畢業(yè)論文三級目錄及摘要和參考文獻

　　摘  要

　　無線網(wǎng)絡飛速發(fā)展,人們在充分享受各種無線接入網(wǎng)絡便利的同時，各種安全問題也逐漸暴露出來。由于ipsec 能夠提供較好的安全保護，能夠有效解決上述問題，應用范圍不斷擴大。在傳統(tǒng)的tcp協(xié)議中，假設丟包都是由網(wǎng)絡擁塞造成的，這不適用于錯誤丟包比擁塞丟包更容易發(fā)生的無線鏈路。此時，啟用擁塞控制機制，將導致tcp端到端的性能降低。而且現(xiàn)有的很多改進方案無法用于加密通信中,因為ipsec與tcp在無線網(wǎng)絡中的改進方案之間存在沖突。在無線通信網(wǎng)絡中，要保證通信的安全性和tcp協(xié)議的性能，就必須解決他們之間的沖突。而在在vpn系統(tǒng)的大規(guī)模應用中，由于其部署環(huán)境復雜,也面臨不同軟件在ndis內(nèi)核框架中的沖突和內(nèi)核模塊開發(fā),移植,維護困難等問題。

　　在對目前流行的基于windows平臺的vpn系統(tǒng)體系結構及其實現(xiàn)技術進行深入分析的基礎上，針對嵌入式終端的特點，提出了一種新的基于虛擬網(wǎng)卡的技術,詳細闡述了其原理和優(yōu)點。然后給出了在wince vpn系統(tǒng)中實現(xiàn)該技術的體系結構,能夠從根本上解決上述問題。

　　根據(jù)應用存在的性能問題,對現(xiàn)有的各種無線網(wǎng)絡下tcp性能改進機制與ipsec vpn的兼容性進行了詳細的分析,比較各種可能方案之間的優(yōu)點與缺點。在分析現(xiàn)有改進算法的基礎上，提出了一種適用于有線/無線混合網(wǎng)絡ipsec兼容的端到端的優(yōu)化機制。通過接收端數(shù)據(jù)包到達時間間隔的變化累積來判斷無線鏈路的狀況，用ack標記eln通知發(fā)送端，避免不必要的擁塞控制而導致性能下降。通過ns2仿真實驗, 并與tcp reno進行了性能對比。結果表明，該機制能有效提高tcp在無線移動場景下的網(wǎng)絡傳輸性能,同時和現(xiàn)有的安全機制也相兼容。關鍵詞：tcp ；vpn體系結構;虛擬網(wǎng)卡;有線無線混合網(wǎng)絡；性能評價；擁塞控制；端到端 

　　abstract

　　while wireless access technology has experienced a rapid growth in recently years.the people while fully are enjoying each kind wireless, a number of security concerns have been raised for wireless networks in general. tcp is originally designed only for wired network and assumes that any loss is due to congestion. however, it is different in wireless situation in that wireless errors are more likely to occur than congestion. such non-congestion packet loss,  when dealt with invoking a congestion control algorithm, resulting in degrade end-to-end performance. at the same time, many exist approach can not work when the encryption is used in the communication. so the security mechanism and tcp improving mechanism compatibility also is taken into considering of our works. but in the large-scale application of vpn system, because the deployment environment is complex, frequently can face the different software in ndis kernel frame conflict, simultaneously the kernel module development, the transplant, maintains question and so on difficulty.

　　this paper deeply analyses the popular architecture and implement technology based on windows vpn system structure, simultaneously aims at embed terminal characteristic, proposed one kind new based on virtual network card technology, in detail elaborated its principle and the merit. the produced system has realized this technical system structure in wince vpn, could fundamentally solve the above problem.

　　aiming at the performance problem of  vpn apply , this paper proposed a new end-to-end tcp performance improving mechanism, by using the interval movement cumulated of the packets received time on receiver, which can estimate the wireless link condition. then it marks the eln（explicit loss notification）bit to notify the sender and tcp could be modified so as to refrain from going into congestion avoidance. comparing the tcp reno and the modified tcp ,by simulations using ns2，the results show it achieves an great improvement over mobile wireless networks and can work together with current security mechanism.keywords：tcp ; virtual network card; wired-cum-wireless networks ; performance evaluation; congestion control end-to-end ; ipsec; vpn architecture

　　目  錄

　　學校代碼10487              密級 i

　　摘  要 i

　　abstract ii

　　目  錄 iv

　　1 緒  論 1

　　1.1 研究背景 1

　　1.2 國內(nèi)外研究現(xiàn)狀 3

　　1.3 主要研究內(nèi)容 6

　　2 無線網(wǎng)絡vpn解決方案 8

　　2.1 無線網(wǎng)絡tcp與vpn協(xié)議 8

　　2.2 無線tcp性能改進模型 15

　　2.3 tcp改進方案性能分析與ipsec兼容性解決方案 22

　　2.4 本章小結 24

　　3 基于虛擬網(wǎng)卡的vpn體系結構 25

　　3.1 基于windows vpn系統(tǒng)設計 25

　　3.2 新的vpn體系結構圖 28

　　3.3 虛擬網(wǎng)卡啟動流程 32

　　3.4 報文處理過程的分析 33

　　3.5 本章小結 34

　　4 新的無線tcp性能改進方案 36

　　4.1 ns2仿真工具的介紹 36

　　4.2 modified-tcp的定義 37

　　4.3 modified-tcp的設計思想 38

　　4.4 時間變化累計的計算 42

　　4.5 modified-tcp改進的實現(xiàn) 43

　　4.6 本章小結 45

　　5 vpn系統(tǒng)結構分析和性能評價 47

　　5.1 與傳統(tǒng)vpn體系結構的比較 47

　　5.2 tcp改進模型性能的評估標準 47

　　5.3 modified-tcp參數(shù)分析 48

　　5.4 modified-tcp性能分析 49

　　5.5 本章小結 52

　　6 總結與展望 54

　　6.1 總結 54

　　6.2 展望 55

　　致  謝 56

　　附錄1  攻讀學位期間發(fā)表論文目錄 60參考文獻 [1]. majstor, f. wlan security threats & solutions[c]. in lcn '03. . [2]. park, j.s.   dicoi, d., wlan security: current and future[j]. internet computing, . 7(5): p. 60 - 65. [3]. liang, c.z.h.f.h. a new authentication and key exchange protocol in wlan[c]. in itcc . . [4]. rfc2401, security architecture of the internet protocol[s], , ietf,*ietf 1998. [5]. 京京工作室, ipsec:新一代因特網(wǎng)安全標準. 1999, 北京: 機械工業(yè)出版社. [6]. alshamsi, a.   saito, t. a technical comparison of ipsec and ssl [c]. in aina . . [7]. 林闖單志廣任豐原, 計算機網(wǎng)絡的服務質量(qos). , 北京: 清華大學出版社. 4-9. [8]. h, b., s. s, and k.r. h, improving reliable transport and handoff performance in cellular wireless networks [j]. 1995. 1(4): p. 469-481. [9]. hui-min, l.y.y.m.z. improve tcp performance over wireless link[c]. in pimrc . .[10]. rfc1631, the ip network address translator (nat), , ietf,*ietf 1994.[11]. rfc2709, security model with tunnel-mode ipsec for nat domains[s], , ietf,*ietf 1999.[12]. rfc2341, cisco layer two forwarding (protocol) "l2f", in ietf1998.[13]. rfc2661, layer two tunneling protocol "l2tp", in ietf1999.[14]. rfc2153, the point-to-point protocol (ppp), , ietf,*ietf 1994.[15]. rfc2865, remote authentication dial in user service (radius), , ietf,*ietf .[16]. rfc1701, generic routing encapsulation (gre), , ietf,*ietf 1994.[17]. bakre, a.   badrinath, b.r. i-tcp: indirect tcp for mobile hosts[c]. in distributed computing systems, 1995., proceedings of the 15th international conference. 1995.[18]. bakre, a.v.   badrinath, b.r., implementation and performance evaluation of indirect tcp[j]. computers, 1997. 3(46): p. 260 - 278.[19]. i.rhee,n.balaguru,s seshan, a.g.n.r. mtcp:scalable tcp-like congest control for reliable multicast[c]. in infocom. 1999.[20]. t.goff,j. moronisk, d. s.phatak, a.v.g. freeze-tcp:a true end-to-end tcp enhancement mechanism for mobile environments[c]. in infocom. .[21]. 林華生，程時端, 移動自組織網(wǎng)絡中tcp性能優(yōu)化的研究. 計算機工程與應用, . 12(12).[22]. 符剛. 移動vpn解決方案. in 無線及移動通信委員會學術年會論文集. .[23]. g.   de blas, m.   patrono, l.   marra, p.   tomasicchio, g. an ipsec-aware tcp pep for integrated mobile satellite networks ciccarese[c]. in personal, indoor and mobile radio communications, . . italy: ieee international symposium on publication.[24]. 尤晉元史美林陳向群, windows操作系統(tǒng)原理. , 北京: 機械工業(yè)出版社.[25]. 陳向群王雷馬洪兵等編著, windows 系統(tǒng)分析及實驗教程. , 北京: 機械工業(yè)出版社.[26]. ding w, j.a. a a new explicit loss notification and acknowledgement for wireless tcp [c]. in pimrc . . san diego ca.[27]. stevens, w.r., tcp/ip詳解卷1. vol. 1. , 北京: 機械工業(yè)出版社.[28]. rfc2409, the internet key exchange(ike)[s], , ietf,*ietf 1998.[29]. rfc2402, ip authentication header [s], , ietf,*ietf 1998.[30]. rfc2406, ip encapsulation security payload (esp)[s], , ietf,*ietf 1998.[31]. kurose, j.f. and k.w. boss, 計算機網(wǎng)絡自頂向下方法與internet特色. , 北京: 機械工業(yè)出版社. 335-338 341-355.[32]. rfc2883, an extension to the selective acknowledgement (sack) option for tcp, , ietf,*ietf .[33]. ohzahata, s.   kimura, s.   ebihara, y.   kawashima, k. a queue management method for improving tcp performance in wireless environments[c]. in wcnc'. .[34]. omotayo, a.   williamson, c., multi-layer analysis of web browsing performance for wireless pdas[j]. local computer networks, : p. 660 - 667.[35]. min, x.w.z.l.j.s.y., bit-error identification for tcp performance improvement[c]. emerging technologies: frontiers of mobile and wireless communication, . 2(2): p. 561 - 566.[36]. shagdar, o.   shirazi, m.n.b.z. improving ecn-based tcp performance over wireless networks using a homogeneous implementation of ewln[c]. in ict . . kyoto, japan.[37]. 鄧曉衡陳志剛,張連明, tcp yuelu: 一種基于有線/無線混合網(wǎng)絡端到端的擁塞控制機制. 計算機學報, (8): p. 1342-1350.[38]. m. gerla, m. y. sanadidi, r.w., tcp westwood: bandwidth estimation for enhanced transport over wireless links. ucla computer science, .[39]. 江小丹,李宏,李晃等, 顯式丟失通告算法的實現(xiàn)及其性能分析. 計算機工程, . 29(18).[40]. chinta, m.   helal, a.   lee, c. ilc-tcp: an interlayer collaboration protocol for tcp performance improvement in mobile and wireless environments[c]. in wcnc . .[41]. zorzi, m. on the analytical computation of the interference statistics with applications to the performance evaluation of mobile radio systems[c]. in communications, ieee transactions. 1997.[42]. vacirca, f.   de vendictis, a.   baiocchi, a., optimal design of hybrid fec/arq schemes for tcp over wireless links with rayleigh fading[j]. mobile computing, . 5(4): p. 289 - 302.[43]. vacirca, f.   de vendictis, a.   todini, a.   baiocchi, a. on the effects of arq mechanisms on tcp performance in wireless environments[c]. in globecom '03. .[44]. haas, z.j.   agrawal, p. mobile-tcp: an asymmetric transport protocol design for mobile systems[c]. in icc 97. 1997.[45]. chan, m.c.   ramjee, r. improving tcp/ip performance over third generation wireless networks[c]. in infocom . .[46]. ratnam, k.   matta, i. wtcp: an efficient mechanism for improving tcp performance over wireless links[c]. in iscc '98. 1998.[47]. yizhou li   jacob, l. proactive-wtcp: an end-to-end mechanism to improve tcp performance over wireless links[c]. in lcn '03. .[48]. rfc2246, transport layer security version 1.0[s], in ietf1999.[49]. s, b. transport-friendly esp (or layer violations for fun and profit) [c] network distributed system security symp. in ndss′99. 1999. san diego ca.[50]. nash, a., 公鑰基礎設施（pki）—實現(xiàn)和管理電子安全. , 北京: 清華大學出版社.[51]. 武安河, windows /xp wdm設備驅動程序開發(fā). 第二版 ed. vol. 3-9. , 北京: 電子工業(yè)出版社.[52]. richter, j., windows核心編程. , 北京: 機械工業(yè)出版社. 190-226 397-410.[53]. 徐雷鳴龐博趙耀, ns與網(wǎng)絡模擬. , 北京: 人民郵電出版社. 3-9.[54]. 李之棠劉剛肖凌, 一種與ipsec兼容的基于有線無線混合網(wǎng)絡的tcp性能優(yōu)化機制. 小型微型計算機系統(tǒng), .[55]. rfc3561, ad hoc on-demand distance vector (aodv) routing, in ietf.[56]. wennstrom, a.   brunstrom, a.   rendon, j., impact of gprs buffering on tcp performance[j]. electronics letters, . 40(20): p. 1279 - 1281.[57]. j.padhye ,v.firoiu , d.towsley , j.k. modeling tcp throughput:a simple model and its empirical validation. in acm sigcomm'98. 1998.