一种基于可信计算模型的文件加密系统的设计与实现
|
摘要
现阶段计算机硬盘以及其他大容量存储介质代替了纸张成为信息存储的主要方式,随之带来的信息安全问题也日渐突出,电子文档的信息安全成为一个至关重要的问题。电子文档的安全问题发生在两个场合:动态的传输途中、静态的存储形式。对于电子文档的传输安全,可以通过数据加密技术先加密再传输、通过数字签名技术保证电子文档的合法性和完整性。对于电子文档的存储安全,需要加密技术和认证技术相结合,实现电子文档的存储加密和访问控制。
可信计算概念的提出以及基于各种不同平台的规范的制订,为将来计算环境的安全性提供了保障,针对PC平台主要是程序运行和文件加密保护两方面。因此本文提取了可信计算中的一些重要概念和系统构架,将之运用于NT构架的Windows操作系统,设计和实现了一个文件加密保护系统,使得个人电脑或商务电脑上的数据和文件得到较高的安全保护。
本文首先说明了课题的研究意义,明确了课题中要解决的问题,之后研究分析了系统的技术基础—加密技术和可信计算概念。在系统整体设计的分析说明部分中,详细解释了系统的各个组成部分,并且,提出了新型的以可信计算模型为基础的对称密码体制的密钥管理方案,使系统更高效、更安全。文中还详细说明了系统的整体操作流程以及基本功能,并给出了主要部分的实现方法,包括上层应用程序主界面、文件加密和解密处理等几方面的内容。最后对系统的速度参数进行了测试,说明了系统具有很高的数据处理速度。
Nowadays computer hard disks and other mass storage media replace papers as the major method of information storages and the information security problems grow to be remarkable. The security problems of electronic documents occur in two circumstances, dynamic transmission and static storage. For the transmission security, we can encrypt data first and then transfer, use the digital signature technique to ensure the validity and integrality. For the storage security, we need encryption and authentication technique to realize the storage encryption and access control of electronic documents.
The concept of trusted computing and it's specifications of different platforms provided as a more secure computing environment, and on PCs it is mainly focused on the execution of applications and data encryption. In this thesis, we utilize some of the concepts of trusted computing to extend the function of Windows file system, and we designed and realized a file encryption system which is capable to provide high security for personal PCs and business PCs.
Firstly, the paper explains the subject's significance and confirms the problems to be settled. It analyzes cryptography and trusted computing technology, which are the basic technologies on Analyzing and illuminating the system's whole design, the paper designates the application mode and environment and explains the system's components. It puts forwards a new symmetric keys management scheme based on the trusted computing. It makes the system more efficient and more secure. The paper also explains the system's operation flow and functions. After them, it explains the realization of main parts, including the main interface and the course of encrypting and decrypting. At last, it tests the speed parameters of the system to prove the high speed.
可信计算概念的提出以及基于各种不同平台的规范的制订,为将来计算环境的安全性提供了保障,针对PC平台主要是程序运行和文件加密保护两方面。因此本文提取了可信计算中的一些重要概念和系统构架,将之运用于NT构架的Windows操作系统,设计和实现了一个文件加密保护系统,使得个人电脑或商务电脑上的数据和文件得到较高的安全保护。
本文首先说明了课题的研究意义,明确了课题中要解决的问题,之后研究分析了系统的技术基础—加密技术和可信计算概念。在系统整体设计的分析说明部分中,详细解释了系统的各个组成部分,并且,提出了新型的以可信计算模型为基础的对称密码体制的密钥管理方案,使系统更高效、更安全。文中还详细说明了系统的整体操作流程以及基本功能,并给出了主要部分的实现方法,包括上层应用程序主界面、文件加密和解密处理等几方面的内容。最后对系统的速度参数进行了测试,说明了系统具有很高的数据处理速度。
Nowadays computer hard disks and other mass storage media replace papers as the major method of information storages and the information security problems grow to be remarkable. The security problems of electronic documents occur in two circumstances, dynamic transmission and static storage. For the transmission security, we can encrypt data first and then transfer, use the digital signature technique to ensure the validity and integrality. For the storage security, we need encryption and authentication technique to realize the storage encryption and access control of electronic documents.
The concept of trusted computing and it's specifications of different platforms provided as a more secure computing environment, and on PCs it is mainly focused on the execution of applications and data encryption. In this thesis, we utilize some of the concepts of trusted computing to extend the function of Windows file system, and we designed and realized a file encryption system which is capable to provide high security for personal PCs and business PCs.
Firstly, the paper explains the subject's significance and confirms the problems to be settled. It analyzes cryptography and trusted computing technology, which are the basic technologies on Analyzing and illuminating the system's whole design, the paper designates the application mode and environment and explains the system's components. It puts forwards a new symmetric keys management scheme based on the trusted computing. It makes the system more efficient and more secure. The paper also explains the system's operation flow and functions. After them, it explains the realization of main parts, including the main interface and the course of encrypting and decrypting. At last, it tests the speed parameters of the system to prove the high speed.
引文
[1].王景中 徐小青 《计算机通信信息安全技术》 清华大学出版社 2006.3
[2].林柏钢 《网络与信息安全教程》 机械工业出版社 2004.7
[3].胡铮等 《网络与信息安全》 清华大学出版社 2006.5
[4].石林祥 贺海晖 魏淑桃 《一种实用文件加密方法的实现》 《计算机工程》2004.12 Vol.30 Supplementary Issue
[5].杨金花《浅议数据加密技术》 《网络通讯与安全》 2007.3
[6].张文忠 《信息安全系统硬件加密的研究及其实现》[学位论文]重庆大学2005.5
[7].TCG,"TPM Main Part 1 Design Principles",TCG Publisher,2005.2
[8].TCG,"TPM Main Part 2 TPM Structures",TCG Publisher,2005.2
[9].高利源 《Windows平台下可信文件系统的研究与实现》[学位论文]上海交通大学 2006.1
[10].TCG,"TPM Main Part 3 Commands",TCG Publisher,2005.2
[11].TCG,"TCG Software Stack(TSS)Specification Version 1.2 Level 1",TCG Publisher,2006.9
[12].Trusted Computing Platform Alliance(TCPA),"Main Specification Version 1.1b",TCG Publisher,2002.2
[13].秦戈 韩文报《关于可信计算平台模块的研究》 《信息工程大学学报》2006.12 Vol.7 No.4
[14].靳蓓蓓 张仕斌《可信计算平台及其研究现状》《长春大学学报》 2007.4Vol.17 No.2
[15].肖敬 喻超《一种可信计算机系统的设计与实现》 《武汉理工大学学报》2007.1 Vol.29 No.7
[16].Sean W.Smith 冯登国 徐震 张立武译《可信计算平台:设计与应用》 清华大学出版社 2006.10
[2].林柏钢 《网络与信息安全教程》 机械工业出版社 2004.7
[3].胡铮等 《网络与信息安全》 清华大学出版社 2006.5
[4].石林祥 贺海晖 魏淑桃 《一种实用文件加密方法的实现》 《计算机工程》2004.12 Vol.30 Supplementary Issue
[5].杨金花《浅议数据加密技术》 《网络通讯与安全》 2007.3
[6].张文忠 《信息安全系统硬件加密的研究及其实现》[学位论文]重庆大学2005.5
[7].TCG,"TPM Main Part 1 Design Principles",TCG Publisher,2005.2
[8].TCG,"TPM Main Part 2 TPM Structures",TCG Publisher,2005.2
[9].高利源 《Windows平台下可信文件系统的研究与实现》[学位论文]上海交通大学 2006.1
[10].TCG,"TPM Main Part 3 Commands",TCG Publisher,2005.2
[11].TCG,"TCG Software Stack(TSS)Specification Version 1.2 Level 1",TCG Publisher,2006.9
[12].Trusted Computing Platform Alliance(TCPA),"Main Specification Version 1.1b",TCG Publisher,2002.2
[13].秦戈 韩文报《关于可信计算平台模块的研究》 《信息工程大学学报》2006.12 Vol.7 No.4
[14].靳蓓蓓 张仕斌《可信计算平台及其研究现状》《长春大学学报》 2007.4Vol.17 No.2
[15].肖敬 喻超《一种可信计算机系统的设计与实现》 《武汉理工大学学报》2007.1 Vol.29 No.7
[16].Sean W.Smith 冯登国 徐震 张立武译《可信计算平台:设计与应用》 清华大学出版社 2006.10