本文選題：網(wǎng)絡(luò)安全 + 密碼學(xué)　； 參考：《吉林大學(xué)》2014年碩士論文

【摘要】：網(wǎng)絡(luò)通信技術(shù)與Internet的聯(lián)系日益增強，也帶來了一系列的信息安全問題。如何保證合法用戶對資源的合法訪問和安全地傳輸數(shù)據(jù)，成為網(wǎng)絡(luò)安全的主要內(nèi)容。 本文首先介紹了密碼學(xué)的一些基本理論，尤其是對稱密碼和公鑰密碼作了詳細地介紹，分析了對稱加密和公鑰加密算法的適用場合和密鑰的分配方式，對對稱加密和公鑰加密各自的優(yōu)缺點進行了對比。此外，還介紹了消息認證、散列函數(shù)、數(shù)字簽名和認證協(xié)議等密碼學(xué)中的相關(guān)技術(shù)。 然后詳細研究了Kerberos協(xié)議的認證思想，對其工作原理、系統(tǒng)組織結(jié)構(gòu)以及認證的基本過程做了詳細地介紹，指出了Kerberos協(xié)議在認證過程中存在的不足。并以Kerberos V4為例，分析了其域內(nèi)認證過程，指出它應(yīng)用環(huán)境的局限性、口令攻擊的脆弱性、密鑰管理的困難性等缺陷。針對Kerberos協(xié)議的特點和不足，以密碼學(xué)作為基礎(chǔ)理論，本文對kerberos協(xié)議的認證過程進行了改進，提出了基于公鑰密碼體制的kerberos認證過程，并對改進后的kerberos協(xié)議的系統(tǒng)結(jié)構(gòu)、工作原理和認證過程做了詳細的描述。重點闡述了服務(wù)認證、服務(wù)授權(quán)和應(yīng)用服務(wù)的消息交換過程以及消息內(nèi)容的基本組成元素，并分析了改進后協(xié)議的安全性能及與原協(xié)議的異同點。 最后本文針對上述理論研究成果，設(shè)計并實現(xiàn)了基于kerberos的互聯(lián)網(wǎng)安全傳輸軟件，該軟件系統(tǒng)的基本功能是為客戶端與應(yīng)用服務(wù)器提供聊天功能。為了保證通信雙方的聊天內(nèi)容不被第三方非法盜取，本系統(tǒng)的身份認證采用本文第四章的研究內(nèi)容作為理論依據(jù)，并且增加了選擇會話期加密算法的功能。會話密鑰采用RSA算法加密，明文用可選擇的非對稱加密算法加密，用SHA算法產(chǎn)生消息摘要來實現(xiàn)消息認證。這樣系統(tǒng)即解決了密鑰分配和管理的難題，也保證了通信雙方所交換數(shù)據(jù)的完整性。 該系統(tǒng)能夠為用戶提供身份認證服務(wù)，生成用戶請求服務(wù)器各種服務(wù)的票據(jù)，根據(jù)用戶選擇的加密算法生成會話密鑰并安全地分發(fā)會話密鑰，通過實際使用證明了改進的kerberos認證協(xié)議能夠?qū)υ瓍f(xié)議進行很好的完善。但本系統(tǒng)還存在不足，例如身份認證仍然是利用時間戳來防止“重放攻擊”，但是要保證系統(tǒng)內(nèi)的時鐘同步是非常難的。盡管改進的協(xié)議還不完美，，但也能基本滿足信息安全中對傳送消息的可靠性、完整性、真實性和保密性的要求，能夠有效的防止攻擊者對信息的非法竊聽、獲取、修改和重放攻擊。
[Abstract]:The connection between network communication technology and Internet is increasing, and it also brings a series of information security problems. How to ensure legitimate users to access the resources legally and transmit data safely is the main content of network security.
In this paper, some basic theories of cryptography are introduced, especially symmetric and public key cryptography are introduced in detail. The application of symmetric encryption and public key encryption algorithm and the distribution mode of key are analyzed. The advantages and disadvantages of symmetric encryption and public key encryption are compared. In addition, the message authentication and hash function are also introduced. Cryptography related technologies such as number, digital signature and authentication protocol.
Then the authentication idea of Kerberos protocol is studied in detail, the principle of its work, the organization structure of the system and the basic process of authentication are introduced in detail, and the shortcomings of the Kerberos protocol in the authentication process are pointed out. The authentication process in the domain is analyzed with Kerberos V4 as an example, and the limitation of its application environment and the password attack are pointed out. Vulnerability, the difficulty of key management and so on. Aiming at the characteristics and shortcomings of the Kerberos protocol, using cryptography as the basic theory, this paper improves the authentication process of the Kerberos protocol, puts forward the Kerberos authentication process based on public key cryptosystem, and the system structure, working principle and authentication of the improved Kerberos protocol. The process is described in detail. It focuses on the information exchange process of service authentication, service authorization and application service and the basic components of the message content, and analyzes the security performance of the improved protocol and the similarities and differences with the original protocol.
Finally, aiming at the above theoretical research results, this paper designs and implements a Kerberos based Internet security transmission software. The basic function of the software system is to provide the chat function for the client and the application server. In order to ensure that the chat contents of the two parties are not stolen by third parties illegally, the identity authentication of this system uses this article fourth. The research content of the chapter is the theoretical basis, and the function of selecting the session period encryption algorithm is added. The session key is encrypted by the RSA algorithm, the plaintext is encrypted with an optional asymmetric encryption algorithm, and the message digest is generated by the SHA algorithm. So the system solves the problem of key distribution and management, and also guarantees the communication. The integrity of the data exchanged between the two parties.
The system can provide authentication services for users, generate a user's request for various services on the server, generate session key according to the encryption algorithm selected by the user and distribute the session key safely. It is proved that the improved Kerberos authentication protocol can improve the original protocol well. However, the system still exists. For example, identity authentication still uses time stamps to prevent replay attacks, but it is very difficult to ensure that the clock synchronization in the system is very difficult. Although the improved protocol is not perfect, it can also basically meet the reliability, integrity, authenticity and confidentiality of message security in information security, and can effectively prevent attacks. Illegal eavesdropping, acquisition, modification and replay of information.
【學(xué)位授予單位】：吉林大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2014
【分類號】：TP393.08;TN918.1

【參考文獻】

相關(guān)期刊論文 前10條

1 史曉影;;基于動態(tài)口令身份認證系統(tǒng)的設(shè)計與實現(xiàn)[J];辦公自動化;2007年02期

2 陳云;高靜;鄧亞平;;Kerberos認證協(xié)議的研究及其優(yōu)化[J];重慶郵電學(xué)院學(xué)報(自然科學(xué)版);2006年S1期

3 楊文有;;網(wǎng)絡(luò)安全認證的淺析[J];赤峰學(xué)院學(xué)報(自然科學(xué)版);2009年05期

4 王婧婧;趙艷秋;陳越新;;VSAT網(wǎng)絡(luò)實時拓撲結(jié)構(gòu)與通聯(lián)分析模型[J];電視技術(shù);2012年09期

5 姚軍偉,左軍;信息加密技術(shù)在軍事領(lǐng)域的應(yīng)用[J];計算機安全;2005年10期

6 張雨;;計算機網(wǎng)絡(luò)信息安全縱深防護模型分析[J];電子制作;2013年06期

7 戴薛;;環(huán)境參數(shù)遠程監(jiān)測系統(tǒng)研究[J];湖北林業(yè)科技;2013年02期

8 查東輝;;試論計算機網(wǎng)絡(luò)通信協(xié)議[J];電腦知識與技術(shù);2013年14期

9 韋堅平;;淺談計算機應(yīng)用的發(fā)展現(xiàn)狀和發(fā)展趨勢[J];電子技術(shù)與軟件工程;2013年12期

10 王浩羽;;網(wǎng)絡(luò)安全技術(shù)與網(wǎng)絡(luò)信息資源管理探討[J];硅谷;2013年14期

本文編號：2018589