• • 上一篇    下一篇

基于边界检测的IPSec VPN协议的一致性测试方法

王涛%胡爱群   

  • 基金资助:
    国家发改委信息安全专项

A Conformance Test Method of IPSec VPN Protocol based on Edge Detection

WANG Tao%HU Ai-qun   

  • About author:东南大学信息科学与工程学院,江苏南京,211189%东南大学信息安全研究中心,江苏南京,211189

摘要: 移动办公环境存在诸多安全威胁,为保证信息安全传输,通常采用移动VPN接入方案。文章探讨了一种针对移动智能终端的基于边界检测的IPSec VPN协议的一致性测试方法。该方法利用Hostapd搭建SoftAP,并通过调用libpcap函数库抓取IPSec VPN连接过程报文,采用基于协议会话状态的检测方法,根据协议会话状态的跳转,检测消息报文的格式与标准规范格式的一致性。测试结果表明,本方法可以智能的分析和识别非标准协议格式的IPSec VPN报文,而且实现简单,性能稳定。

Abstract: There are many security threats in the Mobile Ofifce network. To ensure the data transfer security, Mobile VPN access scheme is usually used. The paper discusses a protocol conformance test method of IPSec VPN based on edge detection for smart phone. This method implements SoftAP with Hostapd, and captures packets between the connection of IPSec VPN by calling the libpcap library. It proposes a detection method based on session state of protocol, and tests the consistency of messages format between messages and standard speciifcation according to the transition of session state. The test results show that this method has considerable intelligence. It can analyse and recognize the non-standard protocol format of IPSec VPN packets, and what’s more, it is implemented simply and has a stable performance.