Tunnel-mode ESP (electronic stability program) hardware encapsulating device on basis of IPSEC (internet protocol security) protocols

Abstract

The invention discloses a tunnel-mode ESP (electronic stability program) hardware encapsulating device on the basis of IPSEC (internet protocol security) protocols, and belongs to the field of network data security. The tunnel-mode ESP hardware encapsulating device comprises a plurality of tunnel-mode ESP encapsulating units. The tunnel-mode ESP encapsulating units are connected with one another by buses and work in ping-pong modes, and each tunnel-type ESP encapsulating unit comprises a data analysis module, a group of encryption modules, an IPV4 (internet protocol version 4) header regrouping module, an IPV6 (internet protocol version 6) regrouping module, a data temporary storage module, a data assembling module, an authentication module and an IP (internet protocol) header checksum module. Compared with the prior art, the tunnel-mode ESP hardware encapsulating device has the advantages that data packets to be encapsulated are segmented, formats of each segment of data are changed, accordingly, start bits or length verification fields are added to the data packets, and the data can be safely and efficiently encapsulated; a plurality of encapsulating modules are mounted, so that the ping-pong operation modes can be implemented, and the encapsulating speeds further can be increased.

Description

technical field [0001] The invention relates to the field of network data security, in particular to an IPSEC protocol-based tunnel mode ESP hardware encapsulation device. Background technique [0002] With the development of computer network technology, we use network technology to work and live more and more quickly and conveniently. Today's society is inseparable from the network, but the subsequent network security issues have to arouse the attention of the society. In recent years , network security issues are becoming more and more prominent and diversified. Hackers use the network to intercept data from companies and governments, causing huge losses to companies and governments and threatening the security of personal information. In order to improve the security of network information transmission, the Internet Engineering Task Force (IETF) proposed the IPSEC (IP Security) protocol for the network layer in 1988 to make up for the shortcomings of IP data packets that ...

AI Technical Summary

Problems solved by technology

In the process of implementing the IPSEC protocol, the factor that affects its implementation speed is the encapsulation speed of IPSEC data packets. At present, most of the market uses software to encapsulate IPSEC data packets, and the implementation speed is relatively slow, which seriously affects the transmission speed of IPSEC data packet encapsulation. Therefore, It is necessary to provide a hardware-based IPSEC protocol to encapsulate data packets and optimize the hardware transmission mode, which can greatly increase the speed on the basis of software, and at the same time make data transmission more secure

[0004] At present, the implementation scenarios of the IPSEC protocol can be roughly divided into three categories: 1. Site to Site (site to site or network management to network management) 2. End to End (end to end or PC to PC) 3. End to Site (end to site Or PC to gateway), and now there are a large number of PCs under each subnet, every time the IPSEC protocol in End to End mode is implemented, it will be implemented once on the corresponding PC, which consumes too much time, so it is implemented in Site to Site mode IPSEC protocol can increase the corresponding transmission speed

Images