基于交换机的安全接入系统研究与实现

发布时间：2018-04-30 09:38

本文选题：交换机 + 嵌入式Linux　；参考：《华南理工大学》2014年硕士论文

【摘要】：网络的迅速发展给网络的管理与安全带来了许多新的挑战，传统的网络管理技术暴露出越来越多的不足，需要研究相应的技术去解决。为了实现对网络的有效管理，控制用户的网络接入、防止未授权用户使用网络，对用户进行接入认证是接入网络管理与安全的关键技术。结合源地址验证架构，针对IPv4/IPv6双栈的接入网环境，本文对基于交换机的安全接入系统展开研究，在嵌入式交换机硬件平台和嵌入式Linux操作系统上，设计并实现了一种基于接入网源地址验证的Web认证交换机，其核心思想是结合Web认证的认证流程实现源地址验证，以提高接入网络的安全性。首先通过对现有的接入认证技术与源地址验证技术的调研，根据实际的需求选择采用Web认证技术与SAVI技术作为技术基础。对Web认证技术与SAVI技术在交换机上直接结合进行了分析，设计了一种与Web认证结合的接入网源地址验证方案，使其更适合在资源受限的接入交换机上实现。然后在交换机的嵌入式Linux平台中，设计并实现了交换机上的功能模块，包括捕包模块、绑定表模块、执行模块、通信模块和Web认证模块等，并针对主要模块进行了设计和实现说明。最后对实现的原型系统进行了测试，结果验证了原型系统功能的正确性，，表明了方案的可行性。
[Abstract]:The rapid development of network has brought many new challenges to network management and security. Traditional network management technology has exposed more and more shortcomings. In order to realize the effective management of the network, control the network access of users and prevent unauthorized users from using the network, the key technology of access network management and security is to authenticate the users. Combined with the architecture of source address verification, this paper studies the secure access system based on switch for the access network environment of IPv4/IPv6 dual stack, which is based on embedded switch hardware platform and embedded Linux operating system. A Web authentication switch based on access network source address verification is designed and implemented. Its core idea is to implement source address verification in combination with Web authentication process in order to improve the security of access network. Firstly, through the investigation of the existing access authentication technology and source address authentication technology, Web authentication technology and SAVI technology are selected as the technical basis according to the actual needs. This paper analyzes the direct combination of Web authentication technology and SAVI technology on the switch, and designs an access network source address verification scheme combined with Web authentication, which makes it more suitable to be implemented on the access switch with limited resources. Then, in the embedded Linux platform of the switch, the function modules of the switch are designed and implemented, including the packet capture module, the binding table module, the execution module, the communication module and the Web authentication module, etc. The main modules are designed and implemented. Finally, the prototype system is tested and the results show that the function of the prototype system is correct and the scheme is feasible.
【学位授予单位】：华南理工大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08

【参考文献】