计算机工程 ›› 2008, Vol. 34 ›› Issue (19): 147-150.doi: 10.3969/j.issn.1000-3428.2008.19.050

• 安全技术 • 上一篇    下一篇

VPN安全网关IKEv2-EAP/SIM扩展研究与设计

胡 平1,唐佳佳1,2,陆建德1   

  1. (1. 苏州大学计算机科学与技术学院,苏州 215006;2. 苏州科技学院计算中心,苏州 215009)
  • 收稿日期:1900-01-01 修回日期:1900-01-01 出版日期:2008-10-05 发布日期:2008-10-05

Research and Design of IKEv2-EAP/SIM Extension in VPN Security Gateway

HU Ping1, TANG Jia-jia1,2, LU Jian-de1   

  1. (1. School of Computer Science and Technology, Soochow University, Suzhou 215006; 2. Computing Center, Suzhou University of Science and Technology, Suzhou 215009)
  • Received:1900-01-01 Revised:1900-01-01 Online:2008-10-05 Published:2008-10-05

摘要: 以往安全网关的实现偏重于单一功能,且认证方式不够灵活。该文对最新IKEv2动态密钥协商机制进行研究和分析,结合EAP可扩展认证机制的优点,提出将EAP/SIM认证框架引入IKE认证体系的思路,给出实现方案,设计了基于EAP/SIM的增强型可扩展IKEv2系统。IKEv2-EAP系统以RADIUS为认证服务器实现AAA功能,使用新的IKEv2-EAP/SIM交互建立了安全的IPSec隧道,使VPN网关功能更趋灵活、强大及多样化。

关键词: EAP协议, SIM认证, IKEv2系统, RADIUS服务器, VPN网关

Abstract: Anciently, the implementation of security gateway only emphasizes on one side function and the authentication way is not flexible. This paper researches and analyzes deeply on latest IKEv2 protocol of dynamic key negotiation mechanism and combines the advantages of EAP, then gives a solution that introduces the EAP/SIM authentication framework into IKE authentication system and designs an enhanced extensible IKEv2 system based on EAP/SIM. IKEv2-EAP system takes RADIUS as the authentication server implementing AAA functions and employs up-to-date IKEv2-EAP/SIM interaction setting up the secure IPSec channels. This makes the function of VPN gateway more flexible, stronger and diversity.

Key words: EAP protocol, SIM authentication, IKEv2 system, RADIUS server, VPN gateway

中图分类号: