电子政务系统安全体系设计及实现
|
摘要
随着信息技术在世界范围内的迅猛发展,特别是互联网技术的普及应用,电子政务的发展正在成为当代信息化的最重要的领域之一。电子政务是政府信息化中的重要组成部分,整个政府信息化的过程,就是电子政务不断发展完善的过程。党的十六大明确提出了进一步转变政府职能,改进管理方式,推进电子政务建设,为提高党的执政能力服务。在国家大力支持和推动下,我国电子政务取得了较大的进展,市场规模持续扩大。在电子政务系统建设与运行过程中又着重强调安全问题,要通过系统安全技术保障体系来保证电子政务的正常运转,业内也提出了一些模型,如ISSE模型等。其中构成电子政务安全保障的措施很多,有数据加密技术、信息技术、安全认证技术、公钥基础设施PKI技术,还有病毒防范、防火墙、入侵检测、物理隔离、虚拟专用网VPN等安全措施,其中加强“以密码技术为核心的信息保护和网络信任体系建设”为指导的方针是中共中央办公厅发【27号】文中明确提出的指导思想。【27号】文是经党中央、国务院领导批准下发的指导电子政务建设的重要文件。所以,信息安全是电子政务正常运转、国家涉密信息保护和国家政治稳定的基本保障。
本论文从保障电子政务信息安全的角度出发,并以某省电子政务系统为例,详细设计了一个较完整的技术实施保障体系,并对该系统中提到的电子印章系统进行编程实现,通过分析电子印章系统所要解决的问题,参照其它类似系统的实施方案,设计出了可行的电子印章系统。本论文使用数字签名、数字加密等密码学知识,在Microsoft Word平台上,对电子印章系统进行研究,并实现基于Microsoft Word二次开发的电子印章系统。其中,还研究了密码模块USBKey在电子印章系统中的使用。本论文的主要工作如下:
1.在深入学习电子政务建设指南和安全保障体系有关指导思想的基础上,作了实际调研和考察,科学、合理地构建一套完整的电子政务网安全保障体系。
2.深入学习PKI、数字签名、Hash函数。上述密码学知识是开发电子印章的非常关键的技术,关系到电子印章系统设计的成败。
3.提出ISSE信息系统安全工程模型,并以此为指导模型,以某省电子政务系统为例,构建全省党政网信息安全保障体系,详细设计了一个较完整的技术实施保障体系。
4.研究和设计一个简单的基于PKI的电子印章系统。主要在理论上研究了一个基于PKI的电子印章系统的基本构成和功能,为开发基于Word的电子印章系统打下理论基础。
5.设计基于Word的电子印章系统。实现基于Word文档的签章,流程图看似很简单,但其中隐藏了很多难点,除了数字签名和Hash函数等技术的实现以外,还有对Word文档的结构的分析,Word软件的编程接口的使用等。
With the fast development of IT in the world, especially the universality of Internet, the development of the E-government is becoming one of the most important realms in information. The E-government is an important part in government information , and the process of government information is a process of the E-government developing. In order to improve service ability, the Party of 16th Meeting put forward the further change at government function definitely, improves management, push forward the E-government construction. With the support of the country, the E-government made great success and the market scale extended continuously. We emphasize the safety in the E-government system construction and its movement processes. In order to ensure the E-government process, the IT-field put forward some models, such as ISSE model, and so on. The measures which ensure the safe guarantee of the E-government is a lot, such as data encrypting technique, information concealing technique, safe authentication technique, the public key infrastructure PKI technique, virus against technique, fire wall technique, Identification System technique, physics separate and the VPN etc. Among them, the leading, strengthening information safety and the Net trust building whose core is the cryptogram technique is guidance thought put forward by central office's the No.27 file. The No.27 file is important which is approved by the Party and the State Department. So, the information safety is a basic guarantee in the E-government, the nation information protection and political steady.
This thesis sets out from the guarantee of E-government information safety and takes E-government system as an example which details a technique implement guarantees system. In the system, the electronics seal system program is realized. In order to solve these problems, according to other similar implement projects, I design viable electronics seal system. This thesis illustrate that the electronics seal system based on Microsoft Word is researched through numeral signature technique and numeral encrypts technique. I studied the use of the saving hardware USBKey in the electronics official seal system. Main work is as follows:
1. Thorough study the E-governmental construction the guide and safeties guarantee the system relevant guide to thought the foundation up, and make actual investigation and investigate, science, reasonably a set of integrity of the E-governmental safety guarantee system.
2. Study PKI, the numeral sign and Hash function deeply. All these are very important techniques in the electronics seal's development and the design system.
3. Put forward the model of the ISSE, and to take this for guide model, with the one Province E-governmental as an example, set up the whole province political net information safety guarantee system, detailed design a technique implement guarantee system that compares the integrity.
4. Have Study and designed a simple system of electronic seal based on PKI. Study one based on electronic seal system of PKI basic composition and function in theory mainly laid the theoretical foundation in order to develop the system of electronic seal based on Word.
5. Have designed and developed the system of electronic seal based on Word. Realize the electronic seal on the Word file, including Digital Signature, Hash function, the analysis of Word file structure mainly, use of the programming interface of Word, etc... This is a focal point of the thesis.
本论文从保障电子政务信息安全的角度出发,并以某省电子政务系统为例,详细设计了一个较完整的技术实施保障体系,并对该系统中提到的电子印章系统进行编程实现,通过分析电子印章系统所要解决的问题,参照其它类似系统的实施方案,设计出了可行的电子印章系统。本论文使用数字签名、数字加密等密码学知识,在Microsoft Word平台上,对电子印章系统进行研究,并实现基于Microsoft Word二次开发的电子印章系统。其中,还研究了密码模块USBKey在电子印章系统中的使用。本论文的主要工作如下:
1.在深入学习电子政务建设指南和安全保障体系有关指导思想的基础上,作了实际调研和考察,科学、合理地构建一套完整的电子政务网安全保障体系。
2.深入学习PKI、数字签名、Hash函数。上述密码学知识是开发电子印章的非常关键的技术,关系到电子印章系统设计的成败。
3.提出ISSE信息系统安全工程模型,并以此为指导模型,以某省电子政务系统为例,构建全省党政网信息安全保障体系,详细设计了一个较完整的技术实施保障体系。
4.研究和设计一个简单的基于PKI的电子印章系统。主要在理论上研究了一个基于PKI的电子印章系统的基本构成和功能,为开发基于Word的电子印章系统打下理论基础。
5.设计基于Word的电子印章系统。实现基于Word文档的签章,流程图看似很简单,但其中隐藏了很多难点,除了数字签名和Hash函数等技术的实现以外,还有对Word文档的结构的分析,Word软件的编程接口的使用等。
With the fast development of IT in the world, especially the universality of Internet, the development of the E-government is becoming one of the most important realms in information. The E-government is an important part in government information , and the process of government information is a process of the E-government developing. In order to improve service ability, the Party of 16th Meeting put forward the further change at government function definitely, improves management, push forward the E-government construction. With the support of the country, the E-government made great success and the market scale extended continuously. We emphasize the safety in the E-government system construction and its movement processes. In order to ensure the E-government process, the IT-field put forward some models, such as ISSE model, and so on. The measures which ensure the safe guarantee of the E-government is a lot, such as data encrypting technique, information concealing technique, safe authentication technique, the public key infrastructure PKI technique, virus against technique, fire wall technique, Identification System technique, physics separate and the VPN etc. Among them, the leading, strengthening information safety and the Net trust building whose core is the cryptogram technique is guidance thought put forward by central office's the No.27 file. The No.27 file is important which is approved by the Party and the State Department. So, the information safety is a basic guarantee in the E-government, the nation information protection and political steady.
This thesis sets out from the guarantee of E-government information safety and takes E-government system as an example which details a technique implement guarantees system. In the system, the electronics seal system program is realized. In order to solve these problems, according to other similar implement projects, I design viable electronics seal system. This thesis illustrate that the electronics seal system based on Microsoft Word is researched through numeral signature technique and numeral encrypts technique. I studied the use of the saving hardware USBKey in the electronics official seal system. Main work is as follows:
1. Thorough study the E-governmental construction the guide and safeties guarantee the system relevant guide to thought the foundation up, and make actual investigation and investigate, science, reasonably a set of integrity of the E-governmental safety guarantee system.
2. Study PKI, the numeral sign and Hash function deeply. All these are very important techniques in the electronics seal's development and the design system.
3. Put forward the model of the ISSE, and to take this for guide model, with the one Province E-governmental as an example, set up the whole province political net information safety guarantee system, detailed design a technique implement guarantee system that compares the integrity.
4. Have Study and designed a simple system of electronic seal based on PKI. Study one based on electronic seal system of PKI basic composition and function in theory mainly laid the theoretical foundation in order to develop the system of electronic seal based on Word.
5. Have designed and developed the system of electronic seal based on Word. Realize the electronic seal on the Word file, including Digital Signature, Hash function, the analysis of Word file structure mainly, use of the programming interface of Word, etc... This is a focal point of the thesis.
引文
[1]Andrew Nash,William Duane,Celia Joseph等著,公钥基础设施(PKI):实现和管理电子安全,北京,清华大学出版社,2002.12,20-253
[2]卿斯汉,密码学与计算机网络安全,北京,清华大学出版社,1998,1-110
[3]William Stallings,密码编码学与网络安全,北京,电子工业出版社,2001,20-94
[4]国家信息安全工程技术研究中心国家信息安全基础设施研究中心出版,《电子政务总体设计与技术实现》,电子工业出版社,2003年7月1日
[5]张小绵,柳松,电子印章网络管理系统的设计与实现,株洲工学院学报,2002.7,16卷(第4期),45-48
[6]冯运波、任金强、杨义先,传统PKI认证体系,信息安全与通信保密,2002.3,30-32
[7]吴世忠,我困PKI/CA发展现状问题及前景展望,信息安全与通信保密,2001.5,21-24
[8]徐志大、南相浩,认证中心CA理论与开发技术[J],计算机工程与应用,2000,87-90
[9]张惠民,电了印章系统和电子印章在CA中的应用[学位论文],北京,北京邮电大学,2004.2
[10]王培,电子政务中电子印章系统的研究与设计[学位论文],北京,中国人民解放军信息工程大学,2003.6
[11]王飞、汤光明、孙诒峰等,基于易损水印和数字签名的电子印章系统,计算机应用研究,2004,118-121
[12]Arto Salomaa,Public-Key Cryptography,北京,国防工业出版社,1998,88-16
[13]T Tidweil、RLarson、KFitchetal,Modeling Internet Attacks[C],Proceedings of the 2001 IEEE Workshop on information Assurance and Security,2001,54-59
[14]Wenke Leesal,Vatore J Stolfo,A Framework for Constructing Features and Models for Intrusion Detection Systems[J],ACM Transactions on Information and System Security,2000(3),227-261
[15]Kennedy J,Melinck R,Overview of Network Processor[J],Network Processor Conference,2000,V(6),232
[16]Shimshon Berkovits,Santosh Chokhani,Jisoo A.Geriter etc.,Public Key Infrastructure Study(final version),Nation Institute of Standardsand Technology,1994
[17]Housley R,Internet X.509 Public Key Infrastructure,Certificate and CRL Profile,RFC2459,1999
[18]C.Adams、S.Farrell,Intemet X.509 Public Key Infrastructure,CertificateManagement Protocols,RFC2510,1999
[2]卿斯汉,密码学与计算机网络安全,北京,清华大学出版社,1998,1-110
[3]William Stallings,密码编码学与网络安全,北京,电子工业出版社,2001,20-94
[4]国家信息安全工程技术研究中心国家信息安全基础设施研究中心出版,《电子政务总体设计与技术实现》,电子工业出版社,2003年7月1日
[5]张小绵,柳松,电子印章网络管理系统的设计与实现,株洲工学院学报,2002.7,16卷(第4期),45-48
[6]冯运波、任金强、杨义先,传统PKI认证体系,信息安全与通信保密,2002.3,30-32
[7]吴世忠,我困PKI/CA发展现状问题及前景展望,信息安全与通信保密,2001.5,21-24
[8]徐志大、南相浩,认证中心CA理论与开发技术[J],计算机工程与应用,2000,87-90
[9]张惠民,电了印章系统和电子印章在CA中的应用[学位论文],北京,北京邮电大学,2004.2
[10]王培,电子政务中电子印章系统的研究与设计[学位论文],北京,中国人民解放军信息工程大学,2003.6
[11]王飞、汤光明、孙诒峰等,基于易损水印和数字签名的电子印章系统,计算机应用研究,2004,118-121
[12]Arto Salomaa,Public-Key Cryptography,北京,国防工业出版社,1998,88-16
[13]T Tidweil、RLarson、KFitchetal,Modeling Internet Attacks[C],Proceedings of the 2001 IEEE Workshop on information Assurance and Security,2001,54-59
[14]Wenke Leesal,Vatore J Stolfo,A Framework for Constructing Features and Models for Intrusion Detection Systems[J],ACM Transactions on Information and System Security,2000(3),227-261
[15]Kennedy J,Melinck R,Overview of Network Processor[J],Network Processor Conference,2000,V(6),232
[16]Shimshon Berkovits,Santosh Chokhani,Jisoo A.Geriter etc.,Public Key Infrastructure Study(final version),Nation Institute of Standardsand Technology,1994
[17]Housley R,Internet X.509 Public Key Infrastructure,Certificate and CRL Profile,RFC2459,1999
[18]C.Adams、S.Farrell,Intemet X.509 Public Key Infrastructure,CertificateManagement Protocols,RFC2510,1999