节点文献

IP协议数据报文分组安全传输的研究

Research on Secure Transportation of Data Blocks of IP Protocol

【作者】 罗恒洋

【导师】 苏国平;

【作者基本信息】 新疆大学 , 计算机应用技术, 2003, 硕士

【摘要】 目前,广大网络用户通过Internet互连网进行信息的交流,相互传送双方需要的数据资料。随着网络用户的增加,网络用户传输的数据信息在网络上被窃取的事件越来越多,研究在公开的网络环境如何保护用户的信息越发显得重要。 网络用户终端大多使用TCP/IP通信协议完成信息的传输任务,TCP/IP协议是层次结构的通信协议,用户数据信息被划分成一个个的数据分段,经过各层协议时,添加上各层协议的控制信息,作为数据分段的头部信息,这个头部信息说明了各相应层通信的规则,数据分段经各层封装后最终形成物理数据帧通过物理链路送到通信网络上传输。物理数据帧经过各路由结点时还原成IP数据分组的形式进行路由转发,这时的IP数据分组以明文方式存在,信息内容极易泄露。 广泛使用的TCP/IP协议的网络层协议(IPV4)由于缺少安全机制,可以在IP协议层对IP数据报文分组采取一些安全保护措施,如:对IP数据报文分组不再以有意义的明文方式进行传输,对IP数据报文分组加密,以密文的方式在通信网络中传送;采用生成报文文摘码与报文分组一同传送的方式,防止数据报文分组在通信网络中被篡改;对文摘码用通信用户的私有密钥进行加密,可以确保数据报文分组是从可靠的通信用户发送来的,即对每个数据报文分组实行数字签名。本论文中对于一组远程分布的用户,通过Internet传输数据,对他们系统中的IP协议增加上述三种功能,并在系统中增加一个密钥信息数据库,保存这组用户相互公布的公钥,论文中还设计了一种会话密钥交换算法完成用户的密钥交换任务,为这组远程分布用户提供一个完全透明的安全通信信道。

【Abstract】 Ten thousands of the network users communicate and exchange their data materials on the Internet at present. As the network user increases very quickly, more and more criminal events by network take place frequently. It is very important to study how to protect the network user’s data materials that were placed on the network.Many network users use TCP/IP protocols that were composed of a series of protocol layers to finish their communication tasks. The user’s data information is divided into a great many of data blocks. When the data blocks are transported through the layers of the protocols, they are added the controlled information in their headers. These controlled information express the regularity of each protocol layers. After the data blocks were packeted, they formed the physical data frames that were transported in the network. The physical data frames will be transformed into the forms of IP packets when they arrive at every router nodes. The IP data packets are stolen easily because they are plaintext in every router nodes.According to the principles of the network, this thesis proposes a practical method to improve the secure function of the TCP/IP protocols. For example, the user’s data materials were encrypted before they were transmitted. The data materials existed on the network in the forms of ciphertext, so this information was useless to the stealers. To prevent the data materials from being modified illegally we may add data message digest into the data packets. The digital signature helps us to recognize the data blocks that are transmitted from the reliable communication users. These secure methods provide the network users with a transparent and secure communication channels.

【关键词】 算法数据分组机密性完整性数字签名
【Key words】 AlgorithmData blocksPrivacyIntegrityDigital signature
  • 【网络出版投稿人】 新疆大学
  • 【网络出版年期】2004年 01期
  • 【分类号】TP393.08
  • 【下载频次】97
节点文献中: