关键词: IPSec VPN, 电子政务系统, 国密算法, 硬件密码卡

Abstract:

In order to solve the security access problem of mobile terminal in E-government system, this paper designs a security access device for mobile terminal. The device is based on IPSec VPN technology, mainly to achieve the establishment of communication tunnel, the two sides’ identity authentication, protect the confidentiality and integrity of data and so on. The implementation of the system is based on the redevelopment of Strongswan software framework to complete the function of each module. At the same time, as the core of the security design, the cryptographic algorithm has been unable to meet the information security requirements. And Guomi algorithm becomes a necessary requirement of the equipment. Strongswan only provides the international common algorithm, so it is necessary to use the hardware encryption card to realize the equipment to the secret algorithm support. The algorithm of Strongswan and the strategy library are modified to register the state secret algorithm into Strongswan. At the same time, the design of the module is improved to realize a secure access device based on the national secret algorithm. At last, this paper establishment of environment to verify the system function and availability.

Key words: IPSec VPN, e-government system, Guomi algorithm, hardware encryption card