Design and Implementation of Secure Access Device Based on Guomi Algorithm

doi:10.3969/j.issn.1671-1122.2016.11.004

Abstract

Abstract:

In order to solve the security access problem of mobile terminal in E-government system, this paper designs a security access device for mobile terminal. The device is based on IPSec VPN technology, mainly to achieve the establishment of communication tunnel, the two sides’ identity authentication, protect the confidentiality and integrity of data and so on. The implementation of the system is based on the redevelopment of Strongswan software framework to complete the function of each module. At the same time, as the core of the security design, the cryptographic algorithm has been unable to meet the information security requirements. And Guomi algorithm becomes a necessary requirement of the equipment. Strongswan only provides the international common algorithm, so it is necessary to use the hardware encryption card to realize the equipment to the secret algorithm support. The algorithm of Strongswan and the strategy library are modified to register the state secret algorithm into Strongswan. At the same time, the design of the module is improved to realize a secure access device based on the national secret algorithm. At last, this paper establishment of environment to verify the system function and availability.

Key words: IPSec VPN, e-government system, Guomi algorithm, hardware encryption card

CLC Number:

TP391

Zhaobin LI, Dandan LIU, Xin HUANG, Hao CAO. Design and Implementation of Secure Access Device Based on Guomi Algorithm[J]. Netinfo Security, 2016, 16(11): 19-27.

Figures/Tables 16

References 16

[1]	GM/T 0022-2014中华人民共和国密码行业标准:IPSec VPN技术规范[S]. 北京:中国标准出版社,2014.
[2]	王挺,吕述望. 商用密码发展现状、动态和启示[J]. 中国金融电脑,2000(6):65-76.
[3]	FRAHIM J, HUANG Qiang.SSL与远程接入VPN[M]. 王喆,罗进文,白帆,译. 北京:人民邮电出版社,2009.
[4]	王涛,胡爱群. 基于边界检测的IPSec VPN协议的一致性测试方法[J]. 信息网络安全,2014(2):7-11.
[5]	KENT S, ATKINSON R. RFC4303: IP Encapsulating Security Payload(ESP)[EB/OL]. , 2016-6-12.
[6]	Kent S. RFC4302: IP Authentication Header(AH)[EB/OL]. , 2016-6-12.
[7]	SMYSLOV V. RFC5996: Internet Key Exchange Protocol Version 2 (IKEv2)[EB/OL]. , 2016-9-5.
[8]	武传坤. 身份证件的安全要求和可使用的密码学技术[J]. 信息网络安全,2015(5):21-27.
[9]	李岩,贾晋康,危婷,等. IKEv2的安全性和移动性分析[J]. 科技信息,2006(11):24-25.
[10]	Eronen P. RFC4555: IKEv2 Mobility and Multihoming Protocol (MOBIKE)[EB/OL]. , 2006-6-1.
[11]	曹宇,祝跃飞,李勤,等. IKEv2实现方案研究[J].计算机应用研究,2005,22(2):74-76.
[12]	赵洋,岳峰,熊虎,等. 一种强指定验证者环签名和签密体制[J]. 信息网络安全,2015(10):8-13.
[13]	GM/T 0024-2014中华人民共和国密码行业标准:SSL VPN技术规范[S]北京:中国标准出版社,2014.
[14]	胡月振. IPSec VPN中硬件加密卡的应用研究[J]. 信息技术,2011(9):153.
[15]	李远,周卫华,单旭. 一种电路域加密通信方案[J]. 信息网络安全,2015(6):26-32.
[16]	张朝东,徐明伟. 密钥交换协议IKEv2的分析与改进[J]. 清华大学学报:自然科学版,2006,46(7):1274-1277.