基于PKI的身份认证和数据加密的研究
摘要
随着计算机科学技术的发展,网络和信息技术已经渗透到社会的各个领域。所以如何保障网络和信息安全问题已成为当前研究的热点,公开密钥基础设施(Public Key Infrastructure,PKI)技术是解决大型开放式网络环境下的信息安全问题最可行、最有效的措施之一。
安全支撑平台,是建立在公共密钥基础设施PKI的基础之上,应用数字证书解决网络环境下的身份认证、访问控制、信息保护等问题。本文研究了其中部分问题,首先介绍了密码学基础知识以及PKI的理论基础和基本体系,同时对几种常见PKI信任模型进行了详细的介绍,设计了分布式网络环境下互联互通的安全平台的认证模块和信息加密模块。
本文最后总结本文设计的两个模块的不足,并提出了其今后还需要进一步发展的方向。
As the development of computer science, network and information technology have already seep through every domains of society. So the problem of how to guarantee networking and information safety has become current hot investigation. Public-key infrastructure is one of the most effective ways to solve the problems of information safety under large open-network environment.
The Security Supporting Platform is built on the basis of Public-key infrastructure, and resolve identity authentication, access control, information protection and other issues under the network environment by application of digital certificates. This paper first introduced the basic knowledge of cryptography, as well as the theory and system for PKI, and introduced several common PKI Trust Models in detail. This Paper mainly research on the two major factor of this platform: authentication and encryption.
Finally, the author summarizes the shortages of the two modules and points out the future direction of them.
安全支撑平台,是建立在公共密钥基础设施PKI的基础之上,应用数字证书解决网络环境下的身份认证、访问控制、信息保护等问题。本文研究了其中部分问题,首先介绍了密码学基础知识以及PKI的理论基础和基本体系,同时对几种常见PKI信任模型进行了详细的介绍,设计了分布式网络环境下互联互通的安全平台的认证模块和信息加密模块。
本文最后总结本文设计的两个模块的不足,并提出了其今后还需要进一步发展的方向。
As the development of computer science, network and information technology have already seep through every domains of society. So the problem of how to guarantee networking and information safety has become current hot investigation. Public-key infrastructure is one of the most effective ways to solve the problems of information safety under large open-network environment.
The Security Supporting Platform is built on the basis of Public-key infrastructure, and resolve identity authentication, access control, information protection and other issues under the network environment by application of digital certificates. This paper first introduced the basic knowledge of cryptography, as well as the theory and system for PKI, and introduced several common PKI Trust Models in detail. This Paper mainly research on the two major factor of this platform: authentication and encryption.
Finally, the author summarizes the shortages of the two modules and points out the future direction of them.
引文
[1]David A.Cooper.A Model of Certificate Revocation,In Proceedings of fifteenth Annual Computer Security Application Conference,1999:256-264.
[2]Network Working Group,[RFC2459]Internet X.509 Public Key Infrastructure Certificate and CRL Profile,1999.
[3]Network Working Group,[RFC2560]Internet X.509 Public Key Infrastructure Online Certificate Status Protocol-OCSP,1999.
[4]C.Kaufman,R.perlman,M.Speciner.Network Security[J],Private Communication in a Public World,1995.
[5]Scott Fluhrer,Hsik Mantin,Adi Shamir.Weakness in the Key Scheduling Algorithm of RC4[C].In:the Eighth Annual Workshop on Selected Areas in Cryptography,2001.
[6]William Stallings.Network and Internetwork Security,Principles and Practice.Prentice Hall,IEEE Press,1995.
[7]金帅.基于PKI的安全支撑及数字媒体发布管理(D).浙江大学,2006.
[8]梁栋超.应用安全支撑平台及权限管理(D).浙江大学,2006.
[9]吴郁,喻建平,伍忠东.容忍入侵的RSA分步签名方案及其在CA中的应用.计算机科学,2004,31(11):83-85.
[10]Bruce Schneier.应用密码学(M).吴世忠,祝世雄,张文政等译.机械工业出版社,2004.
[11]卢开澄.计算机密码学(M).清华大学出版社,1998.
[12]杨波.现代密码学(M).清华大学出版社,2007.
[13]李涛.网络安全概论(M).电子工业出版社,2004.
[14]冯登国.密码学导引(M).科学出版社,1999
[15]蒋艳凰,白晓敏,杨学军.数字签名技术及其发展动态.计算机应用研究,2000,11(9):1-3.
[16]RayHunt.Technological Infrastructure for PKI and Digital Certification.Computer Communications,2001,(24):1460-1471
[17]Tom St Denis,Simon Johnson.程序员密码学(M).沈晓斌译.机械工业出版社,2007.
[18]谢冬青.PKI原理与技术(M).清华大学出版社,2004.
[19]俞承杭.信息安全技术(M).科学出版社,2005.
[20]Carlisle Adams,Steve Lloyd.公开密钥基础设施一概念、标准和实施(M).冯登国等译.人民邮电出版社
[21]IT系统安全白皮书.http://www-900.ibm.com/cn/support/guide/whitebooks/security/security.shtml.
[22]关振胜.公钥基础设施PKI与认证机构CA(M).电子工业出版社,2002.
[23]Eric Rescorla.SSL与TLS Designing and Buiiding Secure Systems(M).崔凯译.中国电力出版社,2002.
[24]William Stallings.密码编码学与网络安全(M).孟庆树等译.电子工业出版社,2006.
[25]曹秀英,耿嘉,沈平等.无线局域网安全系统(M).电子工业出版社,2004.
[2]Network Working Group,[RFC2459]Internet X.509 Public Key Infrastructure Certificate and CRL Profile,1999.
[3]Network Working Group,[RFC2560]Internet X.509 Public Key Infrastructure Online Certificate Status Protocol-OCSP,1999.
[4]C.Kaufman,R.perlman,M.Speciner.Network Security[J],Private Communication in a Public World,1995.
[5]Scott Fluhrer,Hsik Mantin,Adi Shamir.Weakness in the Key Scheduling Algorithm of RC4[C].In:the Eighth Annual Workshop on Selected Areas in Cryptography,2001.
[6]William Stallings.Network and Internetwork Security,Principles and Practice.Prentice Hall,IEEE Press,1995.
[7]金帅.基于PKI的安全支撑及数字媒体发布管理(D).浙江大学,2006.
[8]梁栋超.应用安全支撑平台及权限管理(D).浙江大学,2006.
[9]吴郁,喻建平,伍忠东.容忍入侵的RSA分步签名方案及其在CA中的应用.计算机科学,2004,31(11):83-85.
[10]Bruce Schneier.应用密码学(M).吴世忠,祝世雄,张文政等译.机械工业出版社,2004.
[11]卢开澄.计算机密码学(M).清华大学出版社,1998.
[12]杨波.现代密码学(M).清华大学出版社,2007.
[13]李涛.网络安全概论(M).电子工业出版社,2004.
[14]冯登国.密码学导引(M).科学出版社,1999
[15]蒋艳凰,白晓敏,杨学军.数字签名技术及其发展动态.计算机应用研究,2000,11(9):1-3.
[16]RayHunt.Technological Infrastructure for PKI and Digital Certification.Computer Communications,2001,(24):1460-1471
[17]Tom St Denis,Simon Johnson.程序员密码学(M).沈晓斌译.机械工业出版社,2007.
[18]谢冬青.PKI原理与技术(M).清华大学出版社,2004.
[19]俞承杭.信息安全技术(M).科学出版社,2005.
[20]Carlisle Adams,Steve Lloyd.公开密钥基础设施一概念、标准和实施(M).冯登国等译.人民邮电出版社
[21]IT系统安全白皮书.http://www-900.ibm.com/cn/support/guide/whitebooks/security/security.shtml.
[22]关振胜.公钥基础设施PKI与认证机构CA(M).电子工业出版社,2002.
[23]Eric Rescorla.SSL与TLS Designing and Buiiding Secure Systems(M).崔凯译.中国电力出版社,2002.
[24]William Stallings.密码编码学与网络安全(M).孟庆树等译.电子工业出版社,2006.
[25]曹秀英,耿嘉,沈平等.无线局域网安全系统(M).电子工业出版社,2004.