Design And Implementation Of Lightweight IPSec Security Gateway

With the increasing popularity of Internet technology,more and more people are accustomed to transmitting various files,pictures,videos,etc.on the network.However,there are many hidden dangers in the network,which are easily exploited by hackers with ulterior motives and cause serious security problems.The Internet Engineering Task Force(IETF)proposes a new security architecture for cybersecurity issues-IPSec.After several years of continuous improvement and modification,the IPSec protocol has been gradually applied to various fields.The IPSec security gateway is a typical application example.Especially with the continuous popularization of the Internet of Things project,the communication interconnection between different devices is more frequent,and the demand for low-cost lightweight IPSec security gateways is greatly increased.However,this lightweight gateway technology urgently needs to deal with two problems of collision detection and link optimization to meet the implementation requirements of lightweight IPSec security gateways.Firstly,the complex and diverse policy rules of IPSec security gateways are prone to a large number of conflicts,which leads to the failure of traffic processing to meet the expected problems.This paper proposes a policy conflict dynamic detection technology for IPSec security gateways,which implements dynamic conflict analysis of the IPSec security gateway policy list and completes conflict resolution expectations.By studying the types of IPSec policy conflicts,a dynamic conflict detection algorithm based on IPCDR is designed to realize the conflict analysis of IPSec-specific protection type strategies.By designing multiple policy detection algorithms and new improved algorithms,the comparison of the processing rates of the algorithms in different rule numbers verifies the time performance of the new algorithm and the type of strategy list that is more suitable for processing.Secondly,this paper proposes a multi-path transmission congestion management mechanism for cache space limitation,which is based on the problem of insufficient gateway cache triggered by IPSec security gateway after multi-path technology.By studying the performance of the IPSec security gateway in the case of Incast(insufficient cache),the scheme of adding the random backoff function in the joint congestion algorithm of the multi-path transmission technology is designed to improve the throughput of the IPSec security gateway in the Incast scenario.By comparing the congestion algorithm of this mechanism and the congestion algorithm of MPTCP's own congestion algorithm under different sub-flow numbers,it is verified that this mechanism can effectively alleviate the gateway Incast problem.Finally,based on the above key technologies,this paper designs and implements a lightweight IPSec security gateway system,and elaborates the network topology and overall framework of the system,as well as the specific decryption and encryption working mechanism,and gives the hybrid networking mode and Application effect in packet filtering mode.