高性能邮件系统Web-Mail安全技术的研究与实现
|
摘要
当前,有两种应用主宰着国际互联网:Web和电子邮件。Web-Mail则结合了两者的优点,能够以美观友好的Web用户界面为人们提供便捷的电子邮件服务。随着互联网日益融入人们的日常生活,网络信息安全显得愈发重要。因此如何解决好Web-Mail的安全性问题,自然成为一项有价值的研究课题。
Web-Mail的安全涉及到多个方面,包括;用户认证安全、邮件传输安全、邮件加密标准选择、密钥管理、Web通信安全等。本文首先分析了Web-Mail的安全目标和安全风险,然后通过研究国际上几种通用的信息安全体系结构标准,建立了Web-Mail安全模型。在此基础上,细致地分类研究了当前流行的信息安全技术,逐步形成和提出了自己的Web-Mail安全设计方案。
本文基于Linux系统平台,采用PHP语言编写实现了一个OpenPGP加密接口函数库和十余个Web-Mail安全模块,解决了加密接口库实现、安全邮件格式处理、用户密钥管理等几项技术难题,成功完成了Web-Mail安全子系统的程序编制。
文中接下来对Web-Mail安全子系统进行了一系列功能测试,结果表明系统运行正常,具有自己鲜明的技术特点,达到了实用的水平。
文中最后介绍了国内外几种典型的安全Web-Mail系统,与它们进行了综合比较,并给出了进一步的研究方向。
At present two applications are in charge of Internet: Web and Email. Web-Mail integrates both advantages. It can provide convenient Email services with beautiful and friendly Web user interface. By the entering of Internet into people's daily life the network information security shows more and more important gradually. Therefore how to solve the problem of Web-Mail security naturally becomes a valuable research work.
The security of Web-Mail comes down to many aspects which include the security of authentication, the security of Email transport, the selection of Email encryption standards, the management of cipher keys, the security of Web communication, and so on. The article first analyses the security goals and risks of Web-Mail. And through the research of the several international common information security architecture standards the Web-Mail security model is established. On the basis of the security model many present information security technologies in terms of different categories are studied carefully. Eventually the Web-Mail security design is brought forward.
The PHP language is used to realize an OpenPGP encryption interface functions library and over ten security program modules. After overcoming several technical difficulties that include the realization of the encryption interface library, the process of secure Email formats, the management of users' cipher keys, the programming of the Web-Mail security subsystem is completed successfully.
Then a series of function tests are taken whose result prove that the system works well and have its own particular technical characteristics. These tests show that the system has reached a practical level.
At last some typical secure Web-Mail systems in the world are introduced and the compositive comparisons with them are taken. Some future directions are also presented.
Web-Mail的安全涉及到多个方面,包括;用户认证安全、邮件传输安全、邮件加密标准选择、密钥管理、Web通信安全等。本文首先分析了Web-Mail的安全目标和安全风险,然后通过研究国际上几种通用的信息安全体系结构标准,建立了Web-Mail安全模型。在此基础上,细致地分类研究了当前流行的信息安全技术,逐步形成和提出了自己的Web-Mail安全设计方案。
本文基于Linux系统平台,采用PHP语言编写实现了一个OpenPGP加密接口函数库和十余个Web-Mail安全模块,解决了加密接口库实现、安全邮件格式处理、用户密钥管理等几项技术难题,成功完成了Web-Mail安全子系统的程序编制。
文中接下来对Web-Mail安全子系统进行了一系列功能测试,结果表明系统运行正常,具有自己鲜明的技术特点,达到了实用的水平。
文中最后介绍了国内外几种典型的安全Web-Mail系统,与它们进行了综合比较,并给出了进一步的研究方向。
At present two applications are in charge of Internet: Web and Email. Web-Mail integrates both advantages. It can provide convenient Email services with beautiful and friendly Web user interface. By the entering of Internet into people's daily life the network information security shows more and more important gradually. Therefore how to solve the problem of Web-Mail security naturally becomes a valuable research work.
The security of Web-Mail comes down to many aspects which include the security of authentication, the security of Email transport, the selection of Email encryption standards, the management of cipher keys, the security of Web communication, and so on. The article first analyses the security goals and risks of Web-Mail. And through the research of the several international common information security architecture standards the Web-Mail security model is established. On the basis of the security model many present information security technologies in terms of different categories are studied carefully. Eventually the Web-Mail security design is brought forward.
The PHP language is used to realize an OpenPGP encryption interface functions library and over ten security program modules. After overcoming several technical difficulties that include the realization of the encryption interface library, the process of secure Email formats, the management of users' cipher keys, the programming of the Web-Mail security subsystem is completed successfully.
Then a series of function tests are taken whose result prove that the system works well and have its own particular technical characteristics. These tests show that the system has reached a practical level.
At last some typical secure Web-Mail systems in the world are introduced and the compositive comparisons with them are taken. Some future directions are also presented.
引文
[1] Kevin Johnson著,科欣翻译组 译.Internet Email协议开发指南.机械工业出版社,2000.6.
[2] 王育民,刘建伟 编著.通信网的安全——理论与技术西安电子科技大学出版社,1999.4.
[3] Carlisle Adams,Steve Lloyd著,冯登国 等译.公开密钥基础设施——概念、标准和实施.人民邮电出版社,2001.1.
[4] 王锡林,郭庆平,程胜利 编著.计算机安全.人民邮电出版社,1995.1.
[5] 石文昌,孙玉芳.信息安全国际标准CC的结构模型分析.计算机科学,2001.1.
[6] 胡俊.从CDSA看安全体系架构.IBM:developerworks中国网站.2002.4.
[7] Seth T.Ross著,前导工作室 译.UNIX系统安全工具.机械工业出版社,2000.4.
[8] Mohammed J. Kabir著,刘洪勋 王晓东,陈晓燕,赵振国 等译.Apache服务器实用大全.中国水利水电出版社,1999.7.
[9] 齐治昌,谭庆平,宁洪 编著.软件工程.高等教育出版社,1997.7.
[10] Jess Garms, Daniel Somerfield著,庞南,管和昌,陈立志 等译.Java安全性编程指南.电子工业出版社,2002.1.
[11] IETF Network Working Group. Security Multiparts for MIME: Multipart/Signed and Multipart/Encrypted. RFC 1847, October 1995.
[12] IETF Network Working Group. OpenPGP Message Format. RFC2440, November 1998.
[13] IETF Network Working Group. MIME Security with OpenPGP. RFC 3156, August 2001.
[14] IETF Network Working Group. Cryptographic Message Syntax. RFC2630, June 1999.
[15] IETF Network Working Group. Diffie-Hellman Key Agreement Method. RFC2631, June 1999.
[16] IETF Network Working Group. S/MIME Version 3 Certificate Handling. RFC2632, June 1999.
[17] IETF Network Working Group. S/MIME Version 3 Message Specification. RFC2633, June 1999.
[18] IETF Network Working Group. Enhanced Security Services for S/MIME. RFC2634, June 1999.
[19] http://www.openpgp.org [EB/OL].
[20] http://www.imc.org/smime-pgpmime.html [EB/OL].
[21] IETF Network Working Group. Report of the IAB Security Architecture Workshop. RFC2316, April 1998.
[22] http://it. rising, com. cn/safety/safetyschool/safetylesson/1207wlaqsjsx. htm [EB/OL].
[23] ISO/IEC. Common Criteria for Information Technology Security Evaluation( CC 2. 1 ). ISO/IEC 15408:1999.
[24] http://www.hi2star.com/scf.htm [EB/OL].
[25] http://it. rising, com. cn/newSite/Channels/Safety/SysSafety/Safe_Unix/200210/31-153501989. htm [EB/OL].
[26] http://it. rising, com. cn/newSite/Channels/Safety/SysSafety/Safe_Database/200210/ 31-153601959. htm [EB/OL].
[27] http://www. e-works. net. cn/ewkArticles/Category47/Article7811. htm [EB/OL].
[28] http://www.fanqiang.com/a2/b1/20010514/114556. html [EB/OL].
[29] http://csrc.nist.gov/cc/ccv20/ccv21ist.htm [EB/OL].
[2] 王育民,刘建伟 编著.通信网的安全——理论与技术西安电子科技大学出版社,1999.4.
[3] Carlisle Adams,Steve Lloyd著,冯登国 等译.公开密钥基础设施——概念、标准和实施.人民邮电出版社,2001.1.
[4] 王锡林,郭庆平,程胜利 编著.计算机安全.人民邮电出版社,1995.1.
[5] 石文昌,孙玉芳.信息安全国际标准CC的结构模型分析.计算机科学,2001.1.
[6] 胡俊.从CDSA看安全体系架构.IBM:developerworks中国网站.2002.4.
[7] Seth T.Ross著,前导工作室 译.UNIX系统安全工具.机械工业出版社,2000.4.
[8] Mohammed J. Kabir著,刘洪勋 王晓东,陈晓燕,赵振国 等译.Apache服务器实用大全.中国水利水电出版社,1999.7.
[9] 齐治昌,谭庆平,宁洪 编著.软件工程.高等教育出版社,1997.7.
[10] Jess Garms, Daniel Somerfield著,庞南,管和昌,陈立志 等译.Java安全性编程指南.电子工业出版社,2002.1.
[11] IETF Network Working Group. Security Multiparts for MIME: Multipart/Signed and Multipart/Encrypted. RFC 1847, October 1995.
[12] IETF Network Working Group. OpenPGP Message Format. RFC2440, November 1998.
[13] IETF Network Working Group. MIME Security with OpenPGP. RFC 3156, August 2001.
[14] IETF Network Working Group. Cryptographic Message Syntax. RFC2630, June 1999.
[15] IETF Network Working Group. Diffie-Hellman Key Agreement Method. RFC2631, June 1999.
[16] IETF Network Working Group. S/MIME Version 3 Certificate Handling. RFC2632, June 1999.
[17] IETF Network Working Group. S/MIME Version 3 Message Specification. RFC2633, June 1999.
[18] IETF Network Working Group. Enhanced Security Services for S/MIME. RFC2634, June 1999.
[19] http://www.openpgp.org [EB/OL].
[20] http://www.imc.org/smime-pgpmime.html [EB/OL].
[21] IETF Network Working Group. Report of the IAB Security Architecture Workshop. RFC2316, April 1998.
[22] http://it. rising, com. cn/safety/safetyschool/safetylesson/1207wlaqsjsx. htm [EB/OL].
[23] ISO/IEC. Common Criteria for Information Technology Security Evaluation( CC 2. 1 ). ISO/IEC 15408:1999.
[24] http://www.hi2star.com/scf.htm [EB/OL].
[25] http://it. rising, com. cn/newSite/Channels/Safety/SysSafety/Safe_Unix/200210/31-153501989. htm [EB/OL].
[26] http://it. rising, com. cn/newSite/Channels/Safety/SysSafety/Safe_Database/200210/ 31-153601959. htm [EB/OL].
[27] http://www. e-works. net. cn/ewkArticles/Category47/Article7811. htm [EB/OL].
[28] http://www.fanqiang.com/a2/b1/20010514/114556. html [EB/OL].
[29] http://csrc.nist.gov/cc/ccv20/ccv21ist.htm [EB/OL].