基于排列码加密算法的XML安全技术研究与应用
|
摘要
本文在综合分析XML安全现有成果的基础上,将具有我们自主知识产权的排列码加密算法应用到XML安全领域。本文详细介绍了排列码加密算法原理,用Java语言实现了分组长度为8比特的排列码加密算法,并研究了排列码在XML安全中的应用。
国内大部分研究都局限于对XML加密规范的验证实现阶段。本文分析研究了现在流行的SOA架构中XML安全的实施细节,初步总结出了一种比较灵活的理想的安全模型。该模型采用四层体系架构MVCS,也就是模型M、视图V、控制器C、安全S四层体系,主张将安全独立作为一层考虑,有助于降低系统的耦合度,并能减少维护成本。该模型遵照W3C的XML加密规范,同时又具有自己的特点,加密算法可以由用户自由选择,是一种便利、可靠、稳健、通用的安全模型,以期推动国内信息安全领域研究的新发展。
The paper mainly studies on available achievement in the field of xml security, also applies the permutation code encryption algorithm, which have got independent intellectual property right to this field at the same time. The article has detailed introduced the principle of permutation code encryption algorithm, and realizing permutation code encryption algorithm for 8-bit block with java.
Now the study in the homeland limited in the stage of verification and realization for xml encryption. xml security detailed into practice in popular service oriented architecture is analyzed and studied in this article. The first step has summed up out one kind of comparatively nimble and ideal safe model, model adopt four layers of system frame MVCS, model M, view V, controller C, security S. Security is independent being considered as a layer, which help reduce systematic degree of coupling, cutting down upkeep cost. The model complies with W3C xml encrypts Standards, has characteristic in self at the same time, The encryption algorithm can be free to choose by user, the safe model is facilitating, reliable, solid and used universally, expect to drive the new development in the field of information security.
国内大部分研究都局限于对XML加密规范的验证实现阶段。本文分析研究了现在流行的SOA架构中XML安全的实施细节,初步总结出了一种比较灵活的理想的安全模型。该模型采用四层体系架构MVCS,也就是模型M、视图V、控制器C、安全S四层体系,主张将安全独立作为一层考虑,有助于降低系统的耦合度,并能减少维护成本。该模型遵照W3C的XML加密规范,同时又具有自己的特点,加密算法可以由用户自由选择,是一种便利、可靠、稳健、通用的安全模型,以期推动国内信息安全领域研究的新发展。
The paper mainly studies on available achievement in the field of xml security, also applies the permutation code encryption algorithm, which have got independent intellectual property right to this field at the same time. The article has detailed introduced the principle of permutation code encryption algorithm, and realizing permutation code encryption algorithm for 8-bit block with java.
Now the study in the homeland limited in the stage of verification and realization for xml encryption. xml security detailed into practice in popular service oriented architecture is analyzed and studied in this article. The first step has summed up out one kind of comparatively nimble and ideal safe model, model adopt four layers of system frame MVCS, model M, view V, controller C, security S. Security is independent being considered as a layer, which help reduce systematic degree of coupling, cutting down upkeep cost. The model complies with W3C xml encrypts Standards, has characteristic in self at the same time, The encryption algorithm can be free to choose by user, the safe model is facilitating, reliable, solid and used universally, expect to drive the new development in the field of information security.
引文
[1] 陈述 对 XML 数据安全加密技术的研究 [硕士学位论文] 2006,3.
[2] W3C Working Draft. http://www.w3.org/TR/xmldsig-requirements.
[3] W3C Note 04 March 2002, http://www.w3.org/TR/xml-encryption-req.
[4] Extensible Markup Language (XML) 1.0 (Fourth Edition) http://www.w3.org/TR/REC-xml/
[5] Charles F.Goldfarb,Pau1 Prescod.XML HandBook:Fourth Edition, ISBN:0130651982.2002.536-566
[6] 张建飞编.XML 实用培训教程.北京:科学出版社,2003,12, 1628.
[7] W3C Recommendation http://www.w3.org/TR/1998/REC-xml-19980210.
[8] 徐国祥,张新荣.XML 在未来 Web 中的应用.计算机工程,2001,8, 2023.
[9] J.Zhou,K.Y.Lam.Securing digital signatures for non-repudiation .Computer Communication 22 (1999):710716.
[10] 邹青梅,陈天煌 XML 安全技术研究与应用 [硕士学位论文] 武汉理工大学 2005,3.
[11] [英]Villiam Stallings.现代密码学理论与实际.北京:电子工业出版社,2004.
[12] 董林芳,武金木等.保密散列数字签名.东南大学学报,2002.
[13] 河北工业大学学报 2001 年 2 月 Vol.30 No.1 武金木 武优西.
[14] 武金木,武优西.排列码加密解密方法及其排列码加密解密器,中华人民共和国知识产权专利局, 发明专利公开说明书,CN 1246007A, 2000.
[15] William Stallings. Cryprography and Network Security Principles and Practice[M].第二版。杨明 胥光辉译.北京:电子工业出版社,2001.
[16] [美]Charles P.Pfleeger, Shari Lawrence Pfleeger.信息安全原理与应用.北京:电子工业出版社,2004.
[17] Elisa,Barbara,Carminati:XMLSecuritySpecificationOnKeyAgreement.InformationSecurityTechnicalReport,Vol.6No.2.2004:230-237.
[18] XML 加密的特点及应用模式 戚爱华 《现代图书情报技术》 2005 年第 5 期.
[19] http://www.itisedu.com/phrase/200603021816435.html 中科永联高级技术培训中心.
[20] JDOM API http://www.jdom.org/docs/apidocs/index.html.
[21] 冯登国,裴定一.密码学导引[M].北京:科学出版社,1999. 292.
[22] 龚力 数据加密中的密钥管理和协商技术 中国科技信息 2006 年第 24 期.
[23] Atul Kahate 著.密码学与网络安全安全.北京:清华大学出版社.2005:56-78
[24] 龚力.XML 数据加密的 Diffle-Hellman 实现.现代计算机.2003,5: 62-63
[25] Michael Ellis. Employ the IBM Websphere Web Services Gateway. IBM developer Works, 14D ec2004
[26] Kroger I. H. Mathew R. Systematic development and exploration of service - oriented software architectures [C]. In: Proceedings of the 4th Working IEEE/IFIP Conference on Software Architecture. Oslo. 2004, 177- 187.
[27] Foster I, Kesselman C. The Grid: Blueprint for a NewComputing Infrastructure [M]. Morgan Kaufmann Publishers, Inc.,San Francisco, California, 1999: 205- 236.
[28] Genoveva Vargas - Solar, Toward aspect oriented services coordination for building modern information systems [C]. In:Proceedings of the 5th Mexican International Conference in Computer Science, Colima, Mexico, 2004, 353- 360.
[29] Schuschel H. , Weske M. , Automated Planning in a service-oriented architecture [C], In: Proceedings of the 13th IEEE International workshops on Enabling Technologies: Infrastructure forCollaborativeEnterprises, Modera. Italy, 2004, 75- 80.
[30] Bob Atkinson, Giovanni Della-Libera, Satoshi Hada. Web 服务安全性(WS-Security). IBM developerWorks, 05 A pril 2002.
[31] OASIS. Reference Model for Service Oriented Architecture 1.0, 19 July 2006 [EB/OL]. http://www.oasis- open.org/committees/tc_home.php?wg_abbrev=soa- rm, 2006.
[32] 信息工程大学学报 2006 年 3 月 Vol . 7 No. 1 XML 的安全性研究 于国良, 韩文报.
[33] 斯阎森.密码学原理与实践.北京:电子工业出版社,2003.
[34] W3C XML Encryption Working Group. http://www.w3.org/Encryption/2001/
[35] Exploring XML Encryption http://www.ibm.com/developerworks/xml/library/x-encrypt/
[36] XML 安全标准一览. http://www.enet.com.cn/esafe/inforcenter/A20040804330626.htm1.2004-08-04.
[37] Dournaee B. XML 安全基础[M] . 北京:清华大学出版社,2003.
[38] 胡迎松,彭利文,池楚兵. XML Web 服务的安全问题及安全技术[J]. 计算机应用研究,2003,10.
[39] I. Foster,C Kesselman, J Nick, et al. The Physiology of the Grid: An Open Grid Services Architecture for Distributed Systems Integration [EB/OL]. http://www.globus.org/research/papers/ogsa.pdf,2002.
[40] W3C, Web Services Architecture [EB/OL].http://www.w3.org/TR/2004/NOTE-ws-arch-20040211.
[41] I Foster, C Kesselman, J Nick, et al. Grid Services for Distributed System Integration[J].Computer,2002, 35(6): 37- 46.
[42] Czajkowski K, Ferguson D, Foster I, Frey J, Graham S, et al. From open grid services infrastructure to WS – Resource framework: refactoring & evolution. 2004,5.
[43] N. Nagaratnam, P. Janson, J. Dayka, et al.The Security Architecture for Open Grid Services [R], Open Grid Service Architecture Security Working Group.
[2] W3C Working Draft. http://www.w3.org/TR/xmldsig-requirements.
[3] W3C Note 04 March 2002, http://www.w3.org/TR/xml-encryption-req.
[4] Extensible Markup Language (XML) 1.0 (Fourth Edition) http://www.w3.org/TR/REC-xml/
[5] Charles F.Goldfarb,Pau1 Prescod.XML HandBook:Fourth Edition, ISBN:0130651982.2002.536-566
[6] 张建飞编.XML 实用培训教程.北京:科学出版社,2003,12, 1628.
[7] W3C Recommendation http://www.w3.org/TR/1998/REC-xml-19980210.
[8] 徐国祥,张新荣.XML 在未来 Web 中的应用.计算机工程,2001,8, 2023.
[9] J.Zhou,K.Y.Lam.Securing digital signatures for non-repudiation .Computer Communication 22 (1999):710716.
[10] 邹青梅,陈天煌 XML 安全技术研究与应用 [硕士学位论文] 武汉理工大学 2005,3.
[11] [英]Villiam Stallings.现代密码学理论与实际.北京:电子工业出版社,2004.
[12] 董林芳,武金木等.保密散列数字签名.东南大学学报,2002.
[13] 河北工业大学学报 2001 年 2 月 Vol.30 No.1 武金木 武优西.
[14] 武金木,武优西.排列码加密解密方法及其排列码加密解密器,中华人民共和国知识产权专利局, 发明专利公开说明书,CN 1246007A, 2000.
[15] William Stallings. Cryprography and Network Security Principles and Practice[M].第二版。杨明 胥光辉译.北京:电子工业出版社,2001.
[16] [美]Charles P.Pfleeger, Shari Lawrence Pfleeger.信息安全原理与应用.北京:电子工业出版社,2004.
[17] Elisa,Barbara,Carminati:XMLSecuritySpecificationOnKeyAgreement.InformationSecurityTechnicalReport,Vol.6No.2.2004:230-237.
[18] XML 加密的特点及应用模式 戚爱华 《现代图书情报技术》 2005 年第 5 期.
[19] http://www.itisedu.com/phrase/200603021816435.html 中科永联高级技术培训中心.
[20] JDOM API http://www.jdom.org/docs/apidocs/index.html.
[21] 冯登国,裴定一.密码学导引[M].北京:科学出版社,1999. 292.
[22] 龚力 数据加密中的密钥管理和协商技术 中国科技信息 2006 年第 24 期.
[23] Atul Kahate 著.密码学与网络安全安全.北京:清华大学出版社.2005:56-78
[24] 龚力.XML 数据加密的 Diffle-Hellman 实现.现代计算机.2003,5: 62-63
[25] Michael Ellis. Employ the IBM Websphere Web Services Gateway. IBM developer Works, 14D ec2004
[26] Kroger I. H. Mathew R. Systematic development and exploration of service - oriented software architectures [C]. In: Proceedings of the 4th Working IEEE/IFIP Conference on Software Architecture. Oslo. 2004, 177- 187.
[27] Foster I, Kesselman C. The Grid: Blueprint for a NewComputing Infrastructure [M]. Morgan Kaufmann Publishers, Inc.,San Francisco, California, 1999: 205- 236.
[28] Genoveva Vargas - Solar, Toward aspect oriented services coordination for building modern information systems [C]. In:Proceedings of the 5th Mexican International Conference in Computer Science, Colima, Mexico, 2004, 353- 360.
[29] Schuschel H. , Weske M. , Automated Planning in a service-oriented architecture [C], In: Proceedings of the 13th IEEE International workshops on Enabling Technologies: Infrastructure forCollaborativeEnterprises, Modera. Italy, 2004, 75- 80.
[30] Bob Atkinson, Giovanni Della-Libera, Satoshi Hada. Web 服务安全性(WS-Security). IBM developerWorks, 05 A pril 2002.
[31] OASIS. Reference Model for Service Oriented Architecture 1.0, 19 July 2006 [EB/OL]. http://www.oasis- open.org/committees/tc_home.php?wg_abbrev=soa- rm, 2006.
[32] 信息工程大学学报 2006 年 3 月 Vol . 7 No. 1 XML 的安全性研究 于国良, 韩文报.
[33] 斯阎森.密码学原理与实践.北京:电子工业出版社,2003.
[34] W3C XML Encryption Working Group. http://www.w3.org/Encryption/2001/
[35] Exploring XML Encryption http://www.ibm.com/developerworks/xml/library/x-encrypt/
[36] XML 安全标准一览. http://www.enet.com.cn/esafe/inforcenter/A20040804330626.htm1.2004-08-04.
[37] Dournaee B. XML 安全基础[M] . 北京:清华大学出版社,2003.
[38] 胡迎松,彭利文,池楚兵. XML Web 服务的安全问题及安全技术[J]. 计算机应用研究,2003,10.
[39] I. Foster,C Kesselman, J Nick, et al. The Physiology of the Grid: An Open Grid Services Architecture for Distributed Systems Integration [EB/OL]. http://www.globus.org/research/papers/ogsa.pdf,2002.
[40] W3C, Web Services Architecture [EB/OL].http://www.w3.org/TR/2004/NOTE-ws-arch-20040211.
[41] I Foster, C Kesselman, J Nick, et al. Grid Services for Distributed System Integration[J].Computer,2002, 35(6): 37- 46.
[42] Czajkowski K, Ferguson D, Foster I, Frey J, Graham S, et al. From open grid services infrastructure to WS – Resource framework: refactoring & evolution. 2004,5.
[43] N. Nagaratnam, P. Janson, J. Dayka, et al.The Security Architecture for Open Grid Services [R], Open Grid Service Architecture Security Working Group.