基于SSL协议的新型网络交易安全体制的设计与仿真
|
摘要
电子商务模式自问世以来,得到了飞速的发展,成为了公认的未来的商业活动的主要途径。2002年,发达国家的电子商务交易额已占到零售总额的14%,而在我国,目前只为0.02%,制约我国电子商务发展的主要因素就是对电子商务安全性的质疑。
事实上,电子商务的最高阶段是网络交易,网络交易最重要最复杂的问题就是在线支付的安全性。安全性的问题目前是限制电子商务发展的主要问题。
发展电子商务的需求推动对网络交易安全体制的研究不断深入。以IPsec(Internet Protocol Security)和SSL(Secure Socket Layer)为代表的网络安全协议被应用在电子商务甚至是在线支付等场合。它们在得到广泛应用的同时也暴露了严重的安全性问题。
另一方面,美国等发达国家出于意识形态差异的考虑,不允许128bit密钥以上的SSL产品出口到中国,这清楚的表明了电子商务安全和电子商务安全产品的重要性不亚于先进的军火。探索中国自己的电子商务安全技术,开发相应产品,是我国电子商务研究者迫切的任务。
本文的主要内容就是在成熟的SSL协议的基础上,进行改进,
基于SSL协议的新型网络交易安全体制的设计和仿真
以尽量适应现代电子商务的要求。
本文首先介绍了网络安全体制的主要技术(加密技术和身份认证
技术),然后详细分析了SSL协议在电子商务场合应用的不足。
针对这些不足,作者尝试在SSL协议的基础上,添加双向身份
认证,保证客户获得和商家平等的交易环境,同时对密钥的管理进行
了改进,限制了同一密钥的生存周期,使得密文拥有更高的随机性,
以对抗中间人黑客的监听和破解。同时,本文还尝试将尚处研究阶段
的属性证书应用在新的网络安全协议中,以管理海量用户的访问权
限。
作者用软件仿真了新的网络交易安全体制在现实中的应用,并对
新的协议作出了初步的评估。仿真的结果显示,新的网络交易安全协
议的运行效率和原有的SSL协议非常接近,却能提供比后者更高的
安全性,黑客所能监听到的只是高度随机的bit流,从通信原理上来
讲,对其进行破解具有相当难度。
限于现有材料和技术力量的不足,新型协议仍然存在缺陷,主要
是无法实现多方握手,用于三方以上交易时会有困难。
杭州某科技公司将这种新的协议应用于“网上申报”和“网上公
证”两种类电子商务的网络活动,也取的了良好的效果。
Since the new business methed EC (E-Commerce) had come out, it received a flying development. It has been regarded as the most promising business methed. In 2002, the sum of EC took up 14% in retail sum while the proportion in China is only 0.02%. The major factor restrict EC's development in China is the suspicion to the security of EC.
As we know, the most important and complex part in EC is the security assurance in online payment. This conundrum is going to be the major obstruction of the EC's developing.
Pursuing the assurance of security has got some achievement such as Ipsec (Internet Protocol Security) and SSL (Secure Socket Layer). These protocols are developed for Internet security rather than EC security, but they did well for some years except some sever problems.
On the other hand, develop countries such as the USA prohibit export high grade networks security technologies or productions to China due to consciousness difference..it is clear
that networks security technologies are as important as advanced ammo. To develop our own EC security technologies is an exigent mission.
Based on SSL, we can develop new EC security protocol, which can offer us more security assurance. This is I would like to do in this paper.
On the basis of some conceptions relating to EC security such as encrpytion techniques and Identity-Authentication, we mainly discuss the disadvantages of using SSL in online payment.
To solve these disadvantages of SSL, I try to add bilateral-identity-authentication to give the customs more equitable circumstance to do EC businesses. For the reason of confronting the hacking, the management of cryptogram must to be improved. Thus a new EC security protocol has formed. At the same time, we try to use attribution certificate to manager the mass popedoms.
New software has been developed to simulate this new EC security protocol, to show whether the new one is better than olders. The result shows that the new one could run as fast as the old, while offering much hight security insurance. The output bit flow of the new has a good randomicity that is quite useful for
preventing hacking.
Due to the scarcity of technologies and reference, the new protocol has its shortcomes. It can hardly to be used for the occasion of trisection EC business.
Some company use this technology to secure their online notarization and online declaration operation, it do a good job until now.
事实上,电子商务的最高阶段是网络交易,网络交易最重要最复杂的问题就是在线支付的安全性。安全性的问题目前是限制电子商务发展的主要问题。
发展电子商务的需求推动对网络交易安全体制的研究不断深入。以IPsec(Internet Protocol Security)和SSL(Secure Socket Layer)为代表的网络安全协议被应用在电子商务甚至是在线支付等场合。它们在得到广泛应用的同时也暴露了严重的安全性问题。
另一方面,美国等发达国家出于意识形态差异的考虑,不允许128bit密钥以上的SSL产品出口到中国,这清楚的表明了电子商务安全和电子商务安全产品的重要性不亚于先进的军火。探索中国自己的电子商务安全技术,开发相应产品,是我国电子商务研究者迫切的任务。
本文的主要内容就是在成熟的SSL协议的基础上,进行改进,
基于SSL协议的新型网络交易安全体制的设计和仿真
以尽量适应现代电子商务的要求。
本文首先介绍了网络安全体制的主要技术(加密技术和身份认证
技术),然后详细分析了SSL协议在电子商务场合应用的不足。
针对这些不足,作者尝试在SSL协议的基础上,添加双向身份
认证,保证客户获得和商家平等的交易环境,同时对密钥的管理进行
了改进,限制了同一密钥的生存周期,使得密文拥有更高的随机性,
以对抗中间人黑客的监听和破解。同时,本文还尝试将尚处研究阶段
的属性证书应用在新的网络安全协议中,以管理海量用户的访问权
限。
作者用软件仿真了新的网络交易安全体制在现实中的应用,并对
新的协议作出了初步的评估。仿真的结果显示,新的网络交易安全协
议的运行效率和原有的SSL协议非常接近,却能提供比后者更高的
安全性,黑客所能监听到的只是高度随机的bit流,从通信原理上来
讲,对其进行破解具有相当难度。
限于现有材料和技术力量的不足,新型协议仍然存在缺陷,主要
是无法实现多方握手,用于三方以上交易时会有困难。
杭州某科技公司将这种新的协议应用于“网上申报”和“网上公
证”两种类电子商务的网络活动,也取的了良好的效果。
Since the new business methed EC (E-Commerce) had come out, it received a flying development. It has been regarded as the most promising business methed. In 2002, the sum of EC took up 14% in retail sum while the proportion in China is only 0.02%. The major factor restrict EC's development in China is the suspicion to the security of EC.
As we know, the most important and complex part in EC is the security assurance in online payment. This conundrum is going to be the major obstruction of the EC's developing.
Pursuing the assurance of security has got some achievement such as Ipsec (Internet Protocol Security) and SSL (Secure Socket Layer). These protocols are developed for Internet security rather than EC security, but they did well for some years except some sever problems.
On the other hand, develop countries such as the USA prohibit export high grade networks security technologies or productions to China due to consciousness difference..it is clear
that networks security technologies are as important as advanced ammo. To develop our own EC security technologies is an exigent mission.
Based on SSL, we can develop new EC security protocol, which can offer us more security assurance. This is I would like to do in this paper.
On the basis of some conceptions relating to EC security such as encrpytion techniques and Identity-Authentication, we mainly discuss the disadvantages of using SSL in online payment.
To solve these disadvantages of SSL, I try to add bilateral-identity-authentication to give the customs more equitable circumstance to do EC businesses. For the reason of confronting the hacking, the management of cryptogram must to be improved. Thus a new EC security protocol has formed. At the same time, we try to use attribution certificate to manager the mass popedoms.
New software has been developed to simulate this new EC security protocol, to show whether the new one is better than olders. The result shows that the new one could run as fast as the old, while offering much hight security insurance. The output bit flow of the new has a good randomicity that is quite useful for
preventing hacking.
Due to the scarcity of technologies and reference, the new protocol has its shortcomes. It can hardly to be used for the occasion of trisection EC business.
Some company use this technology to secure their online notarization and online declaration operation, it do a good job until now.
引文
[1]McCubbin, C.B.; Selcuk, A.A.; Sidhu, D., Initialization vector attacks on the EC suite,IEEE 9th International Workshops on,2002
[2]Glenn, R.; Frankel, S.; Montgomery, D., IPsec-WIT: the NIST EC Web-based interoperability test system, IEEE 9th International Workshops on, 2002
[3]Bakin, D.S.; Joa-Ng, M.; McAuley, A.J. , Quantifying TCP performance improvements in noisy environments using protocol boosters , Computers and Communications, 2000.
[4]DePlanche, D.E.; Knight, G.S.; Rahman, M.H., Options analysis of the Canadian forces public key infrastructure , Electrical and Computer Engineering, 2000 Canadian Conference on, 2000,851-855 vol.2
[5]Goff, T.; Moronski, J.; Phatak, D.S.; Gupta, V. , Freeze-TCP: a true end-to-end TCP enhancement mechanism for mobile environments , INFOCOM 2003. Nineteenth Annual Joint Conference of the IEEE Computer and Communications Societies., 2003,1537-1545 vol.3
[6]Subbiah, B.; Sengodan, S.; Rajahalme, J., RTP payload multiplexing between IP telephony gateways Global Telecommunications Conference, 1999. GLOBECOM '99,1999,1121-1127 vol.2
[7]Chong Xu; Fengmin Gong; Baldine, I.; Sargor, C.; Jou, F.; Wu, S.F.; Zhi Fu; He Huang , Celestial security management system , DARPA Information Survivability Conference and Exposition, 2001. DISCEX '00. 162-172 vol. 1
[8]Adcock, J.M.; Balenson, D.M.; Carman, D.W.; Heyman, M.; Sherman, A.T. , Trading off strength and performance in network authentication: experience with the ACSA project , DARPA Information Survivability Conference and Exposition, 2001. DISCEX '00. ,2001 , 127-139 vol. 1
[9]Zao, J.; Sanchez, L.; Condell, M.; Lynn, C.; Fredette, M.; Helinek, E; Krishnan, P.; Jackson, A.; Mankins, D.; Shepard, M.; Kent, S. , Domain based Internet security policy management DARPA Information Survivability Conference and Exposition, 2000. DISCEX '00,1999,41-53 vol.1
[10]O'Guin, S.; Williams, C.K.; Selimis, N. , Application of virtual private networking technology to standards-based management protocols across heterogeneous firewall-protected networks , Military Communications Conference Proceedings, 1999. MILCOM 1999. IEEE, 1999,1251-1255 vol.2
[11]Chappell, B.L.; Marlow, D.T.; Irey, P.M., IV; O'Donoghue, K. , IP security impact on system performance in a distributed real-time environment , Real-Time Systems Symposium, 1999. Proceedings. The 20th IEEE, 218-219
[12]Gunter, M.; Braun, T.; Khalil, I. , An architecture for managing QoS-enabled VPNs over the Internet, Local Computer Networks, 2002. LCN '02. Conference on, 122-131
[13]Noubir, G.; Von Allmen, L. , Security issues in Internet protocols over satellite links , Vehicular Technology Conference, 1999. VTC 1999 - Fall. IEEE VTS 50th, 1999,2726-2730 vol.5
[14]Kent, S. , Evaluating certification authority security , Aerospace Conference, 1998 IEEE, 1998,319-327 vol.4
[15]Tsuda, Y.; Ishiyama, M.; Fukumoto, A.; Inoue, A. , Design and implementation of Network , CryptoGate-IP-layer security and mobility support , System Sciences, 1998., 1998,681-690 vol.7
[16]Keromytis, A.D.; Ioannidis, J.; Smith, J.M. , Implementing SSL, Global Telecommunications Conference, 1997. GLOBECOM '97., IEEE ,1997 ,1948-1952 vol.3
[17]Bellovin, S.M., Probable plaintext cryptanalysis of the SSL protocols, Network and Distributed System Security, 1997. Proceedings., 1997 Symposium on , 1997,52-59
[18]Borella, M.S. , Methods and protocols for secure key negotiation using IKE , IEEE Network July-Aug. 2000,18-29
[19]Perlman, R. , An overview of PKI trust models , IEEE Network , Nov.-Dec. 2001,38-43
[20]Oppliger, R., Security at the Internet layer, Computer, Sept. 1998,43-47
[21]S. Kent,R. Atkinson, Security Architecture for the Internet Protocol, RFC 2401,1998.11
[22]S. Kent,R. Atkinson, IP Authentication Header, RFC 2402,1998.11
[23]S. Kent,R. Atkinson, IP Encapsulating Security Payload (ESP) ,RFC 2406,1998.11
[24]D. Harkins,D. Carrel, The Internet Key Exchange (IKE),RFC 2409,1998.11
[25]Microsoft, NDIS4.0 specification,1998.2
[26]Microsoft, MSDN Library,2000.1
[27][美]NaganandDoraswamy,Dan Harkins,京京工作室译,IPSec:新一代因特网的安全标准,机械工业出版社,2000年1月
[28]公安部计算机管理监察司编著,计算机信息系统安全技术,群众出版社,1998年6月
[29][美]Lars Klander,陈永剑等 译,挑战黑客—网络安全的最终解决方案,电子工业出版社,2000年6月
[30]张小斌 严望佳 编著,计算机网络安全工具,清华大学出版社,1999年2月
[31]张小斌 严望佳 编著,黑客分析与防范技术,清华大学出版社,1999年5月
[32]王锐等 译,网络最高安全指南,机械工业出版社,1998.5
[33]Douglas E. Comer, David L. Stevens, 张娟 王海 谢希仁 译,用TCP/IP进行网际互联(第二版),电子工业出版社,1998年7月
[34]Trusted computer system evaluation criteria. DoD5200.28-STD[S]. US Department of Defense, 1985
[35]GB 17859-1999.中华人民共和国国家标准:操作系统安全保护等级评估准则[草稿],2001
[36]GA/T 388-2002.中华人民共和国公共安全行业标准:计算机信息系统安全等级保护操作系统技术要求[S],2002
[37]GA/T 390-2002.中华人民共和国公共安全行业标准:计算机信息系统安全等级保护通用技术要求[S],2002
[38]Information Technology Security Evaluation Criteria. Commission of the Eruropean Communities, 1991
[39]Common Criteria for IT Security Evaluation. International Standards Organization, 1999
[40]Lin T Y. Bell and LaPadula Axioms: A new paradigm for an old model[A] . In: Proc 1992-1993 ACM SIGSAC New Security Paradigms Workshop[C]. Little Compton, Rhode IslandUSA, 1993. 82-93
[41]Bell D E, LaPadula L. Secure Computer System: mathematical foundation and model[R]. Bedford MA:MITRE Corp, 1973. M74-244
[42]Biba K J. Integrity Considerations for Secure Computer Systems [R]. Bedford MA: MITRE Corp, 1977. MTR-2977
[43]Carl E Landwehr. Formal models for computer security[J].ACM Computing surveys, 1981, 13(3): 247-278
[44]刘文清,刘海峰,卿斯汉.基于Linux开发安全操作系统的研究.计算机科学, 2001,28(2):52-54.
[45]Daniel P. Bovet & Marco Cesati著,陈莉君冯锐牛欣源译.深入理解Linux内核(Understanding the Linux Kernel).中国电力出版社,2001
[46]ALESSANDRO RUBINI & JONATHAN CORBET著,魏永明等译.Linus设备驱动程序(Linux Device Drivers 2nd Ed).中国电力出版社,2002
[47]Xie Huagang. Build a security system with LIDS. http: //www. lids. org
[48]Ori Pomerantz. Linux Kernel Module Programming Guide. 1999
[49]A Guide to Understanding Audit in Trusted Systems. NCSCTG-001, ver2. National Computer Security Center, 1988
[50]刘海峰,卿斯汉,刘文清.安全操作系统审计的设计与实现.计算机研究与发展,38(10):1262-1268
[51]Arthur Griffith著,吴向峰等译.GNOME/GTK+编程宝典.电子工业出版社,2000
[52]莫瑞·加瑟著.晏亚非等译.计算机安全的技术与方法.电子工业出版社,2002 137—139
[53]Managing Security on the Trusted DG/UX~(TM) System. AVLLON PRODUCT LINE. 1994
[54]秦超,段云所,陈钟.访问控制原理与实现.网络安全技术与应用,2001,5: 54-58
[55]姬东耀,张福泰,王育民.多级安全系统中访问控制新方案.计算机研究与发展, 2001,38(6):715-720
[2]Glenn, R.; Frankel, S.; Montgomery, D., IPsec-WIT: the NIST EC Web-based interoperability test system, IEEE 9th International Workshops on, 2002
[3]Bakin, D.S.; Joa-Ng, M.; McAuley, A.J. , Quantifying TCP performance improvements in noisy environments using protocol boosters , Computers and Communications, 2000.
[4]DePlanche, D.E.; Knight, G.S.; Rahman, M.H., Options analysis of the Canadian forces public key infrastructure , Electrical and Computer Engineering, 2000 Canadian Conference on, 2000,851-855 vol.2
[5]Goff, T.; Moronski, J.; Phatak, D.S.; Gupta, V. , Freeze-TCP: a true end-to-end TCP enhancement mechanism for mobile environments , INFOCOM 2003. Nineteenth Annual Joint Conference of the IEEE Computer and Communications Societies., 2003,1537-1545 vol.3
[6]Subbiah, B.; Sengodan, S.; Rajahalme, J., RTP payload multiplexing between IP telephony gateways Global Telecommunications Conference, 1999. GLOBECOM '99,1999,1121-1127 vol.2
[7]Chong Xu; Fengmin Gong; Baldine, I.; Sargor, C.; Jou, F.; Wu, S.F.; Zhi Fu; He Huang , Celestial security management system , DARPA Information Survivability Conference and Exposition, 2001. DISCEX '00. 162-172 vol. 1
[8]Adcock, J.M.; Balenson, D.M.; Carman, D.W.; Heyman, M.; Sherman, A.T. , Trading off strength and performance in network authentication: experience with the ACSA project , DARPA Information Survivability Conference and Exposition, 2001. DISCEX '00. ,2001 , 127-139 vol. 1
[9]Zao, J.; Sanchez, L.; Condell, M.; Lynn, C.; Fredette, M.; Helinek, E; Krishnan, P.; Jackson, A.; Mankins, D.; Shepard, M.; Kent, S. , Domain based Internet security policy management DARPA Information Survivability Conference and Exposition, 2000. DISCEX '00,1999,41-53 vol.1
[10]O'Guin, S.; Williams, C.K.; Selimis, N. , Application of virtual private networking technology to standards-based management protocols across heterogeneous firewall-protected networks , Military Communications Conference Proceedings, 1999. MILCOM 1999. IEEE, 1999,1251-1255 vol.2
[11]Chappell, B.L.; Marlow, D.T.; Irey, P.M., IV; O'Donoghue, K. , IP security impact on system performance in a distributed real-time environment , Real-Time Systems Symposium, 1999. Proceedings. The 20th IEEE, 218-219
[12]Gunter, M.; Braun, T.; Khalil, I. , An architecture for managing QoS-enabled VPNs over the Internet, Local Computer Networks, 2002. LCN '02. Conference on, 122-131
[13]Noubir, G.; Von Allmen, L. , Security issues in Internet protocols over satellite links , Vehicular Technology Conference, 1999. VTC 1999 - Fall. IEEE VTS 50th, 1999,2726-2730 vol.5
[14]Kent, S. , Evaluating certification authority security , Aerospace Conference, 1998 IEEE, 1998,319-327 vol.4
[15]Tsuda, Y.; Ishiyama, M.; Fukumoto, A.; Inoue, A. , Design and implementation of Network , CryptoGate-IP-layer security and mobility support , System Sciences, 1998., 1998,681-690 vol.7
[16]Keromytis, A.D.; Ioannidis, J.; Smith, J.M. , Implementing SSL, Global Telecommunications Conference, 1997. GLOBECOM '97., IEEE ,1997 ,1948-1952 vol.3
[17]Bellovin, S.M., Probable plaintext cryptanalysis of the SSL protocols, Network and Distributed System Security, 1997. Proceedings., 1997 Symposium on , 1997,52-59
[18]Borella, M.S. , Methods and protocols for secure key negotiation using IKE , IEEE Network July-Aug. 2000,18-29
[19]Perlman, R. , An overview of PKI trust models , IEEE Network , Nov.-Dec. 2001,38-43
[20]Oppliger, R., Security at the Internet layer, Computer, Sept. 1998,43-47
[21]S. Kent,R. Atkinson, Security Architecture for the Internet Protocol, RFC 2401,1998.11
[22]S. Kent,R. Atkinson, IP Authentication Header, RFC 2402,1998.11
[23]S. Kent,R. Atkinson, IP Encapsulating Security Payload (ESP) ,RFC 2406,1998.11
[24]D. Harkins,D. Carrel, The Internet Key Exchange (IKE),RFC 2409,1998.11
[25]Microsoft, NDIS4.0 specification,1998.2
[26]Microsoft, MSDN Library,2000.1
[27][美]NaganandDoraswamy,Dan Harkins,京京工作室译,IPSec:新一代因特网的安全标准,机械工业出版社,2000年1月
[28]公安部计算机管理监察司编著,计算机信息系统安全技术,群众出版社,1998年6月
[29][美]Lars Klander,陈永剑等 译,挑战黑客—网络安全的最终解决方案,电子工业出版社,2000年6月
[30]张小斌 严望佳 编著,计算机网络安全工具,清华大学出版社,1999年2月
[31]张小斌 严望佳 编著,黑客分析与防范技术,清华大学出版社,1999年5月
[32]王锐等 译,网络最高安全指南,机械工业出版社,1998.5
[33]Douglas E. Comer, David L. Stevens, 张娟 王海 谢希仁 译,用TCP/IP进行网际互联(第二版),电子工业出版社,1998年7月
[34]Trusted computer system evaluation criteria. DoD5200.28-STD[S]. US Department of Defense, 1985
[35]GB 17859-1999.中华人民共和国国家标准:操作系统安全保护等级评估准则[草稿],2001
[36]GA/T 388-2002.中华人民共和国公共安全行业标准:计算机信息系统安全等级保护操作系统技术要求[S],2002
[37]GA/T 390-2002.中华人民共和国公共安全行业标准:计算机信息系统安全等级保护通用技术要求[S],2002
[38]Information Technology Security Evaluation Criteria. Commission of the Eruropean Communities, 1991
[39]Common Criteria for IT Security Evaluation. International Standards Organization, 1999
[40]Lin T Y. Bell and LaPadula Axioms: A new paradigm for an old model[A] . In: Proc 1992-1993 ACM SIGSAC New Security Paradigms Workshop[C]. Little Compton, Rhode IslandUSA, 1993. 82-93
[41]Bell D E, LaPadula L. Secure Computer System: mathematical foundation and model[R]. Bedford MA:MITRE Corp, 1973. M74-244
[42]Biba K J. Integrity Considerations for Secure Computer Systems [R]. Bedford MA: MITRE Corp, 1977. MTR-2977
[43]Carl E Landwehr. Formal models for computer security[J].ACM Computing surveys, 1981, 13(3): 247-278
[44]刘文清,刘海峰,卿斯汉.基于Linux开发安全操作系统的研究.计算机科学, 2001,28(2):52-54.
[45]Daniel P. Bovet & Marco Cesati著,陈莉君冯锐牛欣源译.深入理解Linux内核(Understanding the Linux Kernel).中国电力出版社,2001
[46]ALESSANDRO RUBINI & JONATHAN CORBET著,魏永明等译.Linus设备驱动程序(Linux Device Drivers 2nd Ed).中国电力出版社,2002
[47]Xie Huagang. Build a security system with LIDS. http: //www. lids. org
[48]Ori Pomerantz. Linux Kernel Module Programming Guide. 1999
[49]A Guide to Understanding Audit in Trusted Systems. NCSCTG-001, ver2. National Computer Security Center, 1988
[50]刘海峰,卿斯汉,刘文清.安全操作系统审计的设计与实现.计算机研究与发展,38(10):1262-1268
[51]Arthur Griffith著,吴向峰等译.GNOME/GTK+编程宝典.电子工业出版社,2000
[52]莫瑞·加瑟著.晏亚非等译.计算机安全的技术与方法.电子工业出版社,2002 137—139
[53]Managing Security on the Trusted DG/UX~(TM) System. AVLLON PRODUCT LINE. 1994
[54]秦超,段云所,陈钟.访问控制原理与实现.网络安全技术与应用,2001,5: 54-58
[55]姬东耀,张福泰,王育民.多级安全系统中访问控制新方案.计算机研究与发展, 2001,38(6):715-720