校园网络环境下数字签名的研究与设计
|
摘要
校园网是社会信息化发展的必然产物,它担当着教学、科研、管理和对外交流等许多角色,因此其安全性非常重要。本文通过对多种安全技术的研究和比较,提出了采用数字签名来保障其安全性的方案。
通过对校园网的深入研究和对多种数字签名技术的比较,得出了RSA是适合用于校园网络环境下的数字签名算法,同时做了RSA算法的抗攻击风险量化分析。因子分解也是RSA算法安全研究的重点之一,本文通过推导,将a。的取值范围缩小为(w,(w+1)/2],使因子分解的速度得到提高。为了提高校园网络系统中消息传输的可靠性、快速性、保密性、安全性能,本文设计了一套解决方案,该方案是采用哈希函数MD5算法来计算消息摘要,并使其与RSA公钥算法相结合,最终实现对消息加密、解密、签名及认证等功能。文中阐述了从算法设计到方案实现的具体过程,并采用网络编程语言ASP对其编程测试,在实践中验证了其可行性。
为了防止上述方案被“机器人”攻击,采用了验证码的技术,从整体上保证了校园网络的安全。本文研究的确定性素数生成算法是素数生成方法中的新的研究方向,它能够快速、有效的生成素数,提高RSA算法效率。
The campus net is the result of the developing of the social information, which acts many roles like teaching, scientific studies, management and outward exchanges. In this case, its safety becomes one of important research lessons of ours. This paper advances a plan which is that we use the technique of digital signature to assure the safety based on the research and comparison of various safety techniques.
Based on the research of various techniques and some characteristics of the campus net, we found that the RSA is suitable for the digital signature under the campus network and did the RSA algorithm anti-attack the risk to measure analysis at the same time. Because the factorization is one of the keynotes of the study of RSA algorithm safety, this thesis reduces the value boundary of a0 is (Vw, (w+1)/2] based on derivations, so it raises the speed of factorization. For the sake of the exaltation of campus network system inside the message deliver dependability, fleetness, secrecy, the safe function, this text adapted the MD5 of an HASH function to calculate the message summary, combine them together that the public key and the security key to realize the encryption to message, decipher, signature and verification etc. This issue also expounds the concrete process that realizes of project from the design of algorithm. Also we do the programming test with ASP and verified its possibility in the fulfillment.
For preventing "robot" from attacking, we use the technique of the verification code, so that we can guarantee the safety of the campus network from the whole. The determinacy prime number generative algorithm we study is a new direction of the prime number generative algorithm, it can generate the prime number quickly and effectively, and it raises the efficiency of the RSA algorithm.
通过对校园网的深入研究和对多种数字签名技术的比较,得出了RSA是适合用于校园网络环境下的数字签名算法,同时做了RSA算法的抗攻击风险量化分析。因子分解也是RSA算法安全研究的重点之一,本文通过推导,将a。的取值范围缩小为(w,(w+1)/2],使因子分解的速度得到提高。为了提高校园网络系统中消息传输的可靠性、快速性、保密性、安全性能,本文设计了一套解决方案,该方案是采用哈希函数MD5算法来计算消息摘要,并使其与RSA公钥算法相结合,最终实现对消息加密、解密、签名及认证等功能。文中阐述了从算法设计到方案实现的具体过程,并采用网络编程语言ASP对其编程测试,在实践中验证了其可行性。
为了防止上述方案被“机器人”攻击,采用了验证码的技术,从整体上保证了校园网络的安全。本文研究的确定性素数生成算法是素数生成方法中的新的研究方向,它能够快速、有效的生成素数,提高RSA算法效率。
The campus net is the result of the developing of the social information, which acts many roles like teaching, scientific studies, management and outward exchanges. In this case, its safety becomes one of important research lessons of ours. This paper advances a plan which is that we use the technique of digital signature to assure the safety based on the research and comparison of various safety techniques.
Based on the research of various techniques and some characteristics of the campus net, we found that the RSA is suitable for the digital signature under the campus network and did the RSA algorithm anti-attack the risk to measure analysis at the same time. Because the factorization is one of the keynotes of the study of RSA algorithm safety, this thesis reduces the value boundary of a0 is (Vw, (w+1)/2] based on derivations, so it raises the speed of factorization. For the sake of the exaltation of campus network system inside the message deliver dependability, fleetness, secrecy, the safe function, this text adapted the MD5 of an HASH function to calculate the message summary, combine them together that the public key and the security key to realize the encryption to message, decipher, signature and verification etc. This issue also expounds the concrete process that realizes of project from the design of algorithm. Also we do the programming test with ASP and verified its possibility in the fulfillment.
For preventing "robot" from attacking, we use the technique of the verification code, so that we can guarantee the safety of the campus network from the whole. The determinacy prime number generative algorithm we study is a new direction of the prime number generative algorithm, it can generate the prime number quickly and effectively, and it raises the efficiency of the RSA algorithm.
引文
[1]美·Matt Bishop著.王立斌黄征等译计算机安全学——安全的艺术与科学[M].北京:电子工业出版社,2004.1
[2]黄叔武,杨一平主编.计算机网络工程教程[M].北京:清化大学出版社,2000.3.
[3]沈斌,史鸣杰.统一身份认证平台的设计[J].南京师范大学学报(工程技术版),2004.6,4(2):73-75
[4]纪方,鲁士文.安全远程访问系统的设计与研究[J].计算机应用与软件,2004.6,21(6):92-94
[5]美Bruce Schneier著.应用密码学协议、算法与C源程序[M]北京机械工业出版社2001.3
[6]刘宏伟.一种基于身份的数字签名算法研究[J].系统工程与电子技术.2008.30:1159-1162.
[7]胡予濮.一个新型的NTRU类数字签名方案[J].计算机学报.2008.31:1661-1666.
[8]腾直等编著.新编动态网页设计教程[M].北京:冶金工业出版社,2004.8
[9]胡标编著.ASP网络编程技术与实例[M].北京:人民邮电出版社,2004.5
[10]秦凯.”312”校园信息网建设全方位解决方案[J].沈阳大学学报,2004.4,16(2):34-35
[11]贺刚.数字签名在校园办公网上的实现[J].湖北民族学院学报(自然科学版),2004.6,22(2):69-71
[12]郝坤,沈树林.校园网安全分析及安全策略[J].安徽工程科技学院学报,2003.9,18(3):48-50
[13]崔淼.校园网的建设与安全管理探讨[J].黄河水利职业技术学院学报,2004.4,16(2):31-33
[14]贾俊敏,王纪卿,孔英会,张素香,鲁强,胡婧彦.电子交易系统中文本安全传输方案研究[J].电力系统通信,2005.1,26(147):33-35
[15]张辉,杨岳湘,汪诗林.数字校园中基于LDAP的统一用户身份管理技术研究[J].计算机工程与科学,2005,27(1):14-15
[16]王海艳,王汝传.秘密共享方案的研究[J].微机发展,2005.3,15(3):32-34
[17]刘玉珍,王国娜,傅建明等译.密码编码学与网络安全——原理与实践(第三版)[M].北京:电子工业出版社,2004.1
[18]刘涛.基于校园网的成绩MIS数字签名的研究与设计[J].微机发展,2005.11,15(11):24-26
[19]刘涛,严群.基于椭圆曲线密码协议产生会话密钥的研究与设计[J].安徽工程科技学院学报,2004.3,19(1):28-33
[20]刘玉沙,张华,张志浩,冯伟国.公钥基础设施在网络安全中的研究与应用[J],计算机工程与应用,2000.3
[21]王国兵,杨建沾,谢贵.基于RSA算法的网络安全体系构造[J],武汉大学学报,46(1)
[22]张雪武.基于RSA的数字签名及其在房地产评估系统中的应用[J],西南农业大学2002届硕士学位论文
[23]王克苑.基于XML平台RSA数字签名体制的研究与应用[J],合肥工业大学硕士学位论文,2004,5
[24]李毅.一种改进的高效RSA算法的设计与实现[J],暨南大学硕士学位论文,2003,4
[25]张磊.一种基于多素数RSA的认证加密新方案[J],暨南大学硕士学位论文,2005,5
[26]鲁军,汪同庆,任莉等.身份认证系统的设计与实现,网络安全技术与应用,2004,2
[27]梁晋,施仁,王育民等.电子商务核心技术——安全电子商务交易协议的理论与设计[J],西安电子科技大学出版社,2000
[28]樊宓丰、林东等,网络信息安全与PGP加密[M],清华大学出版社,1998年8月
[29]LIN,Song基于Petri网的双重数字签名的描述与验证[J].系统仿真学报.2008.20:2498-2501.
[30]王晓峰.零知识证明的前向安全不可否认数字签名方案[J].计算机工程.2007.33:27-29.
[31]庞辽军.一个预防欺诈的(t,n)门限数字签名方案[J].电子与信息学报.2007.29:895-897.
[32]陈文兵.基于XML数字签名的应用模型设计与分析[J].计算机工程.2007.33(11):154-156,162.
[33]王明强.一个新的模糊数字签名方案[J].计算机工程.2006.32(23):40-42.
[34]王会进.基于零知识证明的XML数字签名方案[J].计算机工程.2006.32:143-145.
[35]鞠宏伟.基于RSA的证实数字签名方案[J].计算机工程.2006.32:154-156,165.
[36]韩益亮.ECDSA可公开验证广义签密[J].计算机学报.2006.29(11):2003-2012.
[37]慈夫把玩质数http://www.infosec.org.cn/bbs/index.php?mods=topicdisplay &forumid=5&postid=35&p=1
[38]A.Odlyzko,"Progress in Integer Faxtorization and Discrete Logarithms," unpublished manuscript, Feb 1995
[39]R.Rivest,M.Hellman, J.Adleman,"A Method for Obtaining Digital Signatures and Public-KeyCryptosystems," Communications of the ACM 21(2),pp.120-126 (Feb. 1978)
[40]Ian Curry, "Version 3 X.509 Certificates", Entrust Technologies White Paper, July 1996
[41]RFC2459:Internet X.509 Public Key Infrastructure Certificate and CRL Profile
[42]RFC2251:Lightweight Directory Access Protocol (v3)
[43]Marc Branchaud, A Survey Of Public Key Infrastructures:[Master Thesis], Montreal:Department of Computer Science McGill University,1997
[44]Symeon Xenitellis, A guide to PKIs and Open-source Implementations, OpenCATeam,1999
[45]Dean Povey, Tim Redhead and Ming Yung, Public Key Infrastructures For Secure Electronic Commerce in Australia. Queensland University of Technology, 1998
[46]S. Boeyen、T. Howes、P. Richard, Internet X.509 Public Key Infrastructure LDAPv2Schema:[RFC 2587],1999
[2]黄叔武,杨一平主编.计算机网络工程教程[M].北京:清化大学出版社,2000.3.
[3]沈斌,史鸣杰.统一身份认证平台的设计[J].南京师范大学学报(工程技术版),2004.6,4(2):73-75
[4]纪方,鲁士文.安全远程访问系统的设计与研究[J].计算机应用与软件,2004.6,21(6):92-94
[5]美Bruce Schneier著.应用密码学协议、算法与C源程序[M]北京机械工业出版社2001.3
[6]刘宏伟.一种基于身份的数字签名算法研究[J].系统工程与电子技术.2008.30:1159-1162.
[7]胡予濮.一个新型的NTRU类数字签名方案[J].计算机学报.2008.31:1661-1666.
[8]腾直等编著.新编动态网页设计教程[M].北京:冶金工业出版社,2004.8
[9]胡标编著.ASP网络编程技术与实例[M].北京:人民邮电出版社,2004.5
[10]秦凯.”312”校园信息网建设全方位解决方案[J].沈阳大学学报,2004.4,16(2):34-35
[11]贺刚.数字签名在校园办公网上的实现[J].湖北民族学院学报(自然科学版),2004.6,22(2):69-71
[12]郝坤,沈树林.校园网安全分析及安全策略[J].安徽工程科技学院学报,2003.9,18(3):48-50
[13]崔淼.校园网的建设与安全管理探讨[J].黄河水利职业技术学院学报,2004.4,16(2):31-33
[14]贾俊敏,王纪卿,孔英会,张素香,鲁强,胡婧彦.电子交易系统中文本安全传输方案研究[J].电力系统通信,2005.1,26(147):33-35
[15]张辉,杨岳湘,汪诗林.数字校园中基于LDAP的统一用户身份管理技术研究[J].计算机工程与科学,2005,27(1):14-15
[16]王海艳,王汝传.秘密共享方案的研究[J].微机发展,2005.3,15(3):32-34
[17]刘玉珍,王国娜,傅建明等译.密码编码学与网络安全——原理与实践(第三版)[M].北京:电子工业出版社,2004.1
[18]刘涛.基于校园网的成绩MIS数字签名的研究与设计[J].微机发展,2005.11,15(11):24-26
[19]刘涛,严群.基于椭圆曲线密码协议产生会话密钥的研究与设计[J].安徽工程科技学院学报,2004.3,19(1):28-33
[20]刘玉沙,张华,张志浩,冯伟国.公钥基础设施在网络安全中的研究与应用[J],计算机工程与应用,2000.3
[21]王国兵,杨建沾,谢贵.基于RSA算法的网络安全体系构造[J],武汉大学学报,46(1)
[22]张雪武.基于RSA的数字签名及其在房地产评估系统中的应用[J],西南农业大学2002届硕士学位论文
[23]王克苑.基于XML平台RSA数字签名体制的研究与应用[J],合肥工业大学硕士学位论文,2004,5
[24]李毅.一种改进的高效RSA算法的设计与实现[J],暨南大学硕士学位论文,2003,4
[25]张磊.一种基于多素数RSA的认证加密新方案[J],暨南大学硕士学位论文,2005,5
[26]鲁军,汪同庆,任莉等.身份认证系统的设计与实现,网络安全技术与应用,2004,2
[27]梁晋,施仁,王育民等.电子商务核心技术——安全电子商务交易协议的理论与设计[J],西安电子科技大学出版社,2000
[28]樊宓丰、林东等,网络信息安全与PGP加密[M],清华大学出版社,1998年8月
[29]LIN,Song基于Petri网的双重数字签名的描述与验证[J].系统仿真学报.2008.20:2498-2501.
[30]王晓峰.零知识证明的前向安全不可否认数字签名方案[J].计算机工程.2007.33:27-29.
[31]庞辽军.一个预防欺诈的(t,n)门限数字签名方案[J].电子与信息学报.2007.29:895-897.
[32]陈文兵.基于XML数字签名的应用模型设计与分析[J].计算机工程.2007.33(11):154-156,162.
[33]王明强.一个新的模糊数字签名方案[J].计算机工程.2006.32(23):40-42.
[34]王会进.基于零知识证明的XML数字签名方案[J].计算机工程.2006.32:143-145.
[35]鞠宏伟.基于RSA的证实数字签名方案[J].计算机工程.2006.32:154-156,165.
[36]韩益亮.ECDSA可公开验证广义签密[J].计算机学报.2006.29(11):2003-2012.
[37]慈夫把玩质数http://www.infosec.org.cn/bbs/index.php?mods=topicdisplay &forumid=5&postid=35&p=1
[38]A.Odlyzko,"Progress in Integer Faxtorization and Discrete Logarithms," unpublished manuscript, Feb 1995
[39]R.Rivest,M.Hellman, J.Adleman,"A Method for Obtaining Digital Signatures and Public-KeyCryptosystems," Communications of the ACM 21(2),pp.120-126 (Feb. 1978)
[40]Ian Curry, "Version 3 X.509 Certificates", Entrust Technologies White Paper, July 1996
[41]RFC2459:Internet X.509 Public Key Infrastructure Certificate and CRL Profile
[42]RFC2251:Lightweight Directory Access Protocol (v3)
[43]Marc Branchaud, A Survey Of Public Key Infrastructures:[Master Thesis], Montreal:Department of Computer Science McGill University,1997
[44]Symeon Xenitellis, A guide to PKIs and Open-source Implementations, OpenCATeam,1999
[45]Dean Povey, Tim Redhead and Ming Yung, Public Key Infrastructures For Secure Electronic Commerce in Australia. Queensland University of Technology, 1998
[46]S. Boeyen、T. Howes、P. Richard, Internet X.509 Public Key Infrastructure LDAPv2Schema:[RFC 2587],1999