企业级安全电子邮件系统的设计与实现
|
摘要
在当今的信息社会中,企业的国际国内交流迅猛增加,以最快、最经济的方式获取和发出信息,已成为企业把握商机、竞争成败的关键。随着Internet 技术的发展,电子邮件(E-mail)作为INTERNET所提供的一项基本服务以其方便、快捷、费用低廉的优势,开拓了广阔的市场,成为了企业对内、对外交流的重要途径,是企业实现办公自动化不可缺少的一个部分。为了获得系统化的邮箱管理、专业化的邮件服务、以及树立统一的企业品牌形象,越来越多的中国企业开始选择建立自己专用的电子邮件系统。
企业电子邮件系统不同于普通的电子邮件系统。企业的邮件大部分为商务函件,发出的信件一般都包含一定的商务内容和商业利益。因而企业邮件系统在安全性方面有一些特殊的要求。
首先,是机密性,邮件内容不可以被第三方识别。因为邮件可能涉及到商业机密等重要的与企业利益相关的事务,邮件内容的泄漏可能使企业蒙受损失。
其次,是不可篡改性,邮件发出后,不可以被任何人修改。因为无论是第三方的恶意篡改,还是通信双方的蓄意修改,都会引起商业纠纷。
再次,是身份可识别性,通信双方应当可以对邮件发送者的身份进行确认。发信人发出的信件都是代表公司的一种商业行为,需要为所发信件的内容承担责任,身份识别可避免责任纠纷,同时接收方也可以确定发送者的身份。
最后,是不可抵赖性,在收信方接收到发信方发送的邮件后,发信方需有可靠的证据证实收信方的确收到了该内容的邮件,以防收信方抵赖,避免不必要的责任纠纷。
本文从技术上研究和探讨了如何设计和实现具有良好安全性的企业电子邮件系统。通过对企业邮件系统的分析和目前较为实用的各种安全性技术的讨论, 给出了安全性解决方案及具体实现。
数据的机密性用于确保信息只能被授权读取的一方读取,本系统的数据机密性通过密码体制来实现。目前有两种形式的密码体制:对称的和非对称的。本系统中采用非对称密码体制即公钥密码体制来加密数据以实现数据的机密性。
数据的不可篡改性即数据的完整性是对传输的数据是否在传送的过程中被改变进行检验,以确保传输的消息是完整的。本系统中采用Hash摘要算法来保证数据的完整性。
用户身份的识别是指发信方对用其自己的私钥签名后所发出的信件承担一切责任,
并且接收方在收到信件后可以通过发信方的公钥进行身份验证。本系统通过数字签名来实现这一功能。
对于接收方用户的不可抵赖性,本系统通过当接收方成功解密邮件后将成功标志发给CA认证中心,CA用其私钥签名该成功标志然后发送给发信方。从而实现接收方接收邮件的不可抵赖性。
本系统是以吉粮集团信息化建设为依托,以吉粮集团企业邮局为基础开发的一套具有数字签名、数据加密与解密等安全功能的电子邮件系统。使用PKI安全体系结构,并采用S/MIME电子邮件加密协议的加密思想来指导系统的开发,建立一个具有良好安全性的电子邮件应用系统,从而解决传统邮局中的种种不安全因素,为企业通过电子邮件开展商务活动保驾护航。
本系统从结构设计到系统实施多个方面克服了目前软件开发中的一些弊端与不足。系统在体系结构设计上采用先进的多层体系结构,将表示层与业务逻辑层分离,大大地提高了系统的可扩展性,同时降低了系统升级与维护的费用。系统在实现上采用MVC模式,减弱了业务逻辑接口和数据接口之间的耦合,利于开发人员分工协作,缩短了系统的开发周期,降低了系统成本。另外,系统在安全机制上采用由用户自己生成密钥对,然后交由CA中心签发证书,克服了普通PKI体系结构中的CA权利过大的弊端,进一步提高了邮件系统的安全性。
本文首先对邮件服务器的工作原理以及用到的相关邮件传输协议进行了详细的介绍;然后介绍了用于实现安全电子邮件的PKI架构以及相关加密和鉴别的常用算法,并对每一算法的大体流程作了比较详细的说明;最后分析了qmail 邮件服务器的工作原理并在此基础上给出了系统的总体框图以及邮件发送和接收过程的安全原理,同时提出了一套安全电子邮件系统解决方案,包括安全电子邮件发送模块的设计与实现,接收模块的设计与实现,加密签名模块的设计与实现以及系统的运行环境、部署与测试。
In this information society, the command of communication between corporations is continually increasing, it is essential for any corporation’s survival to obtain and transmit information by a fast and economical way. With the development of Internet technology, as one of the basic services offered by Internet, e-mail has been becoming an important approach to communicate and becoming an indispensable part to realize office automation for its convenience, fastness and cheap expense. More and more Chinese corporations have established their own email systems for systematic management of mailbox and the uniform brand of corporations.
The corporation e-mail system is different from the others. Because corporation emails include many business secrecies, the email system has special request for safety.
First of all, it is confidentiality that means the contents of e-mails can’t be read by a third party. Because corporation emails may contain business secrecies, any leakage of the email contents may lead to suffer loss.
Secondly, it can’t be juggled. It means that nobody can amend the e-mail after the e-mail is send out .whether the vicious juggling from a third party or the malice amending from the both of communication ,it must lead to the business dissension .
Thirdly, it is identification that means both party communications should affirm the identity of the person who sends out the e-mail. It is business behavior that means the sender is on behalf of his or her corporation. The sender should be responsible for the content of e-mail which is sent out by him or her. Identification of the identity can help corporations to avoid the business dissension. At the same time the receiver can confirm the identity of the sender.
Finally, it is undeniable which means that the sender needs to have credible evidence to prove that the receiver receives the email after he/she has indeed receive the email. As a result, it can prevent the receiver from denying and avoid needless duty dissension.
This article investigates and discusses how to design and realize the e-mail system with perfect security for corporations on the aspect of the technology. By the analysis of the corporation e-mail system and the discussion of various technology about security which is utility applied at present, The article puts forwards the project to solve the security and concrete realization.
Confidentiality of data can confirm that the email is read only by authorized person. This system of confidentiality is realized by cryptogram system. At present there are two cryptogram systems: the symmetrical system and the dissymmetrical system. This system adopts the dissymmetrical cryptogram system, in other words, encoding data by public key realizes the confidentiality of data.
The integrality that the data can’t be juggled means that the system can confirm the integrality of information by inspecting whether the data is changed during the data being sent. This system confirms the integrality of information by adopting the “hash” arithmetic.
The identification of user’s identity means that the sender is responsible for the e-mail sent by the private key signature and the receiver can confirm the identity by the public key. This system realizes the function of the identification by the digital signature.
By sending out the successful sign to the CA authentication center after the receiver succeed in decoding the e-mail, this system realizes the trait that the receiver can’t deny receiving the e-mail that has been sent. The CA signs the successful signature by the private key and then sends out it to the sender.
The development of the email system depends on the information construction of the Jilin Grain Corporation and is based on its post office. This e-mail system has secure functions such as figure signature, encrypting data and decrypting data. This system adopts the structure of PKI security system and the S/MIME e-mail encoding protocol. By building the security e-mail system we can solve various kinds of insecurity fact
企业电子邮件系统不同于普通的电子邮件系统。企业的邮件大部分为商务函件,发出的信件一般都包含一定的商务内容和商业利益。因而企业邮件系统在安全性方面有一些特殊的要求。
首先,是机密性,邮件内容不可以被第三方识别。因为邮件可能涉及到商业机密等重要的与企业利益相关的事务,邮件内容的泄漏可能使企业蒙受损失。
其次,是不可篡改性,邮件发出后,不可以被任何人修改。因为无论是第三方的恶意篡改,还是通信双方的蓄意修改,都会引起商业纠纷。
再次,是身份可识别性,通信双方应当可以对邮件发送者的身份进行确认。发信人发出的信件都是代表公司的一种商业行为,需要为所发信件的内容承担责任,身份识别可避免责任纠纷,同时接收方也可以确定发送者的身份。
最后,是不可抵赖性,在收信方接收到发信方发送的邮件后,发信方需有可靠的证据证实收信方的确收到了该内容的邮件,以防收信方抵赖,避免不必要的责任纠纷。
本文从技术上研究和探讨了如何设计和实现具有良好安全性的企业电子邮件系统。通过对企业邮件系统的分析和目前较为实用的各种安全性技术的讨论, 给出了安全性解决方案及具体实现。
数据的机密性用于确保信息只能被授权读取的一方读取,本系统的数据机密性通过密码体制来实现。目前有两种形式的密码体制:对称的和非对称的。本系统中采用非对称密码体制即公钥密码体制来加密数据以实现数据的机密性。
数据的不可篡改性即数据的完整性是对传输的数据是否在传送的过程中被改变进行检验,以确保传输的消息是完整的。本系统中采用Hash摘要算法来保证数据的完整性。
用户身份的识别是指发信方对用其自己的私钥签名后所发出的信件承担一切责任,
并且接收方在收到信件后可以通过发信方的公钥进行身份验证。本系统通过数字签名来实现这一功能。
对于接收方用户的不可抵赖性,本系统通过当接收方成功解密邮件后将成功标志发给CA认证中心,CA用其私钥签名该成功标志然后发送给发信方。从而实现接收方接收邮件的不可抵赖性。
本系统是以吉粮集团信息化建设为依托,以吉粮集团企业邮局为基础开发的一套具有数字签名、数据加密与解密等安全功能的电子邮件系统。使用PKI安全体系结构,并采用S/MIME电子邮件加密协议的加密思想来指导系统的开发,建立一个具有良好安全性的电子邮件应用系统,从而解决传统邮局中的种种不安全因素,为企业通过电子邮件开展商务活动保驾护航。
本系统从结构设计到系统实施多个方面克服了目前软件开发中的一些弊端与不足。系统在体系结构设计上采用先进的多层体系结构,将表示层与业务逻辑层分离,大大地提高了系统的可扩展性,同时降低了系统升级与维护的费用。系统在实现上采用MVC模式,减弱了业务逻辑接口和数据接口之间的耦合,利于开发人员分工协作,缩短了系统的开发周期,降低了系统成本。另外,系统在安全机制上采用由用户自己生成密钥对,然后交由CA中心签发证书,克服了普通PKI体系结构中的CA权利过大的弊端,进一步提高了邮件系统的安全性。
本文首先对邮件服务器的工作原理以及用到的相关邮件传输协议进行了详细的介绍;然后介绍了用于实现安全电子邮件的PKI架构以及相关加密和鉴别的常用算法,并对每一算法的大体流程作了比较详细的说明;最后分析了qmail 邮件服务器的工作原理并在此基础上给出了系统的总体框图以及邮件发送和接收过程的安全原理,同时提出了一套安全电子邮件系统解决方案,包括安全电子邮件发送模块的设计与实现,接收模块的设计与实现,加密签名模块的设计与实现以及系统的运行环境、部署与测试。
In this information society, the command of communication between corporations is continually increasing, it is essential for any corporation’s survival to obtain and transmit information by a fast and economical way. With the development of Internet technology, as one of the basic services offered by Internet, e-mail has been becoming an important approach to communicate and becoming an indispensable part to realize office automation for its convenience, fastness and cheap expense. More and more Chinese corporations have established their own email systems for systematic management of mailbox and the uniform brand of corporations.
The corporation e-mail system is different from the others. Because corporation emails include many business secrecies, the email system has special request for safety.
First of all, it is confidentiality that means the contents of e-mails can’t be read by a third party. Because corporation emails may contain business secrecies, any leakage of the email contents may lead to suffer loss.
Secondly, it can’t be juggled. It means that nobody can amend the e-mail after the e-mail is send out .whether the vicious juggling from a third party or the malice amending from the both of communication ,it must lead to the business dissension .
Thirdly, it is identification that means both party communications should affirm the identity of the person who sends out the e-mail. It is business behavior that means the sender is on behalf of his or her corporation. The sender should be responsible for the content of e-mail which is sent out by him or her. Identification of the identity can help corporations to avoid the business dissension. At the same time the receiver can confirm the identity of the sender.
Finally, it is undeniable which means that the sender needs to have credible evidence to prove that the receiver receives the email after he/she has indeed receive the email. As a result, it can prevent the receiver from denying and avoid needless duty dissension.
This article investigates and discusses how to design and realize the e-mail system with perfect security for corporations on the aspect of the technology. By the analysis of the corporation e-mail system and the discussion of various technology about security which is utility applied at present, The article puts forwards the project to solve the security and concrete realization.
Confidentiality of data can confirm that the email is read only by authorized person. This system of confidentiality is realized by cryptogram system. At present there are two cryptogram systems: the symmetrical system and the dissymmetrical system. This system adopts the dissymmetrical cryptogram system, in other words, encoding data by public key realizes the confidentiality of data.
The integrality that the data can’t be juggled means that the system can confirm the integrality of information by inspecting whether the data is changed during the data being sent. This system confirms the integrality of information by adopting the “hash” arithmetic.
The identification of user’s identity means that the sender is responsible for the e-mail sent by the private key signature and the receiver can confirm the identity by the public key. This system realizes the function of the identification by the digital signature.
By sending out the successful sign to the CA authentication center after the receiver succeed in decoding the e-mail, this system realizes the trait that the receiver can’t deny receiving the e-mail that has been sent. The CA signs the successful signature by the private key and then sends out it to the sender.
The development of the email system depends on the information construction of the Jilin Grain Corporation and is based on its post office. This e-mail system has secure functions such as figure signature, encrypting data and decrypting data. This system adopts the structure of PKI security system and the S/MIME e-mail encoding protocol. By building the security e-mail system we can solve various kinds of insecurity fact
引文
[1] (美)Richard Blum著,杜鹏 译 《开放源码邮件系统安全》.北京:人民邮电出版社2002.
[2] Jonathan B. Postel,“RFC 821-SIMPLE MAIL TRANSFER PROTOCOL”,
http://www.faqs.org/rfcs/rfc821.html,August 1982
[3] J. Myers、Carnegie Mellon、M. Rose Inc.“RFC 1939 - Post Office Protocol - Version 3”,http://www.faqs.org/rfcs/rfc1939.html,May 1996
[4] M. Crispin.“INTERNET MESSAGE ACCESS PROTOCOL-VERSION 4rev1”,
http://www.ietf.org/rfc/rfc2060.txt,December 1996
[5] N. Freed、N. Borenstein.“Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies” http://www.ietf.org/rfc/rfc2045.txt,November 1996
[6] 刘志凌著,《电子商务核心理论与技术实现》,国防工业出版社,2002年,第一版。
[7] 张先红,《数字签名原理及技术》,机械工业出版社,2004年1月,第一版。
[8] (美)Paul Garrett著,吴世忠 宋晓龙 郭涛 译。《密码学导引》,机械工业出版社,2003年8月,第一版。
[9] Andrew S. Tanenbaum, 计算机网络(第三版)(Computer Networks Third Edition).[M].熊桂喜,等译(Translated by XIONG Gui-xi, et al) 北京:清华大学出版社(Beijing: Tshinghua University Press),2002.
[10] 王衍波、薛通、编著,《应用密码学》,机械工业出版社,2003年8月,第一版。
[11] 刘尊全著,《刘氏高强度公开加密算法设计原理与装置》,清华大学出版社,1998年,第一版。
[12] J. Linn, “RFC1421, Privacy Enhancement for Internet Electronic Mail: Part I: Message Encryption and Authentication Procedures”.
http://www.ietf.org/rfc/rfc1421.txt,February 1993.
[13] J. Galvin, S. Murphy, and S. Crocker,“RFC1847, Security Multipart for MIME: Multipart/Signed and Multipart/Encrypted”[DB/OL].
http://www.ietf.org/rfc/rfc1847.txt, October 1995.
[14] M. Elkins,”RFC2015, MIME Security with Pretty Good Privacy (PGP)”[DB/OL] http://www.ietf.org/rfc/rfc2015.txt,October 1996.
[15] (美)Paul DuBois ,MYSQL权威指南(原书第2版),机械工业出版社,2004年1月,第一版。
[16] flyingroczsu ,“qmail安装文档”,http://www.chinaunix.net 2003年7月。
[17]黄晓华 编著,《qmail完全攻略》,人民邮电出版社,2001年11月,第一版。
[18] 凌云志、雷笑荣 编著,《qmail实用指南》,中国电力出版社,2001年 第一版
[19] (美)Richard Blum 著,赖斌、王宝良 译 ,《qmail实用技术指南》,清华大学
出版社,2001年7月,第一版
[20] (美)Cay S.Horstmann Gary Cornell 著,朱志 王怀 赵伟 等译《Java2 核心技术 卷二:高级特性》,机械工业出版社,2001年 第二版
[21] 徐迎晓 编著,《Java 安全性编程实例》,清华大学出版社,2003年4月 第一版
[22] 南北三巨头拼抢企业邮箱 金笛邮件系统网
http://www.mailer.com.cn/article/view/1241/1/151
[2] Jonathan B. Postel,“RFC 821-SIMPLE MAIL TRANSFER PROTOCOL”,
http://www.faqs.org/rfcs/rfc821.html,August 1982
[3] J. Myers、Carnegie Mellon、M. Rose Inc.“RFC 1939 - Post Office Protocol - Version 3”,http://www.faqs.org/rfcs/rfc1939.html,May 1996
[4] M. Crispin.“INTERNET MESSAGE ACCESS PROTOCOL-VERSION 4rev1”,
http://www.ietf.org/rfc/rfc2060.txt,December 1996
[5] N. Freed、N. Borenstein.“Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies” http://www.ietf.org/rfc/rfc2045.txt,November 1996
[6] 刘志凌著,《电子商务核心理论与技术实现》,国防工业出版社,2002年,第一版。
[7] 张先红,《数字签名原理及技术》,机械工业出版社,2004年1月,第一版。
[8] (美)Paul Garrett著,吴世忠 宋晓龙 郭涛 译。《密码学导引》,机械工业出版社,2003年8月,第一版。
[9] Andrew S. Tanenbaum, 计算机网络(第三版)(Computer Networks Third Edition).[M].熊桂喜,等译(Translated by XIONG Gui-xi, et al) 北京:清华大学出版社(Beijing: Tshinghua University Press),2002.
[10] 王衍波、薛通、编著,《应用密码学》,机械工业出版社,2003年8月,第一版。
[11] 刘尊全著,《刘氏高强度公开加密算法设计原理与装置》,清华大学出版社,1998年,第一版。
[12] J. Linn, “RFC1421, Privacy Enhancement for Internet Electronic Mail: Part I: Message Encryption and Authentication Procedures”.
http://www.ietf.org/rfc/rfc1421.txt,February 1993.
[13] J. Galvin, S. Murphy, and S. Crocker,“RFC1847, Security Multipart for MIME: Multipart/Signed and Multipart/Encrypted”[DB/OL].
http://www.ietf.org/rfc/rfc1847.txt, October 1995.
[14] M. Elkins,”RFC2015, MIME Security with Pretty Good Privacy (PGP)”[DB/OL] http://www.ietf.org/rfc/rfc2015.txt,October 1996.
[15] (美)Paul DuBois ,MYSQL权威指南(原书第2版),机械工业出版社,2004年1月,第一版。
[16] flyingroczsu ,“qmail安装文档”,http://www.chinaunix.net 2003年7月。
[17]黄晓华 编著,《qmail完全攻略》,人民邮电出版社,2001年11月,第一版。
[18] 凌云志、雷笑荣 编著,《qmail实用指南》,中国电力出版社,2001年 第一版
[19] (美)Richard Blum 著,赖斌、王宝良 译 ,《qmail实用技术指南》,清华大学
出版社,2001年7月,第一版
[20] (美)Cay S.Horstmann Gary Cornell 著,朱志 王怀 赵伟 等译《Java2 核心技术 卷二:高级特性》,机械工业出版社,2001年 第二版
[21] 徐迎晓 编著,《Java 安全性编程实例》,清华大学出版社,2003年4月 第一版
[22] 南北三巨头拼抢企业邮箱 金笛邮件系统网
http://www.mailer.com.cn/article/view/1241/1/151