Ip Security And Ipsec Protocol

The security of IP is the foundation of network security , with dependence to the network of people being stronger and stronger , IP security seems particularly important , even concerns the development of network .IP Security Protocol (IPSec) is the standard security IP protocols defined by the Internet Engineering Task Force (IETF) , and it provides cryptographically-based security at network layer . The set of security services offered includes access control , connectionless integrity , data origin authentication , confidentiality and protection against replays. IPSec includes two important security protocols : the Authentication Header (AH) and the Encapsulating Security Payload (ESP) , and through the use of cryptographic key management protocols .IPSec provides security at IP-layer of the network , and offers protection for IP and/or upper layer protocols . IPSec is the best solution for Internet security . IPSec can be used by IPv4 and must be supported by IPv6 . But, it still has some security flaws . So , how to improve the security and performance of IPSec is the important task for the computer network word .Through the deep study of IP security and IPSec architecture , this thesis focuses on discussing some safe problems existing among the IPSec , and put forward my own suggestions . The groundwork of this thesis is summed up as follows :1 . This thesis analyses the security of Internet in Chapter one .2 . This thesis analyses the security of IP in Chapter two .3 . IP security and IPSec architecture have been deeply studied in Chapter three .Then this thesis goes on structure analyse to AH and ESP , and summarizes the cryptographic key management protocols .4 . This thesis analyses the commonly used algorithm of IPSec in Chapter four.5 . This thesis focuses on discussing some safe problems existing among theIPSec ,such as "cut-and-paste" , "probable plaintext" attacks , the problems of data origin authentication and protection against replays in multi-broadcast environment , and put forward my own suggestions about these questions . In addition , this thesis puts forward a compression idea and improved design based on ESP .6 . At last this thesis summarizes the implementation of IPSec and some practicaltechnologies based on IPSec .