Design And Implementation Of National Secret SSL VPN Gateway Based On PF_RING

Posted on:2021-12-14

Degree:Master

Type:Thesis

Country:China

Candidate:P Zhao

Full Text:PDF

GTID:2518306305972429

Subject:Computer application technology

Abstract/Summary:

PDF Full Text Request

SSL(Secure Sockets Layer)is a secure communication protocol with international standards widely used in the field of network security,which provides guarantee for the secure transmission of application data.At present,most of the SSL VPN products widely used in China are based on the international standard SSL protocol.The cryptographic algorithms used in such products are international standards and do not meet China’s requirements for the security and controllability of cryptographic products.To this end,the National Cryptographic Administration has independently developed the national commercial cryptographic algorithm,namely the SM series algorithm.It also released the "GMT 0024-2014 SSL VPN Technical Specification" to guide the research and development of national secret SSL VPN products.Although SSL VPN is widely used in mobile office,e-government/commerce and other fields.However,as an emerging VPN technology,it is still in the stage of continuous practice and upgrade.In particular,China’s research on SSL VPN technology started late,and most of them use foreign standards and technologies,which inevitably have defects and deficiencies.Therefore,the research on the national secret SSL VPN technology has important practical significance.After in-depth analysis of the key components,working mechanism,and implementation principles of the SSL VPN system,this paper proposes two solutions to the concurrent performance and throughput problems of the system:One is to design a high-performance network processing framework based on asynchronous IO to improve Concurrency performance of SSL VPN.The second is to apply PF_RING,a high-performance network packet capture technology based on the Linux kernel,to the SSL VPN to improve the SSL VPN’s ability to process network packets,thereby increasing the throughput of the entire SSLVPN system.Finally,the national secret SSL VPN gateway based on PF_RING is designed and implemented,and compared with Open VPN.The test results show that the number of concurrent connections of the National Secret SSL VPN Gateway implemented in this paper can reach about 831.Data throughput increased by 2 to 3 times.The file download rate is increased to 1 to 2 times the original.

Keywords/Search Tags:

Concurrency, High Performance, SSL, SSL VPN, PF_RING, Libevent

PDF Full Text Request

Related items

1	Research And Implementation Of Terminal Security Access Management System Based On Libevent
2	Pf_ring Study In The High-speed Acquisition Of Network Flow
3	The Studies And Applications Of PF_RING In Monitoring System About China Mobile Services Business
4	The Optimazation Of Network Performance Of Spark Streaming By Using The PF_Ring Zero_copy Technology
5	Design And Development Of Lightweight And High-performance Log Collector
6	Research And Implementation Of High-performance Storage Systems NOSQL
7	Efficiency Optimization Of Encrypted Database In High Concurrency Environment
8	Research On Performance Improvement And Scalable Architecture In Enterprise Applications
9	Advanced Concurrency Control Algorithm Design and GPU System Support for High Performance In-Memory Data Management
10	Research And Implementation Of High Speed Packet Processing Technology Based On X86 Architecture