摘要
首先指出了现有IPsec的不足,分析了IPsec开源项目FreeS/WAN的实现机制。在此基础上,本文针对FreeS/WAN提出了几点改进,设计并实现了一个具有应用感知能力的IPsec原型系统,试图提升IPsec端到端的安全性并合理有效地利用已有安全连接。最后,实验结果表明,上述改进在提升端到端安全性的同时性能下降并不明显,因而具有较高的可行性。
This paper first presents the disadvantages of current IPsec standards, then analyzes the implementation mechanism of open source project FreeS/WAN. Based on such analysis, this paper proposes some improvements towards FreeS/WAN, designs and implements an application- aware IPsec prototype, aiming at promoting end - to- end secrecy of IPsec and making proper use of the existing security connections. At last, the results of experiments indicate that such improvements are of high feasibility to promote end - to - end secrecy at the cost of minor decrease of performance.
出处
《西安邮电学院学报》
2009年第1期137-141,共5页
Journal of Xi'an Institute of Posts and Telecommunications