论文标题:SSL VPN性能与安全性的分析及改进
Analysis and Improvement of Performance and Security on SSL VPN
论文作者
论文导师 孙传林,论文学位 硕士,论文专业 计算机系统结构
论文单位 华中科技大学,点击次数 120,论文页数 70页File Size972K
2006-05-01论文网 http://www.lw23.com/lunwen_9101752/
Secure Socket Layer ;;Virtual Private Network ;;Load balance
SSL VPN技术降低了企业远程存取的费用,它通过基于WEB应用的安全加密通讯SSL协议,指定了在应用层协议和TCP/IP协议之间进行数据交换,为TCP/IP连接提供数据加密、服务器认证以及可选的客户端认证。与传统的VPN解决方案相比较,SSL VPN使用简单、维护方便,并且不需要更改现有的网络结构。 详细分析了现有系统服务器的性能问题和客户端的安全性问题,并针对这些问题提出了改进意见和建议。系统的设计目标是通过SSL协议及代理服务为终端用户提供HTTP、客户端/服务器以及共享的文件资源的访问认证和传输安全,一方面采用负载均衡技术和多个SSL VPN服务器满足大量客户端的并发访问需求,另一方面致力于提高终端用户的安全性。 实现中结合了SSL的加密特性和细粒度的访问控制机制,引入了负载均衡代理服务器实现动态负载均衡,通过负载均衡代理服务器和多个SSL VPN服务器之间的通信传递用于裁决算法的各个参数。首先由SSL VPN服务器定时地统计主机的性能参数,然后将这些信息发送给负载均衡代理服务器;收到信息后,由负载均衡代理服务器对这些性能参数进行分析、比较,最终选定当前负载最轻的SSL VPN代理服务器。在下个循环周期,负载均衡代理服务器将用户的访问请求分发到当前负载最轻的SSL VPN服务器上,从而提高了整个系统的负载性能。同时,改进的SSL VPN通过支持用户名+密码+证书的方式提供了客户端与服务器的双向认证用于确保客户端的合法性,并且及时删除了客户端的残留信息。从这两个方面完善了客户端的身份验证方式,弥补了安全方面的缺陷,保障了客户端的安全性。
SSL VPN has become a primary technology which greatly reduces the cost of remote access.Based on secure encrpytion tachniques with SSL protocol,SSL VPN designates the application protocols such as HTTP,Telnet and FTP,and exchanges data between itself and TCP/IP protocol.Except from these,SSL VPN also provides data encryption,server authentication and selective client authentication.Generally,SSL VPN is applied to set up a proprietary tunnel between company headquarters and employees in business.Compared with the traditional VPN solution,SSL VPN can be easily achieved. Based on the existing SSL VPN, we analyze the secure performance of client and efficient performance of server. The kernel of this article is to give the solutions of improved SSL VPN around the two aspects, offering access authorization and secure transaction for end users" HTTP, client/server applications and file sharing, achieving high performance in huge concurrency access condition by using load balance technology in multiple SSL VPN servers and secure clients. The improved SSL VPN introduces load balancing proxy server and accomplishes dynamic load balance,which distributes clients’request to low balancing server to lighten the load balance of SSL VPN server and enhance the output of the whole system.We designes function interface to communicate between load balancing proxy server and SSL VPN servers.When SSL VPN servers collect performance information timely and transfer to load balancing proxy server which analyzes,compares and selects the best suitable SSL VPN proxy and transmits packets to it. On client, improved SSL VPN affords a method of name+password+certificate to ensure the validity of client and clears local track information to guarantee the security of client.
|
