IPsec/VPN security policy engineering: Automatic generation and conflict detection.

摘要

IPsec is a useful IP layer security protocol which can provide authentication and encryption for end-to-end traffic flow, but configuring IPsec VPN tunnels is notoriously complicated because it has so many options (key exchange, ciphers, authentication etc) to configure. Thus the ultimate solutions to the security requirements are often prone to errors, let alone that dynamic routing changes can also cause troubles when interacting with existing IPsec tunnels. One minor configuration mistake or one subtle change (e.g. in routing) can cause insecure message transmission or even packet looping.; Therefore, in this dissertation, we first propose a network framework, BANDS, to provide an infrastructure where each domain has a requirement server to correctly handle inter-domain security requirements and policies. It provides a distributed architecture and a negotiation protocol for security policy management across domains.; We also extend the work to automatically, correctly and efficiently generate security policies based on requirements for a linear topology network using the Ordered-Split algorithm, as well as the improved version of the original algorithm (Dynamic Ordered-Split algorithm). They both provide solutions with minimum number of tunnels, while the latter handles better when new requirements come.; Our experiment results acquired during DETER emulations show how interactions between tunnels and routing dynamics can cause serious security problem, so an efficient algorithm to detect security conflicts and tunnel looping that occur among security policies and routing dynamics is also proposed and analyzed to conclude this dissertation.