【作者】 苏锐丹；

【导师】 周利华；

【作者基本信息】 西安电子科技大学 ， 计算机应用技术， 2010， 博士

【摘要】 电子政务是国家政府机关利用现代信息技术,将管理与服务通过信息化集成,在网络上实现政府组织结构和工作流程的优化重组,超越时间、空间与部门分割的限制,全方位地向社会提供优质、高效、规范、透明的管理和服务。网络信息安全作为国家安全的重要内容,是制约电子政务建设中的关键性问题之一。我国电子政务安全工程建设虽然已经建立起一套可供参考的技术规范体系,但面对日新月异的信息技术发展,仍然存在一些关键问题需要解决,比如,传统信息安全基础设施的瓶颈定位与突破,在安全基础设施中引入基于身份密码学及其安全性评估,复杂多域环境下的安全应用集成,应用系统中的公平责任认定,基于协议的密钥恢复机制,基于SSL/TLS的应用系统的安全认证技术等。本文深入地研究了电子政务安全工程中突出的几个关键技术,包括PKI/PMI撤销管理优化技术、基于身份的公钥基础设施、复杂域环境联合身份管理、电子交易公平防抵赖、网络层基于协议的密钥恢复方案、传输层的基于协议密钥恢复方案以及中间人攻击与防护方案。具体地讲,本文成果包括以下几个方面：1、分析传统公钥基础设施PKI/授权管理基础设施PMI在应用中存在的瓶颈,针对撤销管理问题,提出了面向分布式环境的D-OCSP服务模式与简明在线证书状态协议S-OCSP国标草案。前者采用离线密码学的思想,通过将秘密信息从处于在线状态的RTC应答器中抽取出来,置于处于离线状态的RTCA服务器中,由RTCA针对CA所签发的所有证书的状态列表产生OCSP应答证据集合,并发布给RTC应答器,供其在处理依赖方OCSP请求时使用,从根本上解决了"Trusted OCSP"在可扩展性、可用性、安全性方面存在的问题。后者作为标准OCSP的补充,旨在解决特定环境下数字证书状态查询的性能问题。实验证明S-OCSP协议具备明显优于标准OCSP协议的性能,显著降低应用服务器证书撤销检查的开销。2、研究基于身份的PKI,对其进行安全性评估,与传统PKI进行对比分析,包括系统公共参数可信分发、私钥安全签发、密钥托管、多域支持、与传统PKI集成等方面。面向内容分发系统的实际安全需求,采用基于身份PKI提出了一种新的面向群组的安全内容分发方案,满足接收方访问控制、发送方鉴别与防抵赖、策略加密等安全要求,将发送方的计算和通信代价降为O(1),同时具有密钥管理简单、计算和通信代价低、易于实现等特点,能方便地应用于商业的组播内容分发系统。3.、针对基于面向服务架构的虚拟组织中存在的服务联合安全问题,对跨域服务联合的关键安全需求进行分析,研究现有联合身份管理技术,提出跨域服务联合安全框架,通过一个实例清晰阐述跨域服务联合中的安全功能,包括信任拓扑管理、联合登录/退出、基于属性的访问控制、委托授权等和隐私保护等。最后探讨了不同联合身份管理机制的互操作问题。4、提出面向传统B/S架构Web应用的公平防抵赖协议与面向Web服务应用环境的公平防抵赖协议,二者均是基于Online-TTP模式。前者能将公平防抵赖功能嵌入到一次HTTP请求与应答交互中,后者能嵌入到一次Web服务调用实现中。均采用证据链接思想减轻了证书撤销检查和签名时间戳生成的开销,从而整体上提高证据验证和管理的效率。协议具备强公平性、及时性、高效和实用性强等特点。5、对基于协议的密钥恢复机制进行分析,探讨了应用基于身份加密算法的优缺点；给出IPSec密钥恢复机制的设计与实现,针对预共享密钥/签名认证/公钥加密/改进型公钥加密四种认证方式,以及主模式和野蛮模式所涉及的各种情况,给出密钥恢复实现机制,并分析前向安全性和IKEv2的适用性,通过实验证实在采用自动密钥协商的IPSec通信中嵌入密钥恢复是容易的,并同样可以满足不可过滤、可与标准协议实现互操作、实时密钥恢复要求。6、在对SSL/TLS协议与SSLVPN国标进行安全性分析的基础上,给出基于协议的SSL/TLS密钥恢复方案,分析其实用性；提出一种基于代理实现的SSL/TLS中间人攻击方案,分析其安全威胁,给出安全增强建议,并研究会话感知的SSL/TLS中间人攻击防护方案；从正面角度分析其在内容安全过滤、防基于协议的密钥恢复、协议定制方面的应用。提出集成化的会话感知S-ZTIC解决方案,同时抵御中间人攻击与恶意软件攻击。更多还原

【Abstract】 E-government is promoting our state to perform information-based integration of management and service via modern information technology, achieving optimized reengineering of network-based organization structures and workflows, breaking through time, space and department limitation, providing high-quality, effective, formal, and transparent management and service to society in every aspect. Information security, being a core for state security, has always been one of the crucial issues restraining e-government construction and development. Although a set of technological architectures for e-government security engineering have been developed, there are still some fundamental issues worth looking into, such as bottleneck analysis and reduction for traditional security infrastructure, the application and security evaluation of identity-based cryptography in security infrastructure, security integration for applications in complicated multi-domain environment, duty tracing in transactions, protocol-based key recovery mechanism, secure authentication in SSL/TLS-based system and etc.This thesis is in depth concerned with the research on several key technologies in e-government security engineering, including the optimization for revocation management in traditional public key infrastructure PKI and privilege management infrastructure PMI, security evaluation of identity-based public key infrastructure, complicated multi-domain federated identity management, fair non-repudiation for online transaction, protocol-based key recovery and its application in network-layer and transport layer virtual private networks, and SSL/TLS man-in-the-middle attack and protection.The thesis makes several contributions, including:1. We analyze the application bottlenecks of traditional public key infrastructure and privilege management infrastructure; Aiming at revocation problem, an D-OCSP service mode for distributed environment and an Chinese standard draft-Simple online certificate status protocol S-OCSP-are proposed; the former exploits the idea of offline cryptography, removes secret information from online RTC responder and places them in RTCA server which stays offline. RTCA generates OCSP response proof set according to the status set of all the certificates issued by CA and publishes the proof set to all the RTC responders which use them to process OCSP requests sent from relying parties. By this way, distributed OCSP solves the issues in scalability, availability and security brought by "Trusted OCSP" radically and OCSP service is optimized as a whole; the latter, as a supplement for standard OCSP, is used to provide high performance for revocation checking in application servers. Experiments manifest that S-OCSP owns better performance than standard OCSP and reduces the cost of certificate revocation in application servers.2. Compared with traditional PKI, identity-based PKI is introduced and a comprehensive security evaluation is done, including trusted delivery of system parameters, secure private key issuing, key escrow, multi-domain support, integration with traditional PKI and etc. A new secure group-oriented content distribution scheme is presented, exploiting identity-based PKI. The scheme meets many essential requirements which include receiver access control, source authentication and non-repudiation, policy-driven encryption, obtains an O(1) cost for sender-side computation and communication, and owns properties such as simple group key management, low computation and communication cost, ease for implementation. It can be used to deploy commercial multicast content distribution system.3. Aiming at security issues of service federation in SOA-Based virtual organization, this paper discusses service federation by cross-domain service orchestration and choreography, analyzes critical security requirements of service federation for virtual organization, surveys the dominant technologies on federated identity management, proposes a security framework suitable for cross-domain service federation, and clarifies several fundamental security functions, such as trust topology management, federated sign-on/sign-out, attributed-based access control and delegation authorization and privacy protection. Finally, the interoperation of different federated identity management technologies is introduced.4. Two fair non-repudiation protocols are proposed based on Online-TTP mode. The former is used in traditional web applications based B/S architecture, and can be embedded in one round exchange for HTTP request and response. The latter applies to web services transactions and can be embedded into single web service call. Both protocols adopt evidence chaining to decrease the overhead of evidence verification and management and alleviate the overhead of certificate revocation checking and time-stamp generation for signatures. The protocols own properties of strong fairness, timeliness, efficiency and practicability.5. The paper analyzes protocol-based key recovery, discusses the advantages and disadvantages of identity based encryption, designs and implements protocol-based key recovery mechanism for IPSec, including four authentication methods-preshared key, signature, public key encryption and revised public key encryption, and two working mode-main mode and aggressive mode. Analysis on perfect forward security and IKEv2 is given. Experiments prove that it is easy to embed key recovery in IPSec VPN with valuable properties such as unfilterability, inter-operability, hidden key recovery and real time key recovery.6. Based on a comprehensive security analysis on SSL/TLS protocol and Chinese SSL VPN standard, a protocol-based key recovery scheme for SSL/TLS is given and its practicability is discussed. We present a proxy-based MITM attack scheme, give a dedicated analysis of security threat, and propose mechanisms for security enhancement, with a main focus on the session-aware MITM protection scheme. From the positive point of view, application of this attack in content filtering security, key recovery prevention and protocol customization is illustrated. A conclusion is that proxy-based MITM for SSL/TLS can be adopted to implement valuable function for positive security protection while it indeed brings us the noticeable security threat. An integrated session-aware S-ZTIC solution is designed, which can defend against both the MITM attack and malicious software attack.更多还原