The Research For VPN System Based On IPSec And Improved Implement Of IKE Protocol

The paper mainly studies the IKE protocol (Internet Key Exchange protocol) used for setting up SA and key management, including detailed content> realized detail and the advantage and disadvandage of the protocol .At 'the same time, it analyses about the security of IKE protocol and carries on improvement and helpful discussion to the loophole of the security in realizing.At first,it introduces IPSEC protocols. It aims at the lack of safety assurance about TCP/IP and solves the safe problem through IP layer realization. IPSEC can be divided into two major parts. One part is added to procotol stack, which carries on confidentiality, data integrality arid identity verification for the IP packets outputted and inputted. They are protocols realizing the communication security of the network directly; The other part isnecessary for these safety protocols to work normally. It sets up encrypt key, authencation key and security association which ensures the consulted work between security protocol and is called key management.It can be completed by IKE and relevant protocol.Then introduce IKE protocol. IKE security is foundation of the whole IPSEC protocol. Since safe realization of modern cryptography does not depend on the keeping secret of the algorithm again, it is guaranteed by the confidentiality of the key. If the key is stolen, there is no security at all in the whole IPSEC Protocol. IKE Protocol is used for production of the key and guarantee of security of key exchange .Its better security must lead to the complexity, so understanding to IKE Protocol detail is extremely important.The emphases of the paper focuses on not only realizing and grasping the complexity of IKE agreement flow and parameter in realizing, but also strengthening IKE protocol security and simplifying the procedure of agreement properly. Securityimprovements mainly aim at DoS attack, transform payload attackand the question with the identity protection. Then design each concrete module that realize IKE protocol, including IKE manage interface module, IKE incident dealing the module, agreement message dealing module. And carry on the experiment to the key technology which improved IKE. main mode of digital signature authentication, and analyse the negotiation process and result, proving whether to reach the anticipated negotiation and encryption result or not.