【作者】 李荣森；

【导师】 窦文华；

【作者基本信息】 国防科学技术大学 ， 计算机科学与技术， 2006， 硕士

【摘要】 随着网络的发展,安全性变得越来越重要。本文以这种需求为背景,对军用仿真网络数据保密传输技术进行了研究。主要研究了数据加密技术和密钥管理技术两个主要的方面。数据加密是保证通信安全的最基本和最常用的技术,本文广泛研究了以DES、IDEA、AES为代表的各种对称加密算法和以Diffie-Hellman、RSA、ECC为代表的各种公开密钥加密算法。并以实际应用为背景,分析了每种算法的优劣和应用前景,以及我们应该优先采用的算法等。模幂计算技术是很多公钥密码算法的基础技术,是保证这些公钥算法可应用于实际中的关键一环。文本研究了各种模幂计算技术,分析了各种算法的适用环境,之后根据工程应用的实际情况,我们对蒙哥马利算法提出了一点改进,有效提高了算法的运行效率并降低了工程实现的复杂性。同时,我们提出了改进的素数产生方案,使素数产生的速度有了很大提高。密钥管理是数据保密传输过程中不可缺少的重要一环。本文研究了Kerberos等密钥管理技术,分析了其工作原理等。在此基础上,我们进行了军用仿真网络密钥管理技术的研究。我们提出了一种新的军用仿真网络端到端密钥管理技术。该技术以HMAC协议和Diffie-Hellman算法为核心,在保证网络内部数据传输安全性的的同时,可有效减少PKI密钥管理方式所需要的开销。我们提出了一种新的军用仿真网络组播密钥管理技术,与GDH等技术相比,在保证安全性的前提下,新的组密钥管理技术的开销明显减小。在文章的最后,我们给出了仿真安全平台软件系统的设计实现。以上述研究的技术为基础,描述了软件系统的总体设计以及部分模块的具体实现。更多还原

【Abstract】 With the developing of network, safety is becoming more and more important. Considering this need, we decide to do the research on military based secure data transferring technologies. We focus on encryption technology and key-management technology.Encryption is the basic and widely used technology to protect communication. In this paper, we study on all kinds of key-based algorithms, include both symmetric and public-key algorithms, such as DES, IDEA, AES, Diffie-Hellman, RSA and ECC. We point out the strengths and weaknesses of each algorithm, and the algorithms we should adopt.Public-key cryptographic systems often involve raising elements of some group to large powers. An important question is how fast this exponentiation can be done, which often determines whether a given system is practical. In this paper we survey the known methods for fast exponentiation, examining their relative strengths and weaknesses, and then choose the methods that best fit our condition. Based on our experiences, we put forward some improvements on Montgomery algorithm, which effectively improve the speed. In addition, we present our improved prime test method, which also obviously improve the speed of prime-generation.Key-management technology is indispensably in secure data transferring. We study on Kerberos technology and so on. We describe the basic issues of them, and discuss the development of them. Then we put forward a new method of end to end key-management. The new method is based on HMAC protocol and Diffie-Hellman algorithm. It can effectual insure the safety of data tranfsering in a local network. At the same time, it can much reduce the cost that PKI bring. We also put forward a new method of group-key-management, which obviously reduce the cost of GDH.At the end, we describe the design and implementation of the software of safe-emulation-platform. We present the top design and some implementation of its modules.更多还原