論文使用權限 Thesis access permission:校內校外均不公開 not available
開放時間 Available:
校內 Campus:永不公開 not available
校外 Off-campus:永不公開 not available
博碩士論文 etd-0822106-121722 詳細資訊
Title page for etd-0822106-121722
論文名稱 Title |
IPsec在嵌入式系統上之效能評估 Performance Evaluation of IPsec on Embedded Systems |
||
系所名稱 Department |
|||
畢業學年期 Year, semester |
語文別 Language |
||
學位類別 Degree |
頁數 Number of pages |
74 |
|
研究生 Author |
|||
指導教授 Advisor |
|||
召集委員 Convenor |
|||
口試委員 Advisory Committee |
|||
口試日期 Date of Exam |
2006-06-22 |
繳交日期 Date of Submission |
2006-08-22 |
關鍵字 Keywords |
嵌入式系統 openswan, ipsec |
||
統計 Statistics |
本論文已被瀏覽 5667 次,被下載 0 次 The thesis/dissertation has been browsed 5667 times, has been downloaded 0 times. |
中文摘要 |
近幾年來,已經有愈來愈多的嵌入式系統裝置可以連接上網際網路,而嵌入式裝置的使用者可以從全球資訊網去獲得所需要的服務或是更新。雖然嵌入式裝置連接上網際網路為我們帶來極大的好處,然而,安全傳輸的要求卻可能會降低嵌入式裝置的效能,舉例來說,假如使用者從網際網路下載檔案到他們的嵌入式系統裝置的時候,為了達到安全傳輸的目的,其中下載封包必須作加密/驗證的處理,而付出的代價便是系統效能的降低。因此,在嵌入式系統上找到能夠兼顧安全性以及效率的方法是有必要的。 網路安全協定(IPsec)是藉由加密以及(或)驗證所有IP封包達到維護IP通訊安全的一種標準。雖然在IPv4我們能夠選擇用或是不用IPsec,不過在IPv6上,IPsec卻是不可或缺的。然而,在嵌入式系統上,IPsec並沒有比SSL/TLS更廣泛地被使用。 在本論文中,我們詳述如何將網路安全協定(IPsec)移植到一個具有嵌入式Linux核心但此核心並沒有支援IPsec的平台上。Openswan是IPsec在Linux作業系統上一個開放程式碼的實作,我們使用它在一台PC以及一個支援IPsec的嵌入式系統平台之間建構虛擬私人網路(VPN)通道並且利用IPsec所提供的數種加密/驗證演算法和服務作效能分析。 |
Abstract |
In recent years, more and more embedded devices are connected to the Internet. Users of embedded devices could obtain necessary services or updates from the World Wide Web. The benefits of having embedded devices connected to the Internet are tremendous; however, the requirement of secure transmission may slow down the performance of the embedded device. For example, if users download files to their own embedded devices from the Internet, the packets must be encrypted/authenticated for secure transmission, and the cost to pay is to slow down the performance of the system. Thus, it is necessary to find ways that can provide a secure connection while at the same time not slowing down the performance of the system. IPsec (Internet Protocol Security) is a standard for securing Internet Protocol (IP) communications by encrypting and/or authenticating all IP packets. Although IPsec is optional for IPv4, it is required for IPv6. However, IPsec is not wildly used on embedded systems compared to SSL/TLS. In this thesis, we describe the details of how we port IPsec to a platform running embedded Linux which does not support IPsec. Openswan is an open source implementation of IPsec for the Linux operating system. We use Openswan to set up a Virtual Private Network (VPN) tunnel between a PC and the embedded system platform and use various encryption/authentication algorithms and services provided by IPsec to do a performance analysis. |
目次 Table of Contents |
Acknowledgments iv List of Tables iii List of Figures iv List of Listings v Chapter 1 Introduction 1 1.1 Information Security 1 1.2 Virtual Private Networks 1 1.3 Embedded Linux System 2 1.4 Organization of the Thesis 2 Chapter 2 Development Environment 4 2.1 Testing Platforms 4 2.1.1 Evaluation Board 4 2.1.2 x86 Machine 5 2.2 Linux Kernel 5 Chapter 3 Openswan 7 3.1 Introduction 7 3.2 Version Problem 8 3.3 Porting Openswan 8 3.3.1 Environment Variables 8 3.3.2 Building Openswan Module 9 3.3.3 Problems and Solutions 11 3.3.4 Result 12 3.4 NAT and NAT-Traversal 12 3.4.1 Network Address Translator 13 3.4.2 NAT-Traversal 15 3.5 Openswan on x86 Machine 17 Chapter 4 IP Security 20 4.1 Overview 20 4.2 Porting IPsec 24 4.2.1 IPsec Commands 25 4.2.2 Essential Software 30 4.2.3 Added/Modified Files 37 4.2.4 Test 40 Chapter 5 Performance Evaluation 46 5.1 Testing Environment 46 5.2 Setting up VPN Connection 47 5.3 Experimental Results 50 5.4 Performance Analysis 51 5.4.1 AH and ESP 52 5.4.2 MD5 and SHA-1 55 5.4.3 Triple DES and AES 57 5.4.4 HTTP and FTP 58 Chapter 6 Conclusion and FutureWorks 61 |
參考文獻 References |
[1] What is a VPN? [Online]. Available: http://www.computernetworkinghelp.com/content/view/37/2/ [2] Create ARM920T-S3C2410 User’s Guide. Microtime Computer Inc., 2005. [3] Openswan. [Online]. Available: http://www.openswan.org [4] FreeS/WAN. [Online]. Available: http://www.freeswan.org [5] Network Address Translation. [Online]. Available: http://en.wikipedia.org/wiki/Network address translation [6] IPsec (NAT) Traversal Overview. [Online]. Available: http://www.microsoft.com/technet/community/columns/cableguy/cg0802.mspx [7] UPnP NAT Traversal FAQ. [Online]. Available: http://www.microsoft.com/technet/prodtechnol/winxppro/support/upnp01.mspx [8] IPsec. [Online]. Available: http://en.wikipedia.org/wiki/IPsec [9] S. Riley. Using ipsec for network protection. [Online]. Available: http://www.microsoft.com/technet/community/columns/secmgmt/sm121504.mspx [10] The Internet Key Exchange (IKE). [Online]. Available: http://www.ietf.org/rfc/rfc2409.txt [11] BUSYBOX. [Online]. Available: http://www.busybox.net [12] OpenSSL. [Online]. Available: http://www.openssl.org [13] Flex. [Online]. Available: http://www.gnu.org/software/flex [14] IPsec-Tools. [Online]. Available: http://ipsec-tools.sourceforge.net [15] ISC BIND. [Online]. Available: http://www.isc.org/index.pl?/sw/bind/ [16] The netfilter.org “iptables” project. [Online]. Available: http://www.netfilter.org/projects/iptables/index.html [17] The MD5 Message-Digest Algorithm. [Online]. Available: http://www.ietf.org/rfc/rfc1321.txt [18] US Secure Hash Algorithm 1 (SHA-1). [Online]. Available: http://www.ietf.org/rfc/rfc3174.txt [19] W. C. Barker, “Recommendation for the triple data encryption algorithm (TDEA) block cipher,” NIST Special Publication 800-67, pp. 800–67, May. 2004. [20] N. Ferguson, J. Kelsey, S. Lucks, B. Schneier, M. Stay, D. Wagner, and D. Whiting, “Improved cryptanalysis of rijndael,” Fast Software Encryption, 2000. [21] Hypertext Transfer Protocol—HTTP/1.1. [Online]. Available: http://tools.ietf.org/html/2616 [22] FILE TRANSFER PROTOCOL (FTP). [Online]. Available: http://www.ietf.org/rfc/rfc0959.txt [23] The Internet IP Security Domain of Interpretation for ISAKMP. [Online]. Available: http://www.ietf.org/rfc/rfc2407.txt |
電子全文 Fulltext |
本電子全文僅授權使用者為學術研究之目的,進行個人非營利性質之檢索、閱讀、列印。請遵守中華民國著作權法之相關規定,切勿任意重製、散佈、改作、轉貼、播送,以免觸法。 您的 IP(校外) 位址是 18.119.131.72 論文開放下載的時間是 校外不公開 Your IP address is 18.119.131.72 This thesis will be available to you on Indicate off-campus access is not available. |
紙本論文 Printed copies |
紙本論文的公開資訊在102學年度以後相對較為完整。如果需要查詢101學年度以前的紙本論文公開資訊,請聯繫圖資處紙本論文服務櫃台。如有不便之處敬請見諒。 開放時間 available 已公開 available |
QR Code |
國立中山大學 圖書與資訊處 │ 諮詢服務:2452 論文審查小組 │ 服務信箱 │ 系統開發維運:圖資處知識創新組
Office of Library and Information Services, National Sun Yat-sen University │ Contact Us : 2452 Thesis Format Review Team , Mail │ Development and operations : Knowledge Innovation Division, LIS