent model itself. Illegal elements can exploit these security flaws to attack tunnel agent model nodes, so, In this paper, the security defects of tunnel agent are analyzed and the security enhancement scheme is given. Then, the tunnel agent model system based on TSP protocol is designed and implemented, and the implementation details of TSP protocol and tunnel proxy server are described in detail. The whole system of tunnel agent model is constructed, and the function test is carried out. The process of information exchange in the process of using tunnel agent is deeply analyzed, and the content filtering module is added and further experiments are carried out. The experimental results are analyzed and the further expansion of the performance and function of the tunnel agent system implemented in this paper is prospected.
【学位授予单位】：哈尔滨工业大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08

【参考文献】