本文選題：SSL　切入點(diǎn)：選擇性部分恢復(fù)　出處：《中南大學(xué)》2014年碩士論文　論文類型：學(xué)位論文

【摘要】：摘要：隨著電子商務(wù)的快速普及和在線支付服務(wù)質(zhì)量的提升,因特網(wǎng)的服務(wù)模式已經(jīng)由傳統(tǒng)的信息瀏覽模式向在線交易轉(zhuǎn)變。因?yàn)镮nternet本身的開(kāi)放性,使得一些對(duì)Internet依賴較高的服務(wù)都有著很高的安全需求。安全套接層協(xié)議(SSL協(xié)議)以及它的后續(xù)版本安全傳輸層協(xié)議(TLS協(xié)議)被廣泛用來(lái)保障互聯(lián)網(wǎng)中兩個(gè)通信實(shí)體的通信安全。 毫無(wú)疑問(wèn),保證客戶端和服務(wù)器端之間的連接通暢對(duì)于各種安全級(jí)別要求較高的網(wǎng)絡(luò)服務(wù)至關(guān)重要。通常,由于SSL服務(wù)器負(fù)載過(guò)重,會(huì)導(dǎo)致SSL連接頻繁中斷的情況出現(xiàn)。針對(duì)這個(gè)問(wèn)題,傳統(tǒng)的解決方法是為中斷的SSL會(huì)話重新建立一個(gè)SSL連接,這種處理方法往往會(huì)帶來(lái)不同程度的時(shí)延,從而降低了網(wǎng)絡(luò)服務(wù)質(zhì)量。 基于以上問(wèn)題,本論文結(jié)合ECC加密算法的優(yōu)勢(shì),提出了一種選擇性部分恢復(fù)(Selective Partial Recovery, SPR)策略的SSL連接遷移機(jī)制,該機(jī)制能夠通過(guò)SPR策略重用必要的SSL會(huì)話元素將已經(jīng)中斷的SSL會(huì)話進(jìn)行遷移。此外,為了滿足系統(tǒng)穩(wěn)定性的需要,論文還提出了一個(gè)基于服務(wù)器池的參數(shù)優(yōu)化模型,該模型能夠避免所有服務(wù)器同時(shí)運(yùn)轉(zhuǎn)以減小開(kāi)銷。服務(wù)器池是服務(wù)器集群的一個(gè)子集,它能夠同時(shí)應(yīng)對(duì)大量的外部請(qǐng)求,并在服務(wù)器池中出現(xiàn)宕機(jī)時(shí),通過(guò)指定恢復(fù)服務(wù)器對(duì)已經(jīng)中斷的會(huì)話進(jìn)行連接遷移。因?yàn)檎麄€(gè)實(shí)現(xiàn)過(guò)程對(duì)客戶端是透明的,所以該機(jī)制能夠被應(yīng)用于實(shí)際的框架中而不用改變TCP/IP協(xié)議和客戶端。最后,通過(guò)實(shí)驗(yàn)的模擬結(jié)果表明：基于ECC加密套件的SSL協(xié)議能夠有效加速SSL握手過(guò)程,并比基于RSA加密套件的SSL協(xié)議效率更高；基于SPR策略的連接遷移機(jī)制對(duì)于加速SSL會(huì)話恢復(fù)過(guò)程有著非常明顯的效果,并能將恢復(fù)時(shí)間控制在用戶可容忍的時(shí)間范圍內(nèi)；服務(wù)器池參數(shù)優(yōu)化模型不僅能夠滿足系統(tǒng)穩(wěn)定性,還能通過(guò)結(jié)合SSL連接遷移機(jī)制保持一個(gè)相當(dāng)高的成功遷移比率。論文包含圖18幅,表3個(gè),參考文獻(xiàn)65篇。
[Abstract]:Abstract: with the rapid popularization of e-commerce and online payment services to enhance the quality of Internet service mode has changed from the traditional information browsing to online transactions. Because Internet openness, make some of the Internet dependent services have a higher security requirement is very high. The SSL Protocol (SSL protocol) and its subsequent versions of transport layer security protocol (TLS protocol) is widely used to guarantee the safe communication two communication entities in the Internet.
No doubt, to ensure unobstructed connection between client and server is crucial for all higher level of security requirements for the network service. Usually, because the SSL server overload, SSL connection will lead to frequent interruptions occurred. To solve this problem, the traditional solution is to interrupt the SSL session to establish a SSL connection, this treatment the method often leads to delay in different degree, so as to reduce the quality of network service.
Based on the above problems, this paper combines the ECC encryption algorithm has the advantage of proposed a selective partial recovery (Selective Partial Recovery, SPR) strategy of SSL connection migration mechanism, this mechanism can be interrupted by the SSL session has elements of SPR strategy reuse necessary SSL session migration. In addition, in order to meet the needs of system stability and the paper also proposed a parameter optimization model based on the server pool, the model can avoid all servers running simultaneously to reduce overhead. The server pool is a sub set of server cluster, it can also deal with a large number of external requests, and downtime in the server pool, by specifying the server connection migration of recovery the session has been interrupted. Because the entire process is transparent to the client, so the mechanism can be applied to the actual frame without changing TCP/IP Protocol and client. Finally, the experimental results show that ECC encryption suite SSL protocol can effectively accelerate the handshake process based on SSL, and RSA than encryption suite SSL protocol based on higher efficiency; based on connection migration mechanism of SPR strategy has a very obvious effect to accelerate the SSL session recovery process, and can be the recovery time of control in the user tolerable time range; server pool parameter optimization model can not only meet the system stability, but also connection migration mechanism to maintain a fairly high success rate of migration by binding to the SSL. This paper contains 18 figures, 3 tables, 65 references.

【學(xué)位授予單位】：中南大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2014
【分類號(hào)】：TP393.09

【參考文獻(xiàn)】

相關(guān)期刊論文 前1條

1 張鍵紅,韋永壯,王育民;基于RSA的多重?cái)?shù)字簽名[J];通信學(xué)報(bào);2003年08期

，

本文編號(hào)：1567465