WinIDEA保密通信系统的设计及实现
摘要
互联网的飞速发展改变了人们的生活方式,出现了所谓的信息经济。在以前信息是通过书面形式保存和手工传递的,现在人们在Internet上发送e-mail、进行网上购物和信息共享,信息是以电子形式产生、发送和保存的。互联网在提供人们这些便利的同时,也更难保证信息的安全。因为在电子时代,一个网络入侵者可以很容易地截取和修改消息。因此,随着互联网越来越广泛的应用,人们越来越关注计算机网络的安全。
计算机网络的安全性主要有:信息的保密性(Confidentiality)、身份鉴别(Authentication)、信息的完整性(Integrity)、信息的可用性(Availability)和信息行为的不可否认性(Non-repudiation)。其中保密性是计算机网络安全的基础,而要实现保密通常采用加密的方法,密码技术就成为关键。本课题应用了分组密码和公钥密码,设计了WinIDEA保密通信系统,该系统可以对文本、图片、音频及应用程序等文件进行加密传送,并且具有简单电子邮件功能,可以发送和接收保密的电子邮件。
本文第一章分析计算机网络的安全性,介绍保障计算机网络安全的基本技术,指出密码技术是网络安全技术的核心。第二章概述现代密码体制下的密码算法。WinIDEA系统采用分组密码算法DES和IDEA以及公开密钥算法RSA,DES和IDEA用来加密解密数据,RSA则用来传送DES和IDEA的会话密钥。第三章介绍WinIDEA系统的结构和特点,描述系统所用密码算法的运算过程。系统采用客户机服务器模式,主要部分有用户接口、通信处理、加密解密以及保密电子邮件。第四章介绍了WinIDEA系统的流程以及主要部分的实现。介绍了Base64编码,系统采用Base64编码使加密的数据能够正确传送。系统产生的公钥保存在用户信息数据库中,该数据库是用Microsoft SQL Server7.0创建的,利用SQL Server的安全机制来保证对公钥的安全存取。系统是在Microsoft公司的VisualStudio 6.0开发环境下用VC++6.0实现的,系统的功能模块是在MFC类库的基础之上实现的。第五章对全文进行了总结,指出本系统下一步要完善的地方。
The rapid development of internet changes the people's life style, and the so-called information economy arise. Now people send or receive e-mail, do shopping and share information on the Internet. Private documents that in the past would have been committed to paper and hand-delivered are now routinely created, sent, and stored electronically. But the very things that allow such speed and ease of communication have also made it far more difficult to ensure one's privacy. In an electronic age, an interloper can intercept and alter message far more easily now than when face-to-face exchanges were the norm. As internet's wide application, people now pay more attention on the network security.
The security of computer network includes confidentiality, authentication, integrity, availability and non-repudiation of information. Among them confidentiality is the base of network security. Encryption is usually applied to ensure confidentiality, so cryptography becomes very important to network security. We use block algorithm and public-key algorithm to design a security communication system named WinlDEA which can encrypt and transfer files such as text, photo, audio and application. And it can send or receive security e-mail.
This article first analyzes the security of computer network, introduces basic technology that guarantee the security and emphasizes that cryptography is the core technology. Second chapter introduces the principle of computer cryptology, introduces several algorithms including DBS, IDEA and RSA. Third chapter explains the constitution and characteristics of WinlDEA. It describes the operations of the cipher algorithms. Fourth chapter explains the main modules of WinlDEA. Every module is based on MFC library. Base64 encoding is also introduced in this chapter. The public key is stored in a user information database which is built by Microsoft SQL Server 7.0. And the public key's security is guaranteed through SQL Server's security mechanism. In chapter five, it summarizes the successful aspects and shortages in the system.
计算机网络的安全性主要有:信息的保密性(Confidentiality)、身份鉴别(Authentication)、信息的完整性(Integrity)、信息的可用性(Availability)和信息行为的不可否认性(Non-repudiation)。其中保密性是计算机网络安全的基础,而要实现保密通常采用加密的方法,密码技术就成为关键。本课题应用了分组密码和公钥密码,设计了WinIDEA保密通信系统,该系统可以对文本、图片、音频及应用程序等文件进行加密传送,并且具有简单电子邮件功能,可以发送和接收保密的电子邮件。
本文第一章分析计算机网络的安全性,介绍保障计算机网络安全的基本技术,指出密码技术是网络安全技术的核心。第二章概述现代密码体制下的密码算法。WinIDEA系统采用分组密码算法DES和IDEA以及公开密钥算法RSA,DES和IDEA用来加密解密数据,RSA则用来传送DES和IDEA的会话密钥。第三章介绍WinIDEA系统的结构和特点,描述系统所用密码算法的运算过程。系统采用客户机服务器模式,主要部分有用户接口、通信处理、加密解密以及保密电子邮件。第四章介绍了WinIDEA系统的流程以及主要部分的实现。介绍了Base64编码,系统采用Base64编码使加密的数据能够正确传送。系统产生的公钥保存在用户信息数据库中,该数据库是用Microsoft SQL Server7.0创建的,利用SQL Server的安全机制来保证对公钥的安全存取。系统是在Microsoft公司的VisualStudio 6.0开发环境下用VC++6.0实现的,系统的功能模块是在MFC类库的基础之上实现的。第五章对全文进行了总结,指出本系统下一步要完善的地方。
The rapid development of internet changes the people's life style, and the so-called information economy arise. Now people send or receive e-mail, do shopping and share information on the Internet. Private documents that in the past would have been committed to paper and hand-delivered are now routinely created, sent, and stored electronically. But the very things that allow such speed and ease of communication have also made it far more difficult to ensure one's privacy. In an electronic age, an interloper can intercept and alter message far more easily now than when face-to-face exchanges were the norm. As internet's wide application, people now pay more attention on the network security.
The security of computer network includes confidentiality, authentication, integrity, availability and non-repudiation of information. Among them confidentiality is the base of network security. Encryption is usually applied to ensure confidentiality, so cryptography becomes very important to network security. We use block algorithm and public-key algorithm to design a security communication system named WinlDEA which can encrypt and transfer files such as text, photo, audio and application. And it can send or receive security e-mail.
This article first analyzes the security of computer network, introduces basic technology that guarantee the security and emphasizes that cryptography is the core technology. Second chapter introduces the principle of computer cryptology, introduces several algorithms including DBS, IDEA and RSA. Third chapter explains the constitution and characteristics of WinlDEA. It describes the operations of the cipher algorithms. Fourth chapter explains the main modules of WinlDEA. Every module is based on MFC library. Base64 encoding is also introduced in this chapter. The public key is stored in a user information database which is built by Microsoft SQL Server 7.0. And the public key's security is guaranteed through SQL Server's security mechanism. In chapter five, it summarizes the successful aspects and shortages in the system.
引文
[1](美)Bruce Schneier 著,吴世忠,祝世雄,张文政等译,何德全审校,应用密码学:协议、算法与 C 源程序,机械工业出版社,2000.
[2]卢开澄编著,计算机密码学:计算机网络中的数据保密与安全(第2版),清华大学出版社,1998.
[3]刘尊全著,刘氏高强度公开加密算法设计原理与装置,清华大学出版社,1996.
[4]Andrew S. Tanenbaum 著,熊桂喜,王小虎译,李学农审,计算机网络(第3版),清华大学出版社,1999.
[5]Douglas E. Comer, Intemetworking with TCP/IP Vol. 1: Principles, Protocols, and Architecture(Third Edition),Prentice Hall Inc.,1991.
[6]Douglas E. Comer 著,林瑶,蒋慧,杜蔚轩等译,谢希仁校,用TCP/IP 进行网际互连第1卷:原理、协议和体系结构(第3版),电子工业出版社,1998.
[7]雷斌,杨建华,黄超,何斌等编著,Visual C++6.0 网络编程技术,人民邮电出版社,1999.
[8](美)Clayton Walnum 著,苏帅华,陈维义,赵卫滨等译,郝志恒审校,C++ 高级参考手册,电子工业出版社,1999.
[9](美)David J. Kruglinski, Scot Wingo, George Shepherd 著,希望图书创作室译,Programm Visual C++6.0 技术内幕(第五版),北京希望电子出版社,1999.
[10]刘金龙,高兆法,巩玉国编著,Visual C++6.0 类参考详解,清华大学出版社,1999.
[11](美)Marshall Brain, Lance Lovette 著,译星翻译组译,MFC 开发人员指南,机械工业出版社,1999.
[12](美)Tim Parker, Mark Sportack 著,前导工作室译,TCP/IP 技术大全,机械工业出版社,2000.
[13](美)Chris H. Pappas 等著,段来盛,郝阿朋,郝曙光译,C++ 程序调试实用手册,电子工业出版社,2000.
[14]清汉计算机工作室编著,Visual C++6.0 数据库与网络开发实例,机械工业出版社,2000,
[15]禄凯,唐小梅,马明武,加密技术在 Web 信息系统中的应用,电讯技术,1999,4.
[16]F. G Hatefi, F. Golshani, A new framework for secure network management, Computer Communications 22(1999)629-636.
[17]王怀伯,张申生,周一萍,Intranet/Extranet 中的网络安全技术,计算机工程,1999(1):30—32.
[18]潘理,顾尚杰,诸鸿文,基于 Win95 的网络协议软件开发技术,计算机工程,2000(2):4-5,8.
[19]崔国华,裴鹏军,彭琨,安全的电子保证邮件,计算机工程,2000(2):70-71,76.
[20]韦卫,王德杰,张英,王行刚,基于 SSL 的安全 WWW 系统的研究与实现,计算机研究与发展,1999(5):619-623.
[21]孙鹏,唐朔飞,使用 VC++ 实现一个 Web Server, 计算机工程,2000(2):24-25,36.
[22]杨晓东,李建华,诸鸿文,一种基于 PKI 的电子邮件系统安全方案的设计与实现,计算机工程,1999(8):34-36.
[23]刘克龙,计算机网络信息安全浅议,密码与信息,1999(1):27-36.
[24]常晓林,冯登国,PKI 的基本特征及其相关标准,密码与信息,1999(3):6-23,
[25]田建波,孙晓蓉,王育民,DES 已被攻破,AES 即将诞生,通信保密,1998(3):1-4.
[26]张春江,倪健民,国家信息安全报告,人民出版社,2000.
[27]田梦瑾,李建华,杨宇航,基于 PKI 的电子商务安全密钥托管方案研究,计算机工程,1999(1):35-37.
[28]Jonathan B. Postel, Simple Mail Transfer Protocol, RFC 821, USC/Information Science Institute, August 1982.
[29]Marshall T. Rose, Post Office Protocol-Version3, RFC 1225, Performance Systems International, May 1991.
[30]N. Borenstein, Bellcore N. Freed, MIME Part One, RFC 1521, September 1993.
[31](美)Stephen Wynkoop 著,张蓉,张燕,赵红梅等译,SQL Server 7.0 开发指南,电子工业出版社,1999.
[32]郑章,程刚,张勇等编著,Visual C++6.0 数据库开发技术,机械工业出版社,1999.
[33](美)Brad McGehee 等著,潇湘工作室译,Microsoft SQL Server7.0 使用详解,机械工业出版社,1999.
[34]樊晓勇,现代加密算法在安全电子邮件中的应用;福建电脑,2001(9):20-22.
[35]侯俊杰著,深入浅出 MFC 第2版,华中科技大学出版社,2001.
[2]卢开澄编著,计算机密码学:计算机网络中的数据保密与安全(第2版),清华大学出版社,1998.
[3]刘尊全著,刘氏高强度公开加密算法设计原理与装置,清华大学出版社,1996.
[4]Andrew S. Tanenbaum 著,熊桂喜,王小虎译,李学农审,计算机网络(第3版),清华大学出版社,1999.
[5]Douglas E. Comer, Intemetworking with TCP/IP Vol. 1: Principles, Protocols, and Architecture(Third Edition),Prentice Hall Inc.,1991.
[6]Douglas E. Comer 著,林瑶,蒋慧,杜蔚轩等译,谢希仁校,用TCP/IP 进行网际互连第1卷:原理、协议和体系结构(第3版),电子工业出版社,1998.
[7]雷斌,杨建华,黄超,何斌等编著,Visual C++6.0 网络编程技术,人民邮电出版社,1999.
[8](美)Clayton Walnum 著,苏帅华,陈维义,赵卫滨等译,郝志恒审校,C++ 高级参考手册,电子工业出版社,1999.
[9](美)David J. Kruglinski, Scot Wingo, George Shepherd 著,希望图书创作室译,Programm Visual C++6.0 技术内幕(第五版),北京希望电子出版社,1999.
[10]刘金龙,高兆法,巩玉国编著,Visual C++6.0 类参考详解,清华大学出版社,1999.
[11](美)Marshall Brain, Lance Lovette 著,译星翻译组译,MFC 开发人员指南,机械工业出版社,1999.
[12](美)Tim Parker, Mark Sportack 著,前导工作室译,TCP/IP 技术大全,机械工业出版社,2000.
[13](美)Chris H. Pappas 等著,段来盛,郝阿朋,郝曙光译,C++ 程序调试实用手册,电子工业出版社,2000.
[14]清汉计算机工作室编著,Visual C++6.0 数据库与网络开发实例,机械工业出版社,2000,
[15]禄凯,唐小梅,马明武,加密技术在 Web 信息系统中的应用,电讯技术,1999,4.
[16]F. G Hatefi, F. Golshani, A new framework for secure network management, Computer Communications 22(1999)629-636.
[17]王怀伯,张申生,周一萍,Intranet/Extranet 中的网络安全技术,计算机工程,1999(1):30—32.
[18]潘理,顾尚杰,诸鸿文,基于 Win95 的网络协议软件开发技术,计算机工程,2000(2):4-5,8.
[19]崔国华,裴鹏军,彭琨,安全的电子保证邮件,计算机工程,2000(2):70-71,76.
[20]韦卫,王德杰,张英,王行刚,基于 SSL 的安全 WWW 系统的研究与实现,计算机研究与发展,1999(5):619-623.
[21]孙鹏,唐朔飞,使用 VC++ 实现一个 Web Server, 计算机工程,2000(2):24-25,36.
[22]杨晓东,李建华,诸鸿文,一种基于 PKI 的电子邮件系统安全方案的设计与实现,计算机工程,1999(8):34-36.
[23]刘克龙,计算机网络信息安全浅议,密码与信息,1999(1):27-36.
[24]常晓林,冯登国,PKI 的基本特征及其相关标准,密码与信息,1999(3):6-23,
[25]田建波,孙晓蓉,王育民,DES 已被攻破,AES 即将诞生,通信保密,1998(3):1-4.
[26]张春江,倪健民,国家信息安全报告,人民出版社,2000.
[27]田梦瑾,李建华,杨宇航,基于 PKI 的电子商务安全密钥托管方案研究,计算机工程,1999(1):35-37.
[28]Jonathan B. Postel, Simple Mail Transfer Protocol, RFC 821, USC/Information Science Institute, August 1982.
[29]Marshall T. Rose, Post Office Protocol-Version3, RFC 1225, Performance Systems International, May 1991.
[30]N. Borenstein, Bellcore N. Freed, MIME Part One, RFC 1521, September 1993.
[31](美)Stephen Wynkoop 著,张蓉,张燕,赵红梅等译,SQL Server 7.0 开发指南,电子工业出版社,1999.
[32]郑章,程刚,张勇等编著,Visual C++6.0 数据库开发技术,机械工业出版社,1999.
[33](美)Brad McGehee 等著,潇湘工作室译,Microsoft SQL Server7.0 使用详解,机械工业出版社,1999.
[34]樊晓勇,现代加密算法在安全电子邮件中的应用;福建电脑,2001(9):20-22.
[35]侯俊杰著,深入浅出 MFC 第2版,华中科技大学出版社,2001.