节点文献
基于SSL协议的Web信息安全通道的设计与实现
Design and Implement of the Web Information Security Channel Based on SSL Protocol
【作者】 卞长喜;
【导师】 周大水;
【作者基本信息】 山东大学 , 计算机软件与理论, 2008, 硕士
【摘要】 随着计算机网络技术特别是Internet技术的发展,网络安全日益受到人们的重视。Internet构建在TCP/IP协议上,而TCP/IP协议并未提供任何安全措施,针对Internet存在的安全问题,人们提出了多种解决方案。其中,网络环境中的数据安全传输协议,对于应用的安全性起着非常重要的作用,已经成为影响网络进一步发展的重要因素。SSL协议便是Internet上应用最为广泛的网络数据安全传输协议。SSL协议隶属于会话层,处于有连接的会话层之上,它一经产生就在Internet领域发挥了巨大作用。目前,国外著名的商用浏览器和Web服务器都支持SSL协议,SSL已成为最流行的WWW安全协议。目前已经有若干国外厂商推出了基于SSL的安全产品,但是协议在核心密码算法上都有出口限制,大多采用一些低安全强度(56位以下)的弱加密算法,而且协议代码不公开,根本无法满足我国实际应用中的安全需求。针对电子商务、电子政务和其他事务管理系统的安全发展需要,本文作者在研究SSL的基础上,参考当前较为成功的SSL实现技术方案,论述了能够充分保证Web通信安全的客户端SSL安全代理的设计与实现。本论文主要由两部分构成,第一部分结合保密性、数据完整性和身份认证等安全性对SSL协议进行详细的分析,着重分析了SSL握手协议,并针对目前存在的对SSL的攻击提出了相关的应对措施。第二部分在对SSL协议分析研究的基础上,介绍了SSL客户端安全代理的设计与实现。最后指出了需要进一步完善的工作。
【Abstract】 With the development of computer network especially the Internet, the security of network receives more and more attention. The Internet is based on TCP/IP protocols, but TCP/IP protocols can’t guarantee the security. To solve these problems, various solutions have been brought up. The secure transport of data has become the emphasis of network environment and one of important factors of network development. SSL protocol is one of the most famous secure protocols.SSL protocol belongs to the session layer, and plays an important role in the Internet. Presently, many of the famous commercial products of browsers and web servers support SSL. SSL has become the most prevailing WWW secure protocol.Many develops have released secure products based on SSL, but, most of the secure protocols are subject to the limitation of export regulations. Most of them adopt weak cryptography algorithms (with key of 56bit downwards) and its source code isn’t published. To satisfy the demands of the e-governmental affair, e-commerce and other affairs, we developed a SSL proxy on client side.This thesis consists of two parts. The first one analyses SSL based on confidentiality, integrity and authentication, SSL handshake protocol are described in detail. Provides some measures against current attacks on SSL protocol. The second one presents the design and implement of SSL secure proxy on client side. In the end, the author points out the work should be improved in the future.
【Key words】 SSL Protocol; Identity authentication; Digital signature; Transmission encryption; Secure proxy;