电子商务系统中的安全机制研究

【作者】 李凤银；

【导师】 刘培玉；

【作者基本信息】 山东师范大学 ， 管理科学与工程， 2003， 硕士

【摘要】 随着信息技术日新月异的发展，人类正在进入以网络为主的信息时代，基于Internet开展的电子商务已逐渐成为人们进行商务活动的新模式，越来越多的人通过Internet进行商务活动，电子商务的发展前景十分诱人。但电子商务的安全问题变得越来越突出，如何建立一个安全、便捷的电子商务应用环境，保证整个商务活动中信息的安全性，使基于Internet的电子交易方式与传统交易方式一样安全可靠，已经成为大家十分关心的热门话题。 目前国内企业发展电子商务的最大顾虑是安全性问题，信息的安全性是当前发展电子商务最迫切需要解决的问题，研究和分析电子商务的安全性问题，特别是针对我国自己的国情，充分借鉴国外的先进技术和经验，开发和研究出具有独立知识产权的电子商务安全产品，已经成为目前我国发展电子商务的关键。 由于电子商务安全涉及的范围比较广，而身份认证是电子商务安全的第一道防线，本文主要对电子商务安全中的身份认证技术做深入地分析和探讨。 本文对电子商务系统中的主要安全技术进行了简单的介绍，并对其中的身份认证技术进行了深入的分析和探讨，找出了现存身份认证系统中的安全漏洞和不足，提出相应的解决方案。将改进的一次性口令认证技术和有限域上椭圆曲线密码技术分别应用于B2C和B2B电子商务身份认证系统中，提出一种新的电子商务身份认证系统结构模型，并实现了该电子商务身份认证系统，该身份认证系统可以有效地抵御重放攻击和小数攻击。在具体实现时，又将智能卡技术引入B2B电子商务系统中，进一步提高了B2B电子商务身份认证系统的安全性和实用性。 本文主要做了以下几个方面的工作： (1)对一次性口令认证技术进行了深入的分析和探讨，针对现存一次性口令认证系统不能抵御小数攻击的安全漏洞，提出一种改进的一次性口令认证机制，这种认证机制能够有效地抵御小数攻击和重放攻击，而且使用时不需要客户端做任何设置和安装任何软件。 (2)对各种身份认证技术进行分析，找出基于对称密钥算法的身份认证技术的不足，并对基于不同难题的公开密钥算法的性能进行深入的分析和比较，找出综合性能比较好的公开密钥算法以应用于电子商务身份认证系统中。 山东师范大学硕士学位论文——电子商务系统中的安全机制研究 （3）将有限域上的椭圆曲线密码算法（ECC）应用于电子商务中的身份认证系统，提出基于有限域上椭圆曲线点群中离散对数问题的身份认证机制，仅用短的密钥就可以达到RSA／DSA算法很长密钥的安全强度（目前，大约224bits的ECC就可以达到2048的RSA的强度）。 ④ 将改进的一次性口令认证技术和有限域上椭圆曲线密码技术ECDSA分别应用于BZC和 BZB电子商务身份认证系统中，提出一种新的电子商务身份认证系统结构模型。 o）结合智能卡技术，设计并实现了基于改进的 OTP技术和 ECDSA算法的电子商务身份认证系统。 本文介绍的电子商务身份认证系统，迎合普通用户方便、安全的需求，用改进的一次性口令认证技术实现身份认证；迎合合作伙伴用户对安全性的特殊需求，用高安全性、高可靠性的ECDSA签名技术结合智能卡来实现，具有较强的实用性和较高的安全性。在我国叫 基础设施尚不完善的今天，结合了本身份认证系统的电子商务系统更具实用性，更有利于电子商务的普及。更多还原

【Abstract】 With the rapid development of Information and Technology, human race is coming into a new era of network and information. Electronic Commerce based on Internet has become a new mode for people to pursue commerce. With more and more people execute their commerce through Internet, the prospect of Electronic Commerce is becoming more and more attracting. But at the same time, the security problem of Electronic Commerce is becoming more and more obvious. How to establish a secure and convenient application environment of Electronic Commerce has become a current topic. In the secure application environment electronic transaction should have the same security and reliability as the conventional transaction through face-to-face exchange.Now what enterprises in our country mind is the security problem, so the security of information is the most important problem to solve before developing Electronic Commerce. It has become the key of developing Electronic Commerce to study and analyze the security of Electronic Commerce and then to exploit Electronic Commerce security products of our own knowledge rights.As Electronic Commerce security involves many aspects and status authentication is the first defence in Electronic Commerce security, so this thesis mainly analyzes and probes the technologies of status authentication.After simple introduction of security technologies in Electronic Commerce, this thesis analyzes and probes deeply the technologies of status authentication, and then finds out the deficiency of the extant systems of status authentication and gives the corresponding solution schenism. This thesis applies respectively the improved One-Time Password authentication mechanism and the Elliptic Curve Digital Signature Algorithm status authentication mechanism to Business-to-Client (B2C) and Business-to-Business (B2B) Electronic Commerce systems, and provides a new framework model of ElectronicCommerce status authentication systems. At last, This thesis gives an implementation of the status authentication system, which can resist the small-number attack and replay attack. During the implementation, Intelligent Card technology is introduced into the Business-to-Business Electronic Commerce system, and then improves the security and utility of the status authentication system in the Business-to-Business Electronic Commerce.The main work of this thesis include the following aspects:(1) After deeply analyzing and probing the One-Time Password authentication technology, aiming for the deficiency of the extant systems of One-Time Password authentication, this thesis proposes an Improved One-Time Password authentication schenism, which can efficiently resist the small-number attack and replay attack. What’s more, during implementation the improved authentication mechanism does not require the user in the client end to install any software or to modify any configuration.(2) This thesis analyzes the deficiency of status authentication based on symmetric cryptography, analyzes the technologies of status authentication based on public-key cryptography, and especially analyzes the algorithms based on different difficult problems.(3) This thesis applies the elliptic curve cryptography over finite fields to the status authentication systems in the Electronic Commerce and proposes a new status authentication mechanism based on the discrete logarithm problem in the points on elliptic curves over finite fields. This new status authentication mechanism can provide increased speed and decreased key size for a given level of security.(4) This thesis applies respectively the improved One-Time Password authentication mechanism and the status authentication mechanism based on the discrete logarithm problem in the points on elliptic curves over finite fields to Business-to-Client(B2C) and Business-to-Business(B2B) Electronic Commerce systems, and proposes a new framework model of Electronic Commerce status authentication systems.(5) Combining the Intelligent Card technology, this t更多还原