支持基数-91编码的安全电子邮件系统
|
摘要
Internet最基本,也是最重要的服务,就是电子邮件。随着Internet的进一步发展,电子邮件作为一种通信方式逐渐普及。当前,电子邮件的用户已经从科学和教育行业发展到了普通家庭中的用户,电子邮件传递的信息也从普通文本信息发展到包含声音、图像在内的多媒体信息。随着电子邮件应用的不断深入,用户越来越重视电子邮件系统的安全性、稳定性、收发速度等指标。
本论文分析了电子邮件系统面临的安全威胁,给出了增强电子邮件系统安全性的措施,详细讨论了基于PKI的S/MIME协议和SASL验证机制在安全电子邮件系统中的实现。论文同时分析了现有的电子邮件系统传输编码存在的缺陷,描述了一种编码效率高、数据扩展率低的数字数据变换方法:基数-91编码,将该编码方法应用到电子邮件系统,可以明显提高邮件传输速度。
作者研究了电子邮件的一系列协议,在完全遵循相关标准的基础上,设计并开发了一个独立的、支持基数-91编码的安全电子邮件客户端软件。该软件除了实现常规收发电子邮件功能之外,重点增加了电子邮件的加密、数字签名、身份认证、完整性检查等诸多安全性功能。
Electronic mail (Email) is one of the most important services in Internet. With the rapid development of Internet, Email has become a popular communication tool. Nowadays, the users of Email come from not only the scientific and educational professions but also ordinary family. Information transmitted by Email expands from common textual information to multimedia information including audio and video. With the further application of Email, the users pay more and more attention to such indexes as the security, stability and transmission speed of the Email system.
This paper analyzes the menace that Email system faces and proposes effective solutions to enhance its security. What's more, the paper does a detailed discussion on how to implement the S/MIME protocol based on PKI and SASL authentication mechanism in secure Email system. Meanwhile the paper analyzes the deficiency of current transmission coding and describes a new digital transformation method, base91 encoding, with high encoding efficiency but low data extension. This method can obviously improve the transmission speed when used in electronic mail system.
After the investigation of the related protocols of Email, the author developed a kind of secure Email agent software based on the international standards, which can support base91 encoding. Besides having the traditional function of receiving and sending Email, the software puts great emphasis upon providing the secure services of confidentiality, authentication, integrity, non-repudiation and so on.
本论文分析了电子邮件系统面临的安全威胁,给出了增强电子邮件系统安全性的措施,详细讨论了基于PKI的S/MIME协议和SASL验证机制在安全电子邮件系统中的实现。论文同时分析了现有的电子邮件系统传输编码存在的缺陷,描述了一种编码效率高、数据扩展率低的数字数据变换方法:基数-91编码,将该编码方法应用到电子邮件系统,可以明显提高邮件传输速度。
作者研究了电子邮件的一系列协议,在完全遵循相关标准的基础上,设计并开发了一个独立的、支持基数-91编码的安全电子邮件客户端软件。该软件除了实现常规收发电子邮件功能之外,重点增加了电子邮件的加密、数字签名、身份认证、完整性检查等诸多安全性功能。
Electronic mail (Email) is one of the most important services in Internet. With the rapid development of Internet, Email has become a popular communication tool. Nowadays, the users of Email come from not only the scientific and educational professions but also ordinary family. Information transmitted by Email expands from common textual information to multimedia information including audio and video. With the further application of Email, the users pay more and more attention to such indexes as the security, stability and transmission speed of the Email system.
This paper analyzes the menace that Email system faces and proposes effective solutions to enhance its security. What's more, the paper does a detailed discussion on how to implement the S/MIME protocol based on PKI and SASL authentication mechanism in secure Email system. Meanwhile the paper analyzes the deficiency of current transmission coding and describes a new digital transformation method, base91 encoding, with high encoding efficiency but low data extension. This method can obviously improve the transmission speed when used in electronic mail system.
After the investigation of the related protocols of Email, the author developed a kind of secure Email agent software based on the international standards, which can support base91 encoding. Besides having the traditional function of receiving and sending Email, the software puts great emphasis upon providing the secure services of confidentiality, authentication, integrity, non-repudiation and so on.
引文
[1] Kevin Johnson,《Internet Email协议开发指南》,科欣翻译组译,机械工业出版社,2000.6
[2] David Wood, 《Internet Email编程》,陈逸译,中国电力出版社,2001.10
[3] 杨晓东,李建华,诸鸿文,一种基于PKI的电子邮件系统安全方案的设计与实现,计算机工程,Vol.28,No.8,pp.34-36,1999
[4] 谢琳,胡刚,沈雁,一个安全电子邮件系统的设计与实现,计算机工程与科学,Vol.22,No.1,pp.48-51,2000
[5] 刘彩虹,陆倜,Internet E-mail系统的开发研究,北京机械工业学院学报,Vol.15,No.2,pp.35-39,2000
[6] 余志东,温刚,张申生,基于S/MIME的安全电子邮件系统,计算机工程,Vol..27,No.5,pp.28-30,2001
[7] 凌云志,雷晓荣,《qmail使用指南》,中国电力出版社,2001.10
[8] 何大可,何薇,一种数字数据变换方法,知识产权出版社,2000.10
[9] 王育民,何大可,《保密学—基础与应用》,西安电子科技大学出版社,1990.12
[10] William Stallings,《密码编码学与网络安全:原理与实践(第二版)》,杨明,胥光辉,齐望东等译,电子工业出版社,2001.4
[11] 陈伟,《密码技术在电子邮件安全中的应用》,西南交通大学硕士研究生论文,2001.5
[12] 郑彩花,《证书与密钥管理DER编解码研究》,西南交通大学硕士研究生论文,2002.4
[13] Steve Burnett,Stephen Pains,《密码工程实践指南》,冯登国等译,清华大学出版社,2001.10
[14] 蒋东兴等,《Windows Sockets网络程序设计大全》,清华大学出版社,2000.10
[15] Bruce Sehneier,《应用密码学—协议、算法和C源程序》,机械工业出版社,2000.1
[16] Carlisle Adams Steve Lloyd,《公开密钥基础设施—概念、标准和实施》,冯登国等译,人民邮电出版社,2001.1
[17] Andrew S.Tanenbaum,《计算机网络(第三版)》,熊桂喜,王小虎译,清华大学出版社,1998.7
[18] 冯登国,裴定一,《密码学导引》,科学出版社,1999.4
[19] RFC822:Standard For The Format of ARPA Internet Text Messages,
IETF, 1982. 6
[20] RFC821: Simple Mail Transfer Protocol, IETF, 1982. 8
[21] RFC1869: SMTP Service Extensions, IETF, 1995. 11
[22] RFC1939: Post Office Protocol-Version 3, IETF, 1996. 5.
[23] RFC918: Post Office Protocol, IETF, 1984. 10
[24] RFC2076: Common Internet Message Headers, IETF, 1997. 5.
[25] RFC2045: Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies, IETF, 1996. 11
[26] RFC2046: Multipurpose Internet Mail Extensions (MIME) Part Two: Media Types, IETF, 1996. 11
[27] RFC2047: MIME (Multipurpose Internet Mail Extensions) Part Three: Message Header Extensions for Non-ASCII Text, IETF, 1996. 11
[28] RFC2048: Multipurpose Internet Mail Extensions (MIME) Part Four: Registration Procedures, IETF, 1996. 11
[29] RFC2049: Multipurpose Internet Mail Extensions (MIME) Part Five: Conformance Criteria and Examples, IETF, 1996. 11
[30] RFC2311: S/MIME Version 2 Message Specification, IETF, 1998. 3
[31] RFC2312: S/MIME Version 2 Certificate Handling, IETF, 1998. 3
[32] RSA Laboratories PKCS#1 : RSA Cryptography Standard. Version 2. 0(RFC2437) , 1998. 10
[33] RSA Laboratories PKCS#7: Cryptographic Message Syntax Standard. Version 1. 5(RFC2315) , 1998. 3
[34] RSA Laboratories PKCS #10: Certification Request Syntax Standard. Version 1. 5(RFC 2314) , 1998. 3
[35] RFC1847 : Security Multiparts for MIME: Multipart/Signed and Multipart/Encrypted, IETF, 1995. 10
[36] RFC1848: MIME Object Security Services, IETF, 1995. 10
[37] RFC2401: Security Architecture for the Internet Protocol, IETF, 1998. 11
[38] RFC2440: OpenPGP Message Format, IETF, 1998. 11
[39] RFC2630: Cryptographic Message Syntax, IETF, 1999. 6
[40] RFC2632: S/MIME Version 3. 1 Certificate Handling, IETF, 2002. 2
[41] RFC2633: S/MIME Version 3. 1 Message Specification, IETF, 2002. 2
[42] RFC2634: Enhanced Security Services for S/MIME, IETF, 1999. 6
[43]: Cryptographic Message Syntax (CMS) Algorithms, IETF, 2002. 2
[44] RFC2015: MIME Security with Pretty Good Privacy (PGP), IETF, 1996. 10
[45] RFC2222: Simple Authentication and Security Layer (SASL), IETF, 1997. 10
[46] RFC2234: Augmented BNF for Syntax Specifications: ABNF, IETF, 1997. 11
[47] ITU-T Information Technology, ASN.1 encoding rules: Specification of Basic Encoding Rules(BER), Canonical Encoding Rules(CER) and Distinguished Encoding Rules(DER), 1995
[48] GOC PKI Certificate and Key Management Interface Specification version1. 0, 2000. 3
[49] ITU-T Recommendation X.509 Information Technology-Open Systems Interconnection-The Directory: Authentication Framework, 1997. 6
[50] C.Adams, S.Farrell, Internet X.509 Public Key Infrastructure Certificate Management Protocols, RFC 2510, 1999. 3
[51] R.Housley, W.Ford , W.Polk , D.Solo, Internet X.509 Public Key Infrastructure Certificate and CRL Profile, RFC 2459, 1999. 1
[52] 王怀伯,李林,张申生,基于PKCS的数据安全框架及支持库设计,上海交通大学学报 , Vol.34, No.6, pp.813-817, 2000
[53] 谢冬青,SMTP、POP3协议及PEM标准安全性分析,计算机工程与设计, Vol.21, No.5, pp.1-5, 2000
[54] CCITT. Recommendation X.208 : Specification of Abstract Syntax Notation One (ASN.1) , 1988
[55] RFC2104: HMAC: Keyed-Hashing for Message Authentication, IETF, 1997. 2
[56] RFC2195 : IMAP/POP AUTHorize Extension for Simple Challenge/Response, IETF, 1997. 9
[57] RFC2554: SMTP Service Extension for Authentication, IETF, 1999. 3
[58] draft-nerenberg-sasl-crammd5-01. txt : The CRAM-MD5 SASL Mechanism, IETF, 2002. 1
[59] http://www.isi.edu/in-notes/iana/assignment/media-types/
[60] 吕谦,黄本雄,ASN.1及其两种编码方式(BER和PER)的对比分析,数据通信 , No.3, pp. 18-21, 2001
[61] Prof John Larmouth,ASN.1 Complete ,Open System Solutions 1999, http://www.yahoo.com
[62] OpenCA Group: http://www.openca.org
[63] OpenSSL Group: http://www.openssl.org
[2] David Wood, 《Internet Email编程》,陈逸译,中国电力出版社,2001.10
[3] 杨晓东,李建华,诸鸿文,一种基于PKI的电子邮件系统安全方案的设计与实现,计算机工程,Vol.28,No.8,pp.34-36,1999
[4] 谢琳,胡刚,沈雁,一个安全电子邮件系统的设计与实现,计算机工程与科学,Vol.22,No.1,pp.48-51,2000
[5] 刘彩虹,陆倜,Internet E-mail系统的开发研究,北京机械工业学院学报,Vol.15,No.2,pp.35-39,2000
[6] 余志东,温刚,张申生,基于S/MIME的安全电子邮件系统,计算机工程,Vol..27,No.5,pp.28-30,2001
[7] 凌云志,雷晓荣,《qmail使用指南》,中国电力出版社,2001.10
[8] 何大可,何薇,一种数字数据变换方法,知识产权出版社,2000.10
[9] 王育民,何大可,《保密学—基础与应用》,西安电子科技大学出版社,1990.12
[10] William Stallings,《密码编码学与网络安全:原理与实践(第二版)》,杨明,胥光辉,齐望东等译,电子工业出版社,2001.4
[11] 陈伟,《密码技术在电子邮件安全中的应用》,西南交通大学硕士研究生论文,2001.5
[12] 郑彩花,《证书与密钥管理DER编解码研究》,西南交通大学硕士研究生论文,2002.4
[13] Steve Burnett,Stephen Pains,《密码工程实践指南》,冯登国等译,清华大学出版社,2001.10
[14] 蒋东兴等,《Windows Sockets网络程序设计大全》,清华大学出版社,2000.10
[15] Bruce Sehneier,《应用密码学—协议、算法和C源程序》,机械工业出版社,2000.1
[16] Carlisle Adams Steve Lloyd,《公开密钥基础设施—概念、标准和实施》,冯登国等译,人民邮电出版社,2001.1
[17] Andrew S.Tanenbaum,《计算机网络(第三版)》,熊桂喜,王小虎译,清华大学出版社,1998.7
[18] 冯登国,裴定一,《密码学导引》,科学出版社,1999.4
[19] RFC822:Standard For The Format of ARPA Internet Text Messages,
IETF, 1982. 6
[20] RFC821: Simple Mail Transfer Protocol, IETF, 1982. 8
[21] RFC1869: SMTP Service Extensions, IETF, 1995. 11
[22] RFC1939: Post Office Protocol-Version 3, IETF, 1996. 5.
[23] RFC918: Post Office Protocol, IETF, 1984. 10
[24] RFC2076: Common Internet Message Headers, IETF, 1997. 5.
[25] RFC2045: Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies, IETF, 1996. 11
[26] RFC2046: Multipurpose Internet Mail Extensions (MIME) Part Two: Media Types, IETF, 1996. 11
[27] RFC2047: MIME (Multipurpose Internet Mail Extensions) Part Three: Message Header Extensions for Non-ASCII Text, IETF, 1996. 11
[28] RFC2048: Multipurpose Internet Mail Extensions (MIME) Part Four: Registration Procedures, IETF, 1996. 11
[29] RFC2049: Multipurpose Internet Mail Extensions (MIME) Part Five: Conformance Criteria and Examples, IETF, 1996. 11
[30] RFC2311: S/MIME Version 2 Message Specification, IETF, 1998. 3
[31] RFC2312: S/MIME Version 2 Certificate Handling, IETF, 1998. 3
[32] RSA Laboratories PKCS#1 : RSA Cryptography Standard. Version 2. 0(RFC2437) , 1998. 10
[33] RSA Laboratories PKCS#7: Cryptographic Message Syntax Standard. Version 1. 5(RFC2315) , 1998. 3
[34] RSA Laboratories PKCS #10: Certification Request Syntax Standard. Version 1. 5(RFC 2314) , 1998. 3
[35] RFC1847 : Security Multiparts for MIME: Multipart/Signed and Multipart/Encrypted, IETF, 1995. 10
[36] RFC1848: MIME Object Security Services, IETF, 1995. 10
[37] RFC2401: Security Architecture for the Internet Protocol, IETF, 1998. 11
[38] RFC2440: OpenPGP Message Format, IETF, 1998. 11
[39] RFC2630: Cryptographic Message Syntax, IETF, 1999. 6
[40] RFC2632: S/MIME Version 3. 1 Certificate Handling, IETF, 2002. 2
[41] RFC2633: S/MIME Version 3. 1 Message Specification, IETF, 2002. 2
[42] RFC2634: Enhanced Security Services for S/MIME, IETF, 1999. 6
[43]
[44] RFC2015: MIME Security with Pretty Good Privacy (PGP), IETF, 1996. 10
[45] RFC2222: Simple Authentication and Security Layer (SASL), IETF, 1997. 10
[46] RFC2234: Augmented BNF for Syntax Specifications: ABNF, IETF, 1997. 11
[47] ITU-T Information Technology, ASN.1 encoding rules: Specification of Basic Encoding Rules(BER), Canonical Encoding Rules(CER) and Distinguished Encoding Rules(DER), 1995
[48] GOC PKI Certificate and Key Management Interface Specification version1. 0, 2000. 3
[49] ITU-T Recommendation X.509 Information Technology-Open Systems Interconnection-The Directory: Authentication Framework, 1997. 6
[50] C.Adams, S.Farrell, Internet X.509 Public Key Infrastructure Certificate Management Protocols, RFC 2510, 1999. 3
[51] R.Housley, W.Ford , W.Polk , D.Solo, Internet X.509 Public Key Infrastructure Certificate and CRL Profile, RFC 2459, 1999. 1
[52] 王怀伯,李林,张申生,基于PKCS的数据安全框架及支持库设计,上海交通大学学报 , Vol.34, No.6, pp.813-817, 2000
[53] 谢冬青,SMTP、POP3协议及PEM标准安全性分析,计算机工程与设计, Vol.21, No.5, pp.1-5, 2000
[54] CCITT. Recommendation X.208 : Specification of Abstract Syntax Notation One (ASN.1) , 1988
[55] RFC2104: HMAC: Keyed-Hashing for Message Authentication, IETF, 1997. 2
[56] RFC2195 : IMAP/POP AUTHorize Extension for Simple Challenge/Response, IETF, 1997. 9
[57] RFC2554: SMTP Service Extension for Authentication, IETF, 1999. 3
[58] draft-nerenberg-sasl-crammd5-01. txt : The CRAM-MD5 SASL Mechanism, IETF, 2002. 1
[59] http://www.isi.edu/in-notes/iana/assignment/media-types/
[60] 吕谦,黄本雄,ASN.1及其两种编码方式(BER和PER)的对比分析,数据通信 , No.3, pp. 18-21, 2001
[61] Prof John Larmouth,ASN.1 Complete ,Open System Solutions 1999, http://www.yahoo.com
[62] OpenCA Group: http://www.openca.org
[63] OpenSSL Group: http://www.openssl.org