?C???^?l?b?g???[?L???O?̕W???c?̂ł???IETF(Internet Engineering Task)?ɂ????āC遊雅堂 キャッシュ(Internet Protocol)???x???̈Í????@?\?Ƃ??ĕW????????Ă???̂??C?u遊雅堂 キャッシュsec(遊雅堂 キャッシュ Security)?v?ƌ????????ł??B
遊雅堂 キャッシュsec?́C?F??Í??̃v???g?R???C???????̃v???g?R???C?w?b?_?[?\???ȂǁC?????̃v???g?R???̂?????̂ł??B
遊雅堂 キャッシュsec?𗘗p????VPN?l?b?g???[?N?́C???łɃA?????J?ł̓L?????A?̈?Ƃ??Ĉ?ʓI?ɗ??p????Ă??܂??B
遊雅堂 キャッシュsec?̊J????1990?N??O??????n?܂?CRFC1825?`1829?ňꉞ?̕W????????Ă???܂??????C???ۂɂ͕??y???܂???ł????B???C???̌?C?č??????ԋƊE?̋ƊE?G?N?X?g???l?b?g?ł???ANX(Automotive Network Exchange)???\?z????ہC?Í??????K?{?ƂȂ?܂????B???̌v??Ɍ㉟??????C遊雅堂 キャッシュsec?̕W???????}?s?b?`?Ői?߂??܂????B
- AH(Authentication Hea遊雅堂 キャッシュr)
AH?ł?VPN?̒ʐM?????F???C?g???l?????O??????????v???g?R???ł??B
???ł?遊雅堂 キャッシュsec?ł?ESP?ł̔F?͋K?肳??Ă??Ȃ????????߈Í??ƔF???s???ꍇ?̓f?[?^?ɑ???AH,ESP??????K?p????K?v??????܂????B
- ESP(Encapsulation Security Payload)
?g???l?????O?ƈÍ?????????????v???g?R???ł??B
* ?f?[?^?̊??S??
* ???M???̔F??
* ???v???C?U???ی?
* ?@????
?܂??C?g???l?????[?h??ESP?̔F?؋@?\?𗘗p???邱?ƂŁCAH?̔F?Ɠ????̋@?\??????܂??B
IPsec(VPN)?ʐM???s?????߂ɁC?ʐM????i?s?A?j?Ƃ̊Ԃ?遊雅堂 キャッシュ(Security Association)?ƌĂ??_???I?ȃR?l?N?V???????m?????܂??B?s?A?????[?^?̏ꍇ?C??????Z?L?????e?B?Q?[?g?E?F?C(SGW)?ƌĂт܂??B
遊雅堂 キャッシュ??VPN?ʐM???s???g???t?B?b?N???Ɋm??????C?g???t?B?b?N???(selector)?ƁC?Í??A???S???Y???C?F?A???S???Y?????̃g???t?B?b?N?ɓK?p????Z?L?????e?B?????܂?ł??܂??B?]????遊雅堂 キャッシュ???m????????C???[?^??遊雅堂 キャッシュ?̏??Ɋ?Â???VPN?ʐM???????s???܂??B???????Ǘ??v???g?R?????g?p?????ꍇ?C?Ώۃp?P?b?g?f?[?^??M???_?@?Ɏ????I?Ƀs?A?ƃl?S?V?G?[?V???????s???Č??????????C遊雅堂 キャッシュ???m?????܂??B
- IKE?@遊雅堂 キャッシュ?̊m???i???????p?̃g???l???GPhase I?j
- VPN?ʐM????ꍇ?C????Ɠ????A???S???Y???ƌ??f?[?^??ݒ肷??K?v??????܂??B
- ?ݒ肵?????f?[?^(pre-s遊雅堂 キャッシュred key)????v?Z???????쐬????????肵?܂??B
- ????肵?????쐬????????ꍇ?CIKE?@遊雅堂 キャッシュ?iI遊雅堂 キャッシュKMP 遊雅堂 キャッシュ?j???m??????܂??B
- IKE?@遊雅堂 キャッシュ?͊m??????Ă???1???Ԑؒf????܂???B
- ???̌?C???쐬???IKE?@遊雅堂 キャッシュ??ŒʐM???邽?߂̌????쐬???܂??B
- IPsec?@遊雅堂 キャッシュ?̊m???i?f?[?^?ʐM?p?̃g???l???GPhase II?j
- VPN?ΏۂƂȂ?f?[?^??????????ƁCIPsec 遊雅堂 キャッシュ ???m???????邽?߂̃l?S???s???܂??B
- ?????ł́CIKE 遊雅堂 キャッシュ ?ō쐬????????p???܂??B
- ????Ɠ????F?A???S???Y???ƌ??ł???CIPsec 遊雅堂 キャッシュ???m??????܂??B
- ???̌?CIPsec 遊雅堂 キャッシュ??ŒʐM???邽?߂̌????쐬???܂??B
- IPsec 遊雅堂 キャッシュ ?́C?????莞?Ԃŏ??ł??܂??B
- ?Í????ʐM
- ?Í????ΏۂƂȂ?f?[?^??????????ƁC???̃f?[?^???Í??????܂??B
- ?Í??A???S???Y????IPsec 遊雅堂 キャッシュ ?ō쐬????????p???C?Í?/?????????܂??B
- ?Í??????ꂽ?f?[?^?́CIPsec 遊雅堂 キャッシュ??ŒʐM????܂??B
- IKE(internet key exc遊雅堂 キャッシュnge)
IPsec?ŗp????C???^?[?l?b?g?W???̌??????v???g?R???ł??BI遊雅堂 キャッシュKMP(Internet Security Association and Key Management Protocol)?Ɋ?Â??āC???[?h?ƌĂ??e?????????@???K?肵??Oakley???g?p????v???g?R???ł??B
?ȉ??̓??샂?[?h??????܂??B ?e?t?F?[?Y?ɂ????āC?????ꂩ?̓??샂?[?h?ŏ????????s???܂??B
P遊雅堂 キャッシュse I
- Main Mo遊雅堂 キャッシュ
Main Mode?ɂ?4?̔F?ؕ?????????܂????C?????ł? pre-s遊雅堂 キャッシュred key?𗘗p????ꍇ????????܂??B
|
|
Initiator |
?@ |
|
?@ |
Respon遊雅堂 キャッシュr |
|
----------------- |
|
|
|
------------------ |
| (1) |
HDR, 遊雅堂 キャッシュ |
|
--> |
|
|
| (2) |
|
|
<-- |
|
HDR, 遊雅堂 キャッシュ |
| (3) |
HDR, 遊雅堂 キャッシュ, NONCE |
|
--> |
|
|
| (4) |
|
|
<-- |
|
HDR, 遊雅堂 キャッシュ, NONCE |
| (5) |
HDR*, IDii, 遊雅堂 キャッシュSH_I |
|
--> |
|
|
| (6) |
|
|
<-- |
|
HDR*, IDir, 遊雅堂 キャッシュSH_R |
(1)?C?j?V?G?[?^?i?????????n?߂悤?Ƃ??鑤?j?́C?ΏۂƂȂ?f?[?^?̕ی?ɕK?v?ȓK?ȃA???S???Y??(遊雅堂 キャッシュ)?̒?Ă????܂??B
(2)???X?|???_?i???????j?͂??̒?Ă̒?????K?Ȃ??̂?I?????܂??B
(3)?`(4)?C?j?V?G?[?^?ƃ??X?|???_?́C???L?閧?l?????邽?߂Ɏg?p???錮???ƁC???삵?Ă??邱?Ƃ?ۏ????v???C?A?^?b?N?????邽?߂Ɏg?p???郉???_??????Diffie-Hellman?̕??@?ɏ]???Č??????܂??B
(5)?C?j?V?G?[?^?ƃ??X?|???_?́C?F?؏??????????CMain Mo遊雅堂 キャッシュ ???I???܂??B
- Aggressive Mo遊雅堂 キャッシュ
Main Mode ?Ɠ??????C?F???ꂽ??????Diffie-Hellman???????琶?????܂??BAggressive Mode?ł́CIDii?ɂ???? pre-shared key ?̎??ʂ??\?ƂȂ?C?C?j?V?G?[?^????遊雅堂 キャッシュ?A?h???X?????I?Ɍ??܂?悤?ȁC?_?C?????A?b?v?ڑ??ŗ??p???邱?Ƃ??ł??܂??B
|
Initiator |
?@ |
|
?@ |
Respon遊雅堂 キャッシュr |
| ----------------- |
|
|
|
------------------------ |
| HDR, 遊雅堂 キャッシュ,KE,Ni,IDii |
|
--> |
|
|
|
|
<-- |
|
HDR, 遊雅堂 キャッシュ,KE,Nr,IDir,HASH_R |
| HDR, 遊雅堂 キャッシュSH_I |
|
--> |
|
|
P遊雅堂 キャッシュse II
- Quick Mo遊雅堂 キャッシュ
?N?C?b?N???[?h?́CPhaseI?Ō???????Diffie Hellman?̒l?????t???b?V?????ė??p???܂??BQuick Mode?Ō???????郁?b?Z?[?W ?͂??ׂ?PhaseI?ō??ꂽ遊雅堂 キャッシュ?ɂ???ĈÍ???????Ă??܂??B
|
Initiator |
?@ |
|
?@ |
Respon遊雅堂 キャッシュr |
| ----------------- |
|
|
|
------------------ |
HDR*, HASH(1),遊雅堂 キャッシュ,Ni
[,遊雅堂 キャッシュ][,IDci,IDcr] |
|
--> |
|
|
|
|
<--
|
|
HDR*,HASH(2),遊雅堂 キャッシュ,Nr
[,遊雅堂 キャッシュ][,IDci,IDcr] |
| HDR*, 遊雅堂 キャッシュSH(3) |
|
--> |
|
|
PFS(Perfect Forward Secrecy)???s???ꍇ?́C?C?j?V?G?[?^?i?????????n?߂悤?Ƃ??鑤?j??IPsec?ŗ??p???邽?߂?遊雅堂 キャッシュ?̒?Ă? Diffie-Hellman???J?l?iKey Exchange ?y?C???[?h?j?????X?|???_?i???????j?ɑ??M???܂??B ???X?|???_?i???????j?́C遊雅堂 キャッシュ?̒?Ă???ЂƂ?I?ԂƂƂ??ɁCDiffie-Hellman???L?閧?l?????߃C?j?V?G?[?^?ɑ??M???܂??B ???҂͌????v?Z???C???L?????擾???܂??B?Ō?ɃC?j?V?G?[?^?́C?F?؏??????X?|???_?ɑ??M???C???X?|???_?????̓??e???m?F???? Quick Mode ???I?????܂??B
PFS???s??Ȃ??ꍇ?́C遊雅堂 キャッシュ?̊m???܂ł̎??Ԃ͒Z???ł????C?Z?L?????e?B?͒Ⴍ?Ȃ?܂??B
- 遊雅堂 キャッシュS(Data Encryption Standard)
??ԍL?????p????Ă???????ł??B
?č??????ȕW???ǂ?1973?N?Ɍ??債?CIBM???̗p???????̂ł??B遊雅堂 キャッシュsec?̈Í??????̕W???Ƃ??č̗p????Ă??܂??B
- 3DES(Tr遊雅堂 キャッシュle Data Encryption Standard)
遊雅堂 キャッシュS?̈Í???????3???čs???܂??B???̂??߁C???x?ȈÍ????????邱?Ƃ??ł??܂??B???p???Ǖs?\?ƌ????Ă??܂????C?????㏈???????Ȃ?d???Ȃ?܂??B
?Í????Z?p?́C???Ƃ??ƌR???ړI?ō??ꂽ???߁C?č?????̗A?o?K????????Ă??܂??B
- MD5(Mes遊雅堂 キャッシュge Digest Five)
?Í??A???S???Y???̈?ŁC?A???S???Y???̊Ȍ????C???S???C???x???d?????Ă??܂??B 128?r?b?g?̌Œ蒷?????T?|?[?g?B128bits?̔F?ؗl?f?[?^???B
- S遊雅堂 キャッシュ-1(Secure 遊雅堂 キャッシュsh Algorithm)
MD5?Ƃقړ????A???S???Y???ł??B?????S???ɗD??܂????CMD5??菈?????d???Ȃ?܂??B 160?r?b?g?̌Œ蒷?????T?|?[?g?B160bits?̔F?ؗl?f?[?^???B
|
