《電子技術(shù)應(yīng)用》
您所在的位置:首頁(yè) > 通信與網(wǎng)絡(luò) > 設(shè)計(jì)應(yīng)用 > 基于自組網(wǎng)的輕量化IPsec加密設(shè)計(jì)與實(shí)現(xiàn)
基于自組網(wǎng)的輕量化IPsec加密設(shè)計(jì)與實(shí)現(xiàn)
網(wǎng)絡(luò)安全與數(shù)據(jù)治理
張衛(wèi)敏1,焦運(yùn)良1,王碩2,鄭和芳2,張攀1
1.中電長(zhǎng)城圣非凡信息系統(tǒng)有限公司;2.中國(guó)電子信息產(chǎn)業(yè)集團(tuán)有限公司第六研究所
摘要: 針對(duì)無線自組網(wǎng)的安全傳輸需求,提出了一種基于輕量化IPsec加密的軟硬件設(shè)計(jì)方案。該方案以“CPU+算法FPGA+基帶波形FPGA”為核心構(gòu)建基礎(chǔ)硬件平臺(tái),通過設(shè)計(jì)輕量化“四次交互”密鑰協(xié)商協(xié)議,精簡(jiǎn)交互流程次數(shù)達(dá)33%,有效降低了流量開銷;軟件方面采用分層架構(gòu)實(shí)現(xiàn)傳輸業(yè)務(wù)管理、加解密處理、基帶波形處理、無線收發(fā)以及應(yīng)用管理等功能。經(jīng)測(cè)試驗(yàn)證,該設(shè)計(jì)在提供輕量化IPsec加解密情況下無線通信時(shí)延約16.71 ms,TCP無丟包傳輸速率可達(dá)23.28 Mbit/s。
中圖分類號(hào):TN918.4; TP309文獻(xiàn)標(biāo)識(shí)碼:ADOI:10.19358/j.issn.2097-1788.2025.06.002
引用格式:張衛(wèi)敏,焦運(yùn)良,王碩,等. 基于自組網(wǎng)的輕量化IPsec加密設(shè)計(jì)與實(shí)現(xiàn)[J].網(wǎng)絡(luò)安全與數(shù)據(jù)治理,2025,44(6):11-19.
Design and implementation of lightweight IPsec encryption based on wireless Ad hoc network
Zhang Weimin1,Jiao Yunliang1,Wang Shuo2,Zheng Hefang2,Zhang Pan1
1.CEC Great Wall Shengfeifan Information System Co.,Ltd.; 2.The 6th Research Institute of China Electronics Corporation
Abstract: n response to the security requirements of wireless Ad hoc networks, this paper proposes a software and hardware co-design scheme based on lightweight IPsec encryption. The scheme constructs a core hardware platform centered on a "CPU+Algorithm FPGA+Baseband Waveform FPGA" architecture. By designing a lightweight "four-round interaction" key negotiation protocol, the interaction process is streamlined by 33%, effectively reducing traffic overhead. On the software side, a layered architecture is adopted to implement functions such as transmission service management, encryption/decryption processing, baseband waveform processing, wireless transceiver operations, and application management. Test results verify that the design achieves a wireless communication latency of approximately 16.71 ms while providing lightweight IPsec encryption/decryption, with a TCP lossless transmission rate of up to 23.28 Mbit/s.
Key words : wireless Ad hoc network; IPsec; lightweight; key negotiation; secure encryption

引言

隨著無線通信技術(shù)的快速發(fā)展,無線自組網(wǎng)(Wireless Ad Hoc Networks, WANS)作為一種無需固定基礎(chǔ)設(shè)施、快速部署的無中心自組織網(wǎng)絡(luò)形態(tài),在城市復(fù)雜建筑、應(yīng)急救援、臨時(shí)網(wǎng)絡(luò)連接等領(lǐng)域得到了廣泛的應(yīng)用[1-3]。由于自組網(wǎng)無線信道的開放性,信息在無線信道中進(jìn)行傳輸時(shí)面臨著竊聽、篡改、偽造等多種安全威脅,如何保證無線通信的安全已成為無線自組網(wǎng)的研究重點(diǎn)[4-5]。

IPsec(Internet Protocol Security)協(xié)議作為一種端到端的加密和認(rèn)證機(jī)制,通過使用認(rèn)證頭(Authentication Header,AH)、封裝安全負(fù)載(Encapsulating Security Payload,ESP)、安全聯(lián)盟(Security Association,SA)以及互聯(lián)網(wǎng)密鑰交換(Internet Key Exchange,IKE)協(xié)議為IP層通信提供了數(shù)據(jù)完整性和機(jī)密性保障[6-7],該協(xié)議在傳統(tǒng)有線網(wǎng)絡(luò)環(huán)境中得到了廣泛應(yīng)用,但在無線自組網(wǎng)環(huán)境下由于其網(wǎng)絡(luò)動(dòng)態(tài)特性以及資源限制,直接部署傳統(tǒng)IPsec協(xié)議面臨著適應(yīng)性不足和性能下降等挑戰(zhàn)。為了解決上述難題,目前主流的解決方案有IPsec協(xié)議棧裁剪技術(shù)、IKE密鑰協(xié)商及SA優(yōu)化技術(shù)[8-10],但現(xiàn)有方法仍存在協(xié)議動(dòng)態(tài)適應(yīng)性不足、協(xié)商交互流程復(fù)雜、流量開銷較大以及動(dòng)態(tài)拓?fù)湎峦ㄐ艜r(shí)延高等問題。本文針對(duì)無線自組網(wǎng)的安全傳輸需求,提出了一種輕量化IPsec加密的無線自組網(wǎng)通信方案,通過設(shè)計(jì)輕量化密鑰協(xié)商協(xié)議提供IPsec加解密安全保護(hù)機(jī)制,最小化對(duì)無線自組網(wǎng)網(wǎng)絡(luò)性能的影響。


本文詳細(xì)內(nèi)容請(qǐng)下載:

http://ihrv.cn/resource/share/2000006575


作者信息:

張衛(wèi)敏1,焦運(yùn)良1,王碩2,鄭和芳2,張攀1

(1.中電長(zhǎng)城圣非凡信息系統(tǒng)有限公司,北京102209;

2.中國(guó)電子信息產(chǎn)業(yè)集團(tuán)有限公司第六研究所,北京100083)


Magazine.Subscription.jpg

此內(nèi)容為AET網(wǎng)站原創(chuàng),未經(jīng)授權(quán)禁止轉(zhuǎn)載。