GM/T 0023-2023 IPSec VPN 网关产品规范
GM/T 0023-2023 IPSec VPN gateway product specification
基本信息
发布历史
-
2014年02月
-
2023年12月
文前页预览
研制信息
- 起草单位:
- 中电科网络安全科技股份有限公司、四川大学、深信服科技股份有限公司、阿里云计算有限公司、鼎铉商用密码测评技术有限公司、格尔软件股份有限公司、无锡江南信息安全工程技术中心、兴唐通信科技有限公司、山东得安信息技术有限公司、华为技术有限公司、天融信科技集团股份有限公司、西安交大捷普网络科技有限公司、山东大学
- 起草人:
- 罗俊、龚勋、叶润国、张大江、邹家须、郑强、谭武征、李元正、徐明翼、徐强、王妮娜、马洪富、黄敏、孔凡玉
- 出版信息:
- 页数:20页 | 字数:33 千字 | 开本: 大16开
内容描述
ICS35.030
CCSL80
中华人民共和国密码行业标准
GM/T0023—2023
代替GM/T0023—2014
IPSecVPN网关产品规范
IPSecVPNgatewayproductspecification
2023⁃12⁃04发布2024⁃06⁃01实施
国家密码管理局发布
GM/T0023—2023
目次
前言··························································································································Ⅲ
1范围·······················································································································1
2规范性引用文件········································································································1
3术语和定义··············································································································1
4缩略语····················································································································1
5功能要求·················································································································2
5.1随机数生成········································································································2
5.2工作模式···········································································································2
5.3密钥交换···········································································································2
5.4安全报文封装·····································································································2
5.5NAT穿越··········································································································2
5.6鉴别方式···········································································································2
5.7IP协议版本支持··································································································2
5.8抗重放攻击········································································································2
5.9密钥更新···········································································································2
5.10包过滤·············································································································3
5.11热备份·············································································································3
5.12负载均衡··········································································································3
5.13对端探测··········································································································3
5.14网络适应性·······································································································3
5.15集群部署··········································································································3
5.16动态地址··········································································································3
6性能要求·················································································································3
6.1加解密吞吐率·····································································································3
6.2加解密时延········································································································3
6.3加解密丢包率·····································································································4
6.4每秒新建隧道数··································································································4
6.5最大并发隧道数··································································································4
7安全性要求··············································································································4
7.1密钥管理要求·····································································································4
7.2密码协议要求·····································································································4
7.3算法配用要求·····································································································5
Ⅰ
GM/T0023—2023
7.4密码部件调用接口要求·························································································5
7.5敏感参数管理要求·······························································································5
7.6硬件安全要求·····································································································5
7.7软件安全要求·····································································································5
8管理要求·················································································································5
8.1配置管理···········································································································5
8.2设备监控···········································································································6
8.3设备管理···········································································································7
8.4管理员要求········································································································7
8.5管理协议和接口··································································································8
9硬件要求·················································································································8
9.1外部接口···········································································································8
9.2密码部件···········································································································8
9.3随机数发生器·····································································································8
9.4环境适应性········································································································8
9.5电磁兼容性········································································································8
9.6可靠性··············································································································8
10检测方法···············································································································8
10.1检测说明··········································································································8
10.2外观和结构的检查······························································································9
10.3提交文档的检查·································································································9
10.4功能检测··········································································································9
10.5性能检测········································································································10
10.6安全性检测·····································································································11
10.7管理检测········································································································11
10.8硬件检测········································································································12
11判定规则··············································································································12
Ⅱ
GM/T0023—2023
前言
本文件按照GB/T1.1—2020《标准化工作导则第1部分:标准化文件的结构和起草规则》的规
定起草。
本文件代替GM/T0023—2014《IPSecVPN网关产品规范》。与GM/T0023—2014相比,除结构
调整和编辑性改动外,主要技术变化如下:
a)增加了GCM可鉴别加密机制作为对称算法的工作机制(见5.4和7.3);
b)增加了“热备份”“负载均衡”“对端探测”“网络适应性”“集群部署”“动态地址”的要求(见
5.11、5.12、5.13、5.14、5.15和5.16);
c)删除了“参数可配置能力要求”“过程保护”(见2014年版的5.6和5.7);
d)增加了“密码协议要求”“算法配用要求”“密码部件调用接口要求”“敏感参数管理要求”的要
求(见7.2、7.3、7.4和7.5);
e)将“管理功能要求”更改为“管理要求”,并对内容进行了更改:删除了“合规性验证”,将“参数
配置管理”更改为“配置管理”并增加了“配置数据管理”,将“远程监控管理”更改为“设备监
控”并删除了“参数查询”,将“日志管理”更改为“日志功能”并合并到“设备监控”,删除了“远
程管理”,增加了“管理协议和接口”,增加了远程配置管理、远程设备监控的协议和接口要求
(见第8章,2014年版的第5章);
f)将“检测要求”更改为“检测方法”,并按照新的章节结构和内容进行了相应更改(见第10章,
2014年版的第6章);
g)将“合格判定”更改为“判定规则”,并按照新的章节结构和内容进行了相应更改(见第11章,
2014年版的第7章)。
请注意本文件的某些内容可能涉及专利。本文件的发布机构不承担识别专利的责任。
本文件由密码行业标准化技术委员会提出并归口。
本文件起草单位:中电科网络安全科技股份有限公司、四川大学、深信服科技股份有限公司、阿里
云计算有限公司、鼎铉商用密码测评技术有限公司、格尔软件股份有限公司、无锡江南信息安全工程技
术中心、兴唐通信科技有限公司、山东得安信息技术有限公司、华为技术有限公司、天融信科技集团股
份有限公司、西安交大捷普网络科技有限公司、山东大学。
本文件主要起草人:罗俊、龚勋、叶润国、张大江、邹家须、郑强、谭武征、李元正、徐明翼、徐强、
王妮娜、马洪富、黄敏、孔凡玉。
本文件及其所代替文件的历次版本发布情况为:
——2014年首次发布为GM/T0023—2014;
——本次为第一次修订。
Ⅲ
GM/T0023—2023
IPSecVPN网关产品规范
1范围
本文件规定了IPSecVPN网关产品的功能要求、性能要求、安全性要求、管理要求、硬件要求、检
测方法和合格判定条件。
本文件适用于IPSecVPN网关产品的研制、使用和检测。
2规范性引用文件
下列文件中的内容通过文中的规范性引用而构成本文件必不可少的条款。其中,注日期的引用文
件,仅该日期对应的版本适用于本文件;不注日期的引用文件,其最新版本(包括所有的修改单)适用于
本文件。
GB/T9813.3计算机通用规范第3部分:服务器
GB/T15153.1远动设备及系统第2部分:工作条件第1篇:电源和电磁兼容性
GB/T15843.1信息技术安全技术实体鉴别第1部分:总则
GB/T15843.2信息技术安全技术实体鉴别第2部分:采用对称加密算法的机制
GB/T15843.3信息技术安全技术实体鉴别第3部分:采用数字签名技术的机制
GB/T15843.4信息技术安全技术实体鉴别第4部分:采用密码校验函数的机制
GB/T15843.5信息技术安全技术实体鉴别第5部分:使用零知识技术的机制
GB/T38636信息安全技术传输层密码协议(TLCP)
GM/T0005随机性检测规范
GM/T0016智能密码钥匙密码应用接口规范
GM/T0022—2023IPSecVPN技术规范
GM/T0028密码模块安全要求
GM/T0062密码产品随机数检测要求
GM/Z4001密码术语
3术语和定义
GM/Z4001界定的术语和定义适用于本文件。
4缩略语
下列缩略语适用于本文件。
AH:鉴别头(AuthenticationHeader)
CBC:密文分组链接(CipherBlockChaining)
DPD:对端探测(DeadPeerDetection)
ESP:封装安全载荷(EncapsulatingSecurityPayload)
GCM:Galois计数器模式(GaloisCounterMode)
1
推荐标准
- DB44/T 1115-2013 抗氯盐低热硅酸盐水泥 2013-04-08
- DB44/T 1107-2013 地理标志产品 吴厝淮山 2014-04-08
- DB44/T 1116-2013 普通预拌砂浆专用水泥 2013-04-08
- DB44/T 1137-2013 自动扶梯和自动人行道的超速与非操纵 逆转保护功能试验方法 2013-05-08
- DB44/T 1109-2013 生态景观林带作业设计技术规范 2013-04-08
- DB44/T 1114-2013 干邑白兰地品质鉴定技术规范 2013-04-08
- DB44/T 1110-2013 实木拼接板 2013-04-08
- DB44/T 1108-2013 石斑鱼种苗配合饲料 2013-04-08
- DB44/T 1111-2013 灰木莲育苗技术规程 2013-04-08
- DB44/T 256-2013 杉木无性系育苗技术规程 2013-04-08