数字签名技术在电子政务中的研究与应用
|
摘要
随着网络技术的迅速发展和日益普及,电子政务建设和发展中的信息安全越来越显得重要。而数字签名技术是信息安全理论与技术的基础和重要保证,使其应用于电子政务中,可以提供身份认证服务、权限控制服务、信息保密服务、数据完整性服务和不可否认服务。从而,为电子政务提供了一个安全的环境。
本文主要从以下五个方面对数字签名技术在电子政务中的应用进行分析与研究:第一是对数字签名技术进行介绍,阐述其定义、原理和广阔的应用前景;第二是对数字签名技术中的常用数字签名算法进行分析和比较,通过研究选取安全实用的数字签名算法;第三是针对我国电子政务中的信息安全进行分析,提出了适合国情的电子政务的PKI信任模型,数字签名的使用模式以及一些数字签名方案;第四是以提出的数字签名方案为核心,设计一个数字签名系统,应用于电子政务系统中,为电子政务系统提供有效的信息安全保证。最后,本文根据目前的发展状况,提出了数字签名技术在电子政务中应用的进一步的研究方向。
With the rapid development and popular application of network technology, information security becomes more and more important in the construction of electronic government. And the digital signature technique is the foundation and guarantee of the information security. It can be applied to electronic government to offer some services, such as identity authentication service, authority to control service, information privacy service, datum integrality serving and undeniable service, forming a safe environment to electronic government.
This thesis mainly includes five parts to discuss the application of the digital signature technique on the electronic government. At the first, we introduce the definition, principle and wide application prospect of digital signature technique. In the second part, the general digital signature algorithms in digital signature technique are analyzed and compared, and by studying the algorithm we choose the safe and practical algorithm. In the third part, after analyzing the information security of electronic government in China, for the situation of electronic
government in our country, we propose a PKI trust model, some application mode of digital signature, and some digital signature schemes. In the fourth part, based on the new digital signature schemes, a system of digital signature is carried out and applied in the electronic government system. It offers effective information safety assurance for electronic government system. Finally, we also give out some future research direction about the application of the digital signature technique in the electronic government according to the present developing status.
本文主要从以下五个方面对数字签名技术在电子政务中的应用进行分析与研究:第一是对数字签名技术进行介绍,阐述其定义、原理和广阔的应用前景;第二是对数字签名技术中的常用数字签名算法进行分析和比较,通过研究选取安全实用的数字签名算法;第三是针对我国电子政务中的信息安全进行分析,提出了适合国情的电子政务的PKI信任模型,数字签名的使用模式以及一些数字签名方案;第四是以提出的数字签名方案为核心,设计一个数字签名系统,应用于电子政务系统中,为电子政务系统提供有效的信息安全保证。最后,本文根据目前的发展状况,提出了数字签名技术在电子政务中应用的进一步的研究方向。
With the rapid development and popular application of network technology, information security becomes more and more important in the construction of electronic government. And the digital signature technique is the foundation and guarantee of the information security. It can be applied to electronic government to offer some services, such as identity authentication service, authority to control service, information privacy service, datum integrality serving and undeniable service, forming a safe environment to electronic government.
This thesis mainly includes five parts to discuss the application of the digital signature technique on the electronic government. At the first, we introduce the definition, principle and wide application prospect of digital signature technique. In the second part, the general digital signature algorithms in digital signature technique are analyzed and compared, and by studying the algorithm we choose the safe and practical algorithm. In the third part, after analyzing the information security of electronic government in China, for the situation of electronic
government in our country, we propose a PKI trust model, some application mode of digital signature, and some digital signature schemes. In the fourth part, based on the new digital signature schemes, a system of digital signature is carried out and applied in the electronic government system. It offers effective information safety assurance for electronic government system. Finally, we also give out some future research direction about the application of the digital signature technique in the electronic government according to the present developing status.
引文
[1] Diffe, W., Hellman, M., Multiusers Cryptographic Techniques[J], Proceedings of the AFIPS National Computer Conference, June 1976.
[2] Rivest, R., Shamir, A., Adleman, L., A Method for Obtaining Digital Signatures and Public Key Cryptosystems[J], Communications of the ACM, February 1978.
[3] National Institute of Standard and Technology, Digital Signature Standard (DSS)[S], Federal Information Processing Standards Publication 186-1 (FIPS PUB 186-1), December 15, 1998.
[4] Koblita, N., Elliptic Curve Cryptosystems[J], Mathematics of Computation, Vol.48, pp.203-209, 1987.
[5] Miller, V., Uses of Elliptic Curves in Cryptography[J], Advance in Cryptology, CRYPTO 85 Lecture Notes in Computer Science, Vol.218, Springer-Verlag, pp.417-426, 1986.
[6] Scott Vanstone, Responses to NIST's Proposal[J], Communication of the ASM, 35, July 1992, 50-52.
[7] ISO/IEC 14888-3, Information Technology-Security Techniques-Digital Signatures with Appendix-Part 3: Certificate Based-Mechanisms[M], 1998.
[8] ANSI X9.62, Public Key Cryptography for the Financial Services Industry: The Elliptic Curve Digital Signature Algorithm (ECDSA)[M], 1999.
[9] National Institute of Standards and Technology, Digital Signature Standard[S], FIPS Publication 186-2, 2000.2.
[10] 严波,数字签名应用及我国要解决的问题[J],信息安全与通信保密,2002 No.2:40-41.
[11] 肖攸安,李腊元,数字签名技术的发展[J],交通与计算机,2003 Vol.21
No.1,6-10.
[12] 张先红,数字签名原理及技术[M],北京:机械工业出版社,2004,1.
[13] 吴薇,PKI技术的发展综述[J],电子产品可靠性与环境试验,2002 No.4:55-61.
[14] 胡红钢,中国PKI的现状及面临的问题[J],信息网络安全,2002 No3:8-12.
[15] 顾巧论,蔡振山等,计算机网络安全[M],北京:科学出版社,2003.1.
[16] 杨波,网络安全理论与应用[M],北京:电子工业出版社,2002.
[17] 卢开澄,计算机密码学:计算机网络中的数据保密与安全[M].北京:清华大学出版社,1998.
[18] 龚俭,陆晟,王倩,计算机网络安全导论[M],南京:东南大学出版社,2000.
[19] 冯登国,卿斯汉,信息安全:核心理论与实践[M],北京:国防工业出版社,2000.
[20] Carlton R.Davis,IPSec VPN的安全实施[M],北京:清华大学出版社,2002
[21] Stinson, D., R., Cryptography Theory and Practive[M], CRC Press LLC, 1995.
[22] Mohan Atreya著,贺军译,数字签名[M],北京:清华大学出版社,2003.
[23] Stison, D., R., Cryptography Theory and Practice[M], CRC press LLC, 1995.
[24] Standards for Efficient Cryptography, SEC 1: Elliptic Curve Cryptography[S], Working Draft, September 1999, Version 0.5.
[25] Jurisic, A., Memezes, A., Elliptic Curves Cryptography[EB/OL], http: //www.certicom.com.
[26] Rivest, R., The MD5 Message-Digest Algorithm[S], Request for Comments (RFS1321), April 1992.
[27] 燕辉,叶震等,报文摘要算法MD5分析[J],合肥工业大学学报(自然科学版),2002 Vol25 No.1:150-156.
[28] Richard M. Nunno, Electronic signatures: technology developments and legislative issues[J], Government Information quarterly Volulme 17, Number 4, pages 395-401.
[29] 康丽军,数字签名技术及应用[J],太原重型机械学院学报,2003 No.3:31-35.
[30] 杨树文,邢琦,现代化银行与数字签名技术[J],信息技术,2001 No.2:41-42.
[31] 倪春胜,牛建伟,胡伟平,数字签名技术在电子商务中的应用[J],计算机工程与应用,2001 No.21:112-115.
[32] 杨义先,孙伟,钮心忻,现代密码新理论[M].北京:科学出版社,2002.
[33] 吕皖丽,钟诚,数字签名方案的分析[J],广西科学院学报,2003 Vol.18 No.4:161-166.
[34] 陈兵,王立松等,网络安全与电子商务[M],北京:北京大学出版社,2002.
[35] 郝维来,RSA数字签名技术的研究[J],信息技术,2003 No.2:34-36.
[36] Don Johnson et al., The Elliptic Curve Digital Signature Algorithm (ECDSA)[R], Technical Report CORR 99-34, Dept. of C&O, University of Waterloo, Canada, Updated 2000.
[37] Professor William J Caelli et al., PKI, Elliptic Curve Cryptography, and Digital Signatures[J], Computers & Security, 18(1999) 47-66.
[38] 罗涛,易波,关于椭圆曲线数字签名算法研究[J],计算机工程与应用,2003 No.29:184-188.
[39] Yuh-Min Tsenget al., Digital signature with message recovery using self-certified public keys and its variants[J], Applied Mathematics and Computation 136(2003) 203-214.
[40] 佘堃,周明天,公开密钥基础设施(PKI)核心——签证机关(CA)[J],计算机应用,1999 Vol.19 No.11:1-3.
[41] 宁红宙,基于PKI机制的数字证书应用研究[硕士学位论文],太原:太原理工大学,2002.
[42] Costas Lambrinoudakis et al., Security requirements for e-government services: a methodological approach for developing a common PKI-based security policy[C], Computer Communications, 26(2003) 1873-1883.
[43] Hands J. (Jochen) Scholl, Introduction to Information Gechnology and Public Administration-E-Government Minitrack[C], Proceedings pf the 35th Hawaii International Conference on System Sciences 2002.
[44] 尹秀莲,于跃武,电子政务与网络信息安全[J],内蒙古科技与经济,2002 No.2:76-77.
[45] 李波,电子政务和商务中应用的数字签名研究[硕士学位论文],成都:西南交通大学,2003.
[46] 崔瀛,巩建平,PKI在电子政务中的应用[J],山西电子技术,2003 No.2:10-13.
[47] 李军,公钥证书管理系统的设计与实现[硕士学位论文],成都:西南交通大学,2002.
[48] 胡炎,董名垂,用数字签名解决电力系统敏感文档签名问题[J],电力系统自动化,2002 No.1:58-61.
[49] 张大陆,时慧,电子公文中数字签名的设计与实现[j],计算机应用研究,2001 No.6:78-81.
[50] 杨利英,陈基禄,李春祥等,数字签名技术与校园网办公自动化系统[J],华北电力大学学报,2001 Vol.28 No.1:63-67.
[51] 赵文清,王德文等,基于PKI的数字签名和数字信封的实现[J],华北电力大学学报,2003 No.11:71-75.
[52] 黄磊,陈海等,数字签名技术在政府公文处理系统中的应用[J],计算机与现代化,2003 No.7:52-55.
[53] 孔庆元,殷肖川,吴传枝,数字证书实现身份认证在电子政务中的应用[J],电脑时代,2003 No.1:16-17.
[54] 刘涛,侯正风,基于B/S结构的教务管理系统中的数字签名[J],安徽机电学院学报,2002 No.12:44-48.
[55] 吴晓葵,宋建民,数字签名在校园网中的应用[J],西安航空技术高等专科学校学报,2003,3,12-13.
[56] Karl R.P.H. Leung, Lucas C. K. Hui, Multiple Signature Handling in Workflow System[C], Proceedings of the 33rd Hawaii International Conference on System Sciences, 2000.
[57] 崔世军,黄伟,唐世钢,基于RSA公钥体制的多重数字签名研究[J],哈尔滨理工大学学报,2001 No.6:60-63.
[58] Rich Helton,Johennie Helton著,袁泉等译,Java安全解决方案[M],北京:清华大学出版社,2003.
[59] Oaks,S,Java安全[M],北京:中国电力出版社,2002.
[60] 徐迎晓,Java安全性编程实例[M],北京:清华大学出版社,2003.
[61] Jess Oarms,Daniel Soimerfield著,庞南等译,Java安全性编程指南[M],北京:电子工业出版社,2002.
[62] 刘晓君,蒋念平,用Java实现文件流转中的数字签名[J],计算机与现代化,2002 No.4:23-26.
[63] 俞时权,樊科臻,李莉,数字签名技术及其在Java中的具体实现[J],小型微型计算机系统,2001 Vol.22 No.6:719-723.
[64] IAIK, A Guide to IAIK's ECC Library[M], June 18, 2003.
[65] Dragongate Technologies Ltd., ECDSA Com 1.1 Manual[M], May 4, 2002.
[66] 张峰岭,基于Java2的身份认证数字签名和SSL实现技术[J],现代计算机,2002 No.4:27-32.
[2] Rivest, R., Shamir, A., Adleman, L., A Method for Obtaining Digital Signatures and Public Key Cryptosystems[J], Communications of the ACM, February 1978.
[3] National Institute of Standard and Technology, Digital Signature Standard (DSS)[S], Federal Information Processing Standards Publication 186-1 (FIPS PUB 186-1), December 15, 1998.
[4] Koblita, N., Elliptic Curve Cryptosystems[J], Mathematics of Computation, Vol.48, pp.203-209, 1987.
[5] Miller, V., Uses of Elliptic Curves in Cryptography[J], Advance in Cryptology, CRYPTO 85 Lecture Notes in Computer Science, Vol.218, Springer-Verlag, pp.417-426, 1986.
[6] Scott Vanstone, Responses to NIST's Proposal[J], Communication of the ASM, 35, July 1992, 50-52.
[7] ISO/IEC 14888-3, Information Technology-Security Techniques-Digital Signatures with Appendix-Part 3: Certificate Based-Mechanisms[M], 1998.
[8] ANSI X9.62, Public Key Cryptography for the Financial Services Industry: The Elliptic Curve Digital Signature Algorithm (ECDSA)[M], 1999.
[9] National Institute of Standards and Technology, Digital Signature Standard[S], FIPS Publication 186-2, 2000.2.
[10] 严波,数字签名应用及我国要解决的问题[J],信息安全与通信保密,2002 No.2:40-41.
[11] 肖攸安,李腊元,数字签名技术的发展[J],交通与计算机,2003 Vol.21
No.1,6-10.
[12] 张先红,数字签名原理及技术[M],北京:机械工业出版社,2004,1.
[13] 吴薇,PKI技术的发展综述[J],电子产品可靠性与环境试验,2002 No.4:55-61.
[14] 胡红钢,中国PKI的现状及面临的问题[J],信息网络安全,2002 No3:8-12.
[15] 顾巧论,蔡振山等,计算机网络安全[M],北京:科学出版社,2003.1.
[16] 杨波,网络安全理论与应用[M],北京:电子工业出版社,2002.
[17] 卢开澄,计算机密码学:计算机网络中的数据保密与安全[M].北京:清华大学出版社,1998.
[18] 龚俭,陆晟,王倩,计算机网络安全导论[M],南京:东南大学出版社,2000.
[19] 冯登国,卿斯汉,信息安全:核心理论与实践[M],北京:国防工业出版社,2000.
[20] Carlton R.Davis,IPSec VPN的安全实施[M],北京:清华大学出版社,2002
[21] Stinson, D., R., Cryptography Theory and Practive[M], CRC Press LLC, 1995.
[22] Mohan Atreya著,贺军译,数字签名[M],北京:清华大学出版社,2003.
[23] Stison, D., R., Cryptography Theory and Practice[M], CRC press LLC, 1995.
[24] Standards for Efficient Cryptography, SEC 1: Elliptic Curve Cryptography[S], Working Draft, September 1999, Version 0.5.
[25] Jurisic, A., Memezes, A., Elliptic Curves Cryptography[EB/OL], http: //www.certicom.com.
[26] Rivest, R., The MD5 Message-Digest Algorithm[S], Request for Comments (RFS1321), April 1992.
[27] 燕辉,叶震等,报文摘要算法MD5分析[J],合肥工业大学学报(自然科学版),2002 Vol25 No.1:150-156.
[28] Richard M. Nunno, Electronic signatures: technology developments and legislative issues[J], Government Information quarterly Volulme 17, Number 4, pages 395-401.
[29] 康丽军,数字签名技术及应用[J],太原重型机械学院学报,2003 No.3:31-35.
[30] 杨树文,邢琦,现代化银行与数字签名技术[J],信息技术,2001 No.2:41-42.
[31] 倪春胜,牛建伟,胡伟平,数字签名技术在电子商务中的应用[J],计算机工程与应用,2001 No.21:112-115.
[32] 杨义先,孙伟,钮心忻,现代密码新理论[M].北京:科学出版社,2002.
[33] 吕皖丽,钟诚,数字签名方案的分析[J],广西科学院学报,2003 Vol.18 No.4:161-166.
[34] 陈兵,王立松等,网络安全与电子商务[M],北京:北京大学出版社,2002.
[35] 郝维来,RSA数字签名技术的研究[J],信息技术,2003 No.2:34-36.
[36] Don Johnson et al., The Elliptic Curve Digital Signature Algorithm (ECDSA)[R], Technical Report CORR 99-34, Dept. of C&O, University of Waterloo, Canada, Updated 2000.
[37] Professor William J Caelli et al., PKI, Elliptic Curve Cryptography, and Digital Signatures[J], Computers & Security, 18(1999) 47-66.
[38] 罗涛,易波,关于椭圆曲线数字签名算法研究[J],计算机工程与应用,2003 No.29:184-188.
[39] Yuh-Min Tsenget al., Digital signature with message recovery using self-certified public keys and its variants[J], Applied Mathematics and Computation 136(2003) 203-214.
[40] 佘堃,周明天,公开密钥基础设施(PKI)核心——签证机关(CA)[J],计算机应用,1999 Vol.19 No.11:1-3.
[41] 宁红宙,基于PKI机制的数字证书应用研究[硕士学位论文],太原:太原理工大学,2002.
[42] Costas Lambrinoudakis et al., Security requirements for e-government services: a methodological approach for developing a common PKI-based security policy[C], Computer Communications, 26(2003) 1873-1883.
[43] Hands J. (Jochen) Scholl, Introduction to Information Gechnology and Public Administration-E-Government Minitrack[C], Proceedings pf the 35th Hawaii International Conference on System Sciences 2002.
[44] 尹秀莲,于跃武,电子政务与网络信息安全[J],内蒙古科技与经济,2002 No.2:76-77.
[45] 李波,电子政务和商务中应用的数字签名研究[硕士学位论文],成都:西南交通大学,2003.
[46] 崔瀛,巩建平,PKI在电子政务中的应用[J],山西电子技术,2003 No.2:10-13.
[47] 李军,公钥证书管理系统的设计与实现[硕士学位论文],成都:西南交通大学,2002.
[48] 胡炎,董名垂,用数字签名解决电力系统敏感文档签名问题[J],电力系统自动化,2002 No.1:58-61.
[49] 张大陆,时慧,电子公文中数字签名的设计与实现[j],计算机应用研究,2001 No.6:78-81.
[50] 杨利英,陈基禄,李春祥等,数字签名技术与校园网办公自动化系统[J],华北电力大学学报,2001 Vol.28 No.1:63-67.
[51] 赵文清,王德文等,基于PKI的数字签名和数字信封的实现[J],华北电力大学学报,2003 No.11:71-75.
[52] 黄磊,陈海等,数字签名技术在政府公文处理系统中的应用[J],计算机与现代化,2003 No.7:52-55.
[53] 孔庆元,殷肖川,吴传枝,数字证书实现身份认证在电子政务中的应用[J],电脑时代,2003 No.1:16-17.
[54] 刘涛,侯正风,基于B/S结构的教务管理系统中的数字签名[J],安徽机电学院学报,2002 No.12:44-48.
[55] 吴晓葵,宋建民,数字签名在校园网中的应用[J],西安航空技术高等专科学校学报,2003,3,12-13.
[56] Karl R.P.H. Leung, Lucas C. K. Hui, Multiple Signature Handling in Workflow System[C], Proceedings of the 33rd Hawaii International Conference on System Sciences, 2000.
[57] 崔世军,黄伟,唐世钢,基于RSA公钥体制的多重数字签名研究[J],哈尔滨理工大学学报,2001 No.6:60-63.
[58] Rich Helton,Johennie Helton著,袁泉等译,Java安全解决方案[M],北京:清华大学出版社,2003.
[59] Oaks,S,Java安全[M],北京:中国电力出版社,2002.
[60] 徐迎晓,Java安全性编程实例[M],北京:清华大学出版社,2003.
[61] Jess Oarms,Daniel Soimerfield著,庞南等译,Java安全性编程指南[M],北京:电子工业出版社,2002.
[62] 刘晓君,蒋念平,用Java实现文件流转中的数字签名[J],计算机与现代化,2002 No.4:23-26.
[63] 俞时权,樊科臻,李莉,数字签名技术及其在Java中的具体实现[J],小型微型计算机系统,2001 Vol.22 No.6:719-723.
[64] IAIK, A Guide to IAIK's ECC Library[M], June 18, 2003.
[65] Dragongate Technologies Ltd., ECDSA Com 1.1 Manual[M], May 4, 2002.
[66] 张峰岭,基于Java2的身份认证数字签名和SSL实现技术[J],现代计算机,2002 No.4:27-32.