信息网络安全

信息网络安全 ›› 2015, Vol. 15 ›› Issue (9): 84-88.doi: 10.3969/j.issn.1671-1122.2015.09.020

• 入选论文 • 上一篇    下一篇

基于GDOI的国产化加密系统设计与实现

卓才华(), 李大鹏, 袁开国   

  1. 北京赛博兴安科技有限公司,北京100085
  • 收稿日期:2015-07-15 出版日期:2015-09-01 发布日期:2015-11-13
  • 作者简介:

    作者简介: 卓才华(1982-),男,湖南,高级工程师,本科,主要研究方向:网络及信息安全;李大鹏(1972-),男,山东,高级工程师,硕士,主要研究方向:网络及信息安全;袁开国(1982-),男,贵州,高级工程师,博士,主要研究方向:密码学、数字水印、物联网安全。

Research and Realization of Domestic Encryption System Based on GDOI

Cai-hua ZHUO(), Da-peng LI, Kai-guo YUAN   

  1. Beijing Cyber Xingan Technology Co.,Ltd.,Beijing 100085, China
  • Received:2015-07-15 Online:2015-09-01 Published:2015-11-13

RichHTML

2

PDF (PC)

94

摘要:

面对日益复杂的网络环境和网络应用安全需求,使用IPSec加解密开始出现各种局限(Qos问题、隧道实时性问题和组播通信等问题),基于GDOI协议的网络加密系统逐步成为首选。针对国内对网络设备日益提高的安全要求,文章利用标准RFC6407框架内扩展私有载荷属性的方式,采用国家商用密码算法同时扩展支持各类自定义算法,完整实现符合标准GDOI协议的网络密码系统。整个系统的设计与实现严格遵循国家密码管理局相关算法及设备安全要求规范。

关键词: GDOI协议, 安全, 国产化, 加密系统

Abstract:

Facing with the increasingly complex network environment and network application security needs, it appears all kinds of limitations when uses IPSec encryption and decryption, such as the QoS problem, the tunnel real-time problem and the multicast communication problem. Network encryption system based on GDOI protocol is gradually becoming the first choice. For the high security requirements of domestic network equipments, in use of the method that extends the private load properties in the standard RFC6407 framework, this paper completely designs a network password system that conforms to the standard GDOI protocol, supporting in extra for all kinds of custom algorithms at the same time using the national commercial code algorithms. The design and implementation of the whole system strictly follow the relevant algorithms and equipment safety requirements of the National Commercial Code Management Bureau.

Key words: GDOI Protocol, security, localization, encryption system

中图分类号: