基于WEB的安全传输通道的研究
|
摘要
随着Internet的飞速发展,诸如电子商务、电子政务、办公自动化等数字化应用正在世界范围内迅速崛起,人们的生产、生活方式正发生着深刻地变革。但伴随着网络应用的迅速发展,网络的安全问题也日益突现出来,严重制约着Internet及其相关网络应用的进一步发展。
本文针对Web系统中信息传输所面临的安全威胁,从保障网络信息安全传输的角度,系统研究了TCP/IP各个层次上实现安全通道的可行性及相关的安全协议标准,围绕密码体制,对数据加密、数字签名、身份认证、数据完整性控制等信息安全传输技术进行了深入的探讨。在此基础上,综合运用各种信息安全技术,建立并实现了一个信息安全传输模型。在数据传输过程中,通过身份认证,安全连接的建立,利用DSA、AES和MD5等加密算法对数据的处理和传输,实现了加/解密、签名、认证等功能,保障了数据机密性、完整性、真实性和实现用户行为的不可否认性。
理论和实践证明,通过使用安全通道,可以有效解决Web系统的信息传输安全问题,解除用户对于信息安全的顾虑,从而使得网络应用可以得到更快、更好的发展。该项研究为解决Web的安全问题进行了一个有益的探讨,其成果给出了一种新的Web安全问题的解决方案,有着切实的应用与发展前景。
A number of the digital applications, such as E-Business, E-Government, OA, are growing up in the global range with rapid progress of Internet. The mode of life is also profoundly changing. However, the status of the network security is becoming worse at the same time. Furthermore, the security problems restrict the farther development of the Internet.
According to some kinds of existed attacking methods that are aimed at the Web system, the article discusses the feasibility to implement secure transmission tunnel on every layer in TCP/IP protocol, and the related secure protocol standard. And focusing on cryptography, the paper lucubrates the technology of secure transmission of information such as data encryption, digital signature, identity authentication and data integrality technology. Then, a model is constructed that synthesizes kinds of secure transmission technology. During the whole process of information communication, the model implements the encrytion, decryption, signature, authentication, and ensures confidentiality, integrity, authentication and non-repudiation.
With the security tunnel, the problem of information transmission in the Web System can be efficiently resolved; thus the network application will develop more quickly than today. In short, the article proposes a new scheme for resolving the problem of security, which can be put into practice and has a broad prospect.
本文针对Web系统中信息传输所面临的安全威胁,从保障网络信息安全传输的角度,系统研究了TCP/IP各个层次上实现安全通道的可行性及相关的安全协议标准,围绕密码体制,对数据加密、数字签名、身份认证、数据完整性控制等信息安全传输技术进行了深入的探讨。在此基础上,综合运用各种信息安全技术,建立并实现了一个信息安全传输模型。在数据传输过程中,通过身份认证,安全连接的建立,利用DSA、AES和MD5等加密算法对数据的处理和传输,实现了加/解密、签名、认证等功能,保障了数据机密性、完整性、真实性和实现用户行为的不可否认性。
理论和实践证明,通过使用安全通道,可以有效解决Web系统的信息传输安全问题,解除用户对于信息安全的顾虑,从而使得网络应用可以得到更快、更好的发展。该项研究为解决Web的安全问题进行了一个有益的探讨,其成果给出了一种新的Web安全问题的解决方案,有着切实的应用与发展前景。
A number of the digital applications, such as E-Business, E-Government, OA, are growing up in the global range with rapid progress of Internet. The mode of life is also profoundly changing. However, the status of the network security is becoming worse at the same time. Furthermore, the security problems restrict the farther development of the Internet.
According to some kinds of existed attacking methods that are aimed at the Web system, the article discusses the feasibility to implement secure transmission tunnel on every layer in TCP/IP protocol, and the related secure protocol standard. And focusing on cryptography, the paper lucubrates the technology of secure transmission of information such as data encryption, digital signature, identity authentication and data integrality technology. Then, a model is constructed that synthesizes kinds of secure transmission technology. During the whole process of information communication, the model implements the encrytion, decryption, signature, authentication, and ensures confidentiality, integrity, authentication and non-repudiation.
With the security tunnel, the problem of information transmission in the Web System can be efficiently resolved; thus the network application will develop more quickly than today. In short, the article proposes a new scheme for resolving the problem of security, which can be put into practice and has a broad prospect.
引文
[1] Schneier.B著.吴世忠译.应用密码学.北京.机械工业出版社.2000
[2] 张千里等.网络安全新技术.人民邮电出版社.2003
[3] 卢开澄.计算机密码学-计算机网络中的数据保密与安全.第2版.清华大学出版社.1998
[4] 蒋伟进.基于体系结构的网络与信息安全研究.计算机工程与应用,2000.37(9):157-159
[5] 何全胜.姚国详.网络安全需求分析及安全策略研究.计算机工程.2000.26(6):56-58
[6] 曾志峰.杨义先.网络安全的发展与研究.计算机工程与应用.2000.36(10):1-3
[7] Eckel.B著.侯捷译.Java编程思想.第二版.北京:机械工业出版社.2002
[8] Rich Helton著.袁泉译.Java安全解决方案.北京.清华大学出版社.2003
[9] 徐迎晓.Java安全性编程实例.北京.清华大学出版社.2003
[10] Jaworski. J. Java安全手册.北京.电子工业出版社.2001
[11] 杨千里.王育民.电子商务技术与应用.北京:电子工业出版社.1996
[12] 方美琪.电子商务概论.北京.清华大学出版社.1999
[13] 朱树人.李伟琴.安全信道的建立及应用研究.计算机科学.2001.28(3):50-52
[14] 何明星.新一代私钥加密标准AES进展与评述.计算机应用研究.2001.18(10):4-6
[15] 张淮中.实现基于HTTP的通信.计算机工程与设计,2000.21(6):16-19
[16] J. Stanger. CIW Security Professional Study Guide. SYBEX Inc. 2002
[17] S. Andrew. Computer Networks. Four Edition. Prentice Hall PTR. 2002
[18] Announcing the AES. 2001. National Institute of Standards and Technology. FIPS PUB 197.
[19] Man Young Rhce. Cryptography and Secure Communication. McGraw-Hill Book Co. 1994
[20] Gilles Brassard.Modern Cryptology. A Tutorial. Volume 325 of LNCS. Springer. 1988
[21] R L Rivest. The Message-Digest5 Algorithm. RFC1321.1992.4
[22] W. Stallings. Cryptograpy and Network Security. Prentice Hall. 1999
[23] K. Arnold. The Java Programming Language. Second Edition. Addison-Wesley. 1998
[24] R. Braden S. Ginoza. Internet Official Protocol Standards. RFC3000.2001.11
[25] T. Dierks C. Allen. The TLS Protocol Verl. 0. RFC2246. 1999. 1
[26] S. Kent. Security Architecture for the Internet Protocol. RFC2401.1998.11
[27] S. Kent R. Atkinson. IP Authentication Header. RFC2402.1998.11
[28] C.Madson R. Glenn. The Use of HMAC-MD5-96 within ESP and AH. RFC2403.1998.11
[29] S. Ken. IP Encapsulating Security Payload (ESP).RFC2406.1998.11
[30] D. W. Davies. Price Security for Computer Networks. John Wiley and Sons Ltd. 1992
[31] B. Clifford Neuman. An Authentication Service for Computer Networks. IEEE Communications. 1994.9
[32] Raju Ramaswamy. A Key Management Algorithm for Secure Communication in Open Systems Interconnections Architecture. Computer&Security. 1990.9
[2] 张千里等.网络安全新技术.人民邮电出版社.2003
[3] 卢开澄.计算机密码学-计算机网络中的数据保密与安全.第2版.清华大学出版社.1998
[4] 蒋伟进.基于体系结构的网络与信息安全研究.计算机工程与应用,2000.37(9):157-159
[5] 何全胜.姚国详.网络安全需求分析及安全策略研究.计算机工程.2000.26(6):56-58
[6] 曾志峰.杨义先.网络安全的发展与研究.计算机工程与应用.2000.36(10):1-3
[7] Eckel.B著.侯捷译.Java编程思想.第二版.北京:机械工业出版社.2002
[8] Rich Helton著.袁泉译.Java安全解决方案.北京.清华大学出版社.2003
[9] 徐迎晓.Java安全性编程实例.北京.清华大学出版社.2003
[10] Jaworski. J. Java安全手册.北京.电子工业出版社.2001
[11] 杨千里.王育民.电子商务技术与应用.北京:电子工业出版社.1996
[12] 方美琪.电子商务概论.北京.清华大学出版社.1999
[13] 朱树人.李伟琴.安全信道的建立及应用研究.计算机科学.2001.28(3):50-52
[14] 何明星.新一代私钥加密标准AES进展与评述.计算机应用研究.2001.18(10):4-6
[15] 张淮中.实现基于HTTP的通信.计算机工程与设计,2000.21(6):16-19
[16] J. Stanger. CIW Security Professional Study Guide. SYBEX Inc. 2002
[17] S. Andrew. Computer Networks. Four Edition. Prentice Hall PTR. 2002
[18] Announcing the AES. 2001. National Institute of Standards and Technology. FIPS PUB 197.
[19] Man Young Rhce. Cryptography and Secure Communication. McGraw-Hill Book Co. 1994
[20] Gilles Brassard.Modern Cryptology. A Tutorial. Volume 325 of LNCS. Springer. 1988
[21] R L Rivest. The Message-Digest5 Algorithm. RFC1321.1992.4
[22] W. Stallings. Cryptograpy and Network Security. Prentice Hall. 1999
[23] K. Arnold. The Java Programming Language. Second Edition. Addison-Wesley. 1998
[24] R. Braden S. Ginoza. Internet Official Protocol Standards. RFC3000.2001.11
[25] T. Dierks C. Allen. The TLS Protocol Verl. 0. RFC2246. 1999. 1
[26] S. Kent. Security Architecture for the Internet Protocol. RFC2401.1998.11
[27] S. Kent R. Atkinson. IP Authentication Header. RFC2402.1998.11
[28] C.Madson R. Glenn. The Use of HMAC-MD5-96 within ESP and AH. RFC2403.1998.11
[29] S. Ken. IP Encapsulating Security Payload (ESP).RFC2406.1998.11
[30] D. W. Davies. Price Security for Computer Networks. John Wiley and Sons Ltd. 1992
[31] B. Clifford Neuman. An Authentication Service for Computer Networks. IEEE Communications. 1994.9
[32] Raju Ramaswamy. A Key Management Algorithm for Secure Communication in Open Systems Interconnections Architecture. Computer&Security. 1990.9