Design of trusted authentication-enabled mobile IPSec VPN system

The mobile VPN based on IPSec is a practical scheme for mobile terminals to access remote information systems.However,the identity authentication of IPSec does not consider the integrity and creditability of the mobile terminals.It leads to the terminal security leakage and brings potential dangers to the accessed system and information.To this problem,a mobile IPSec VPN system supporting trusted authentication is presented with its configuration and key design issues.The system implements not only the security functions of common IPSec VPNs,but also following functions as multi-factor authentication with trusted attestation,dynamic access control based on trust value,etc.Then,the implementation of a prototype as well as its performance test and analysis is presented to prove it can ensure terminal's trusted access,data secure transmission,and accessed network resources/services availability and manageability.