作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2011, Vol. 37 ›› Issue (13): 109-112. doi: 10.3969/j.issn.1000-3428.2011.13.035

• 安全技术 • 上一篇    下一篇

基于隐式安全标记的IPsec研究

杨晓红,杜学绘,曹利峰   

  1. (解放军信息工程大学电子技术学院,郑州 450004)
  • 收稿日期:2011-01-06 出版日期:2011-07-05 发布日期:2011-07-05
  • 作者简介:杨晓红(1986-),男,硕士研究生,主研方向:网络安全;杜学绘,教授、博士;曹利峰,讲师、博士
  • 基金资助:
    国家“863”计划基金资助项目“面向等级保护的可信互联关键技术与多级互联系统”(2009AA01Z438)

Research of IPsec Based on Implicit Security Label

YANG Xiao-hong, DU Xue-hui, CAO Li-feng   

  1. (Institute of Electronic Technology, PLA Information Engineering University, Zhengzhou 450004, China)
  • Received:2011-01-06 Online:2011-07-05 Published:2011-07-05

摘要: 针对传统IPsec无法解决多级安全网络环境下的通信问题,提出一种基于隐式安全标记的IPsec方案。通过引入隐式安全标记,改进IKE、ESP协议处理流程,将IPsec SA与隐式安全标记有效绑定,并依据所保护数据信息的重要程度,协商标记SA时选取强度不同的算法及密钥,动态构建多密级标记保护隧道,实现不同密级数据流的逻辑隔离及安全通信。

关键词: 多级安全网络, 隐式安全标记, IPsec协议, 访问控制, 标记隧道

Abstract: Focusing on the problem of communication with traditional IPsec in Multi-level Security(MLS) network, this paper presents a solution about IPsec based on implicit security label. This solution solves the problem by adding implicit security label in IPsec, improving the processing of IKE, ESP protocol, binding the IPsec SA and implicit security label, selecting different algorithms and keys based on different information. It sets up different levels of labeled tunnels dynamically, and realizes the isolation of different levels of data stream and security communication in MLS networks.

Key words: Multi-level Security(MLS) network, implicit security label, IPsec protocol, access control, labeled tunnel

中图分类号: