节点文献
SSL协议安全性分析及其在WWW系统的应用研究
The Security Analysis of SSL Protocol and Its Development in WWW System
【作者】 王立新;
【导师】 赵广利;
【作者基本信息】 大连海事大学 , 计算机应用技术, 2003, 硕士
【摘要】 随着计算机网络技术特别是Internet技术的发展,网络安全日益受到人们的重视。网络环境中的数据安全传输协议,对于应用的安全性起着非常重要的作用,已经成为影响网络进一步发展的重要因素。目前,国外著名的商用浏览器和Web服务器都内嵌地支持SSL协议,SSL己成为最流行的WWW安全协议。 但是,国外主流的电子商务安全协议在核心密码算法上都有出口限制,如只允许40位或56位的RC4和512位的RSA算法出口等,而且协议源代码不公开,根本无法满足我国电子商务实际应用当中的安全需求。因此,在国际同行的研究基础上,尽量吸取和掌握其思想、原理的先进性,结合我国自有密码算法,设计或者改造相关的安全传输协议,将这些协议实现与现有应用系统和操作系统结合起来是十分有意义的工作。 本文首先介绍了密码学方面的基础知识,接着介绍了身份认证中的消息摘要算法和数字签名的原理以及X.509证书,这些是公钥加密体系中身份认证的基础。然后分析了SSL协议,着重分析了SSL握手协议及SSL协议各部分的安全性和抗攻击能力,并在SSL(Secure Sockets Layer)协议的研究基础上,详细介绍了一个基于JAVA的SSL安全Web系统的设计方案、技术特点与实现方法。最后指出了需要进一步完善的工作。
【Abstract】 With the development of computer network especially the Internet, the security of network receives more and more attention. The secure transport of data has become the emphasis of network environment and one of important factors of network development. Presently, many of the famous commercial products of browsers and web servers support SSL internally. SSL has become the most prevailing WWW secure protocol.However, most of the electronic business secure protocols are subject to the limitation of export regulations. For example, only 40 bits or 56 bits of RC4 algorithm and 512 bits of RSA algorithm are permitted to export, and its source code isn’t published. It isn’t satisfied with the secure requirement of the electronic business in our country. It’s very significant to design or rebuild the secure transport protocol with our own cryptogram algorithm based on the research of its idea and principle.In this article, the fundamental knowledge of cryptography are introduced first. The author introduces the message digest algorithm, digital signature and X.509 certificate which are the foundations of authentication in public-key systems. Next, SSL protocol is analyzed. SSL handshake protocol and the security of SSL are described in detail. Then, the system design plan, critical technology and implement method of a secure web system based on JAVA are proposed. In the end, the author points out the work should be improved in the future.
【Key words】 Network Security; Secure Socket Layer; WWW System; SSL; JAVA;
- 【网络出版投稿人】 大连海事大学 【网络出版年期】2003年 03期
- 【分类号】TP393.08
- 【被引频次】6
- 【下载频次】364