一种CPN中基于DHCP扩展的IPSec安全关联参数管理机制

IPSec(Intemetsecurity,互联网协议安全性)通信方之间通过IPSecSA(securityassociation,安全关联)来维护安全信道,而现有的SA参数管理机制过于复杂,导致用户主机与目标服务器建立SA所需的时间、CPU负载、报文尺寸较大,降低了用户体验。通过分析CPN(customerpremisesnetwork,用户驻地网)的结构特点,发现其中的DHCP(dynamichostconfigurationprotocol,动态主机配置协议)服务器与其他基础网络服务器之间存在带外信任关系。利用这一信任关系以及DHCP扩展选项机制,设计并实现了一种针对CPN环境的轻量级的...

Full description

Saved in:
Bibliographic Details
Published in计算机应用研究 Vol. 32; no. 9; pp. 2812 - 2815
Main Author 钱炜烁 马迪 毛伟 王伟
Format Journal Article
LanguageChinese
Published 中国科学院计算机网络信息中心,北京 100190 2015
互联网域名系统北京市工程研究中心,北京 100190%中国科学院计算机网络信息中心,北京,100190
中国科学院大学,北京 100190%互联网域名系统北京市工程研究中心,北京,100190%中国科学院计算机网络信息中心,北京 100190
Subjects
互联网协议安全性
动态主机配置协议
安全关联参数管理
IPSec
互联网协议安全性
安全关联参数管理
SA parameter management
动态主机配置协议
DHCP
Online AccessGet full text
ISSN1001-3695
DOI10.3969/j.issn.1001-3695.2015.09.059

Cover

More Information
Summary:IPSec(Intemetsecurity,互联网协议安全性)通信方之间通过IPSecSA(securityassociation,安全关联)来维护安全信道,而现有的SA参数管理机制过于复杂,导致用户主机与目标服务器建立SA所需的时间、CPU负载、报文尺寸较大,降低了用户体验。通过分析CPN(customerpremisesnetwork,用户驻地网)的结构特点,发现其中的DHCP(dynamichostconfigurationprotocol,动态主机配置协议)服务器与其他基础网络服务器之间存在带外信任关系。利用这一信任关系以及DHCP扩展选项机制,设计并实现了一种针对CPN环境的轻量级的SA参数管理机制。实验结果表明,与传统机制相比,该机制在IPSecsA协商所需的时间、CPU负载、报文尺寸等方面均有显著改进。
Bibliography:51-1196/TP
Qian Weishuo, Ma Di , Mao Wei , Wang Wei ( 1. Computer Network Information Center, Chinese Academy of Sciences, Beijing 100190, China; 2. University of Chinese Academy of Sciences, Beijing 100190, China; 3. Internet Domain Name System Beijing Engineering Research Center Ltd. , Beijing 100190, China )
Secure connection between IPSec participants is achieved via IPSec SAs. However, there are no simple and elegant approaches to the management of SA parameters currently. As a result, the cost of user devices and target servers to negotiate a SA is expensive in aspects of time, CPU load and network usage. By analyzing the topology and deployment features of CPN, this paper found that there existed outbound trust relationship between the DHCP server and other service proviiters. Based on such a trust relationship, it developed a lightweight SA management mechanism aiming at CPN environment. Simulation ex- periments show that compared with the traditional ones, this new mechanism costs significantly less ti
ISSN:1001-3695
DOI:10.3969/j.issn.1001-3695.2015.09.059