本文選題：網(wǎng)絡(luò)安全 + 密碼學(xué)��； 參考：《吉林大學(xué)》2014年碩士論文

【摘要】：網(wǎng)絡(luò)通信技術(shù)與Internet的聯(lián)系日益增強(qiáng)，也帶來了一系列的信息安全問題。如何保證合法用戶對(duì)資源的合法訪問和安全地傳輸數(shù)據(jù)，成為網(wǎng)絡(luò)安全的主要內(nèi)容。 本文首先介紹了密碼學(xué)的一些基本理論，尤其是對(duì)稱密碼和公鑰密碼作了詳細(xì)地介紹，分析了對(duì)稱加密和公鑰加密算法的適用場(chǎng)合和密鑰的分配方式，對(duì)對(duì)稱加密和公鑰加密各自的優(yōu)缺點(diǎn)進(jìn)行了對(duì)比。此外，還介紹了消息認(rèn)證、散列函數(shù)、數(shù)字簽名和認(rèn)證協(xié)議等密碼學(xué)中的相關(guān)技術(shù)。 然后詳細(xì)研究了Kerberos協(xié)議的認(rèn)證思想，對(duì)其工作原理、系統(tǒng)組織結(jié)構(gòu)以及認(rèn)證的基本過程做了詳細(xì)地介紹，指出了Kerberos協(xié)議在認(rèn)證過程中存在的不足。并以Kerberos V4為例，分析了其域內(nèi)認(rèn)證過程，指出它應(yīng)用環(huán)境的局限性、口令攻擊的脆弱性、密鑰管理的困難性等缺陷。針對(duì)Kerberos協(xié)議的特點(diǎn)和不足，以密碼學(xué)作為基礎(chǔ)理論，本文對(duì)kerberos協(xié)議的認(rèn)證過程進(jìn)行了改進(jìn)，提出了基于公鑰密碼體制的kerberos認(rèn)證過程，并對(duì)改進(jìn)后的kerberos協(xié)議的系統(tǒng)結(jié)構(gòu)、工作原理和認(rèn)證過程做了詳細(xì)的描述。重點(diǎn)闡述了服務(wù)認(rèn)證、服務(wù)授權(quán)和應(yīng)用服務(wù)的消息交換過程以及消息內(nèi)容的基本組成元素，并分析了改進(jìn)后協(xié)議的安全性能及與原協(xié)議的異同點(diǎn)。 最后本文針對(duì)上述理論研究成果，設(shè)計(jì)并實(shí)現(xiàn)了基于kerberos的互聯(lián)網(wǎng)安全傳輸軟件，該軟件系統(tǒng)的基本功能是為客戶端與應(yīng)用服務(wù)器提供聊天功能。為了保證通信雙方的聊天內(nèi)容不被第三方非法盜取，本系統(tǒng)的身份認(rèn)證采用本文第四章的研究?jī)?nèi)容作為理論依據(jù)，并且增加了選擇會(huì)話期加密算法的功能。會(huì)話密鑰采用RSA算法加密，明文用可選擇的非對(duì)稱加密算法加密，用SHA算法產(chǎn)生消息摘要來實(shí)現(xiàn)消息認(rèn)證。這樣系統(tǒng)即解決了密鑰分配和管理的難題，也保證了通信雙方所交換數(shù)據(jù)的完整性。 該系統(tǒng)能夠?yàn)橛脩籼峁┥矸菡J(rèn)證服務(wù)，生成用戶請(qǐng)求服務(wù)器各種服務(wù)的票據(jù)，根據(jù)用戶選擇的加密算法生成會(huì)話密鑰并安全地分發(fā)會(huì)話密鑰，通過實(shí)際使用證明了改進(jìn)的kerberos認(rèn)證協(xié)議能夠?qū)υ瓍f(xié)議進(jìn)行很好的完善。但本系統(tǒng)還存在不足，例如身份認(rèn)證仍然是利用時(shí)間戳來防止“重放攻擊”，但是要保證系統(tǒng)內(nèi)的時(shí)鐘同步是非常難的。盡管改進(jìn)的協(xié)議還不完美，，但也能基本滿足信息安全中對(duì)傳送消息的可靠性、完整性、真實(shí)性和保密性的要求，能夠有效的防止攻擊者對(duì)信息的非法竊聽、獲取、修改和重放攻擊。
[Abstract]:The connection between network communication technology and Internet is increasing, and it also brings a series of information security problems. How to ensure legitimate users to access the resources legally and transmit data safely is the main content of network security.
In this paper, some basic theories of cryptography are introduced, especially symmetric and public key cryptography are introduced in detail. The application of symmetric encryption and public key encryption algorithm and the distribution mode of key are analyzed. The advantages and disadvantages of symmetric encryption and public key encryption are compared. In addition, the message authentication and hash function are also introduced. Cryptography related technologies such as number, digital signature and authentication protocol.
Then the authentication idea of Kerberos protocol is studied in detail, the principle of its work, the organization structure of the system and the basic process of authentication are introduced in detail, and the shortcomings of the Kerberos protocol in the authentication process are pointed out. The authentication process in the domain is analyzed with Kerberos V4 as an example, and the limitation of its application environment and the password attack are pointed out. Vulnerability, the difficulty of key management and so on. Aiming at the characteristics and shortcomings of the Kerberos protocol, using cryptography as the basic theory, this paper improves the authentication process of the Kerberos protocol, puts forward the Kerberos authentication process based on public key cryptosystem, and the system structure, working principle and authentication of the improved Kerberos protocol. The process is described in detail. It focuses on the information exchange process of service authentication, service authorization and application service and the basic components of the message content, and analyzes the security performance of the improved protocol and the similarities and differences with the original protocol.
Finally, aiming at the above theoretical research results, this paper designs and implements a Kerberos based Internet security transmission software. The basic function of the software system is to provide the chat function for the client and the application server. In order to ensure that the chat contents of the two parties are not stolen by third parties illegally, the identity authentication of this system uses this article fourth. The research content of the chapter is the theoretical basis, and the function of selecting the session period encryption algorithm is added. The session key is encrypted by the RSA algorithm, the plaintext is encrypted with an optional asymmetric encryption algorithm, and the message digest is generated by the SHA algorithm. So the system solves the problem of key distribution and management, and also guarantees the communication. The integrity of the data exchanged between the two parties.
The system can provide authentication services for users, generate a user's request for various services on the server, generate session key according to the encryption algorithm selected by the user and distribute the session key safely. It is proved that the improved Kerberos authentication protocol can improve the original protocol well. However, the system still exists. For example, identity authentication still uses time stamps to prevent replay attacks, but it is very difficult to ensure that the clock synchronization in the system is very difficult. Although the improved protocol is not perfect, it can also basically meet the reliability, integrity, authenticity and confidentiality of message security in information security, and can effectively prevent attacks. Illegal eavesdropping, acquisition, modification and replay of information.
【學(xué)位授予單位】：吉林大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2014
【分類號(hào)】：TP393.08;TN918.1

【參考文獻(xiàn)】

相關(guān)期刊論文 前10條

1 史曉影;;基于動(dòng)態(tài)口令身份認(rèn)證系統(tǒng)的設(shè)計(jì)與實(shí)現(xiàn)[J];辦公自動(dòng)化;2007年02期

2 陳云;高靜;鄧亞平;;Kerberos認(rèn)證協(xié)議的研究及其優(yōu)化[J];重慶郵電學(xué)院學(xué)報(bào)(自然科學(xué)版);2006年S1期

3 楊文有;;網(wǎng)絡(luò)安全認(rèn)證的淺析[J];赤峰學(xué)院學(xué)報(bào)(自然科學(xué)版);2009年05期

4 王婧婧;趙艷秋;陳越新;;VSAT網(wǎng)絡(luò)實(shí)時(shí)拓?fù)浣Y(jié)構(gòu)與通聯(lián)分析模型[J];電視技術(shù);2012年09期

5 姚軍偉,左軍;信息加密技術(shù)在軍事領(lǐng)域的應(yīng)用[J];計(jì)算機(jī)安全;2005年10期

6 張雨;;計(jì)算機(jī)網(wǎng)絡(luò)信息安全縱深防護(hù)模型分析[J];電子制作;2013年06期

7 戴薛;;環(huán)境參數(shù)遠(yuǎn)程監(jiān)測(cè)系統(tǒng)研究[J];湖北林業(yè)科技;2013年02期

8 查東輝;;試論計(jì)算機(jī)網(wǎng)絡(luò)通信協(xié)議[J];電腦知識(shí)與技術(shù);2013年14期

9 韋堅(jiān)平;;淺談?dòng)?jì)算機(jī)應(yīng)用的發(fā)展現(xiàn)狀和發(fā)展趨勢(shì)[J];電子技術(shù)與軟件工程;2013年12期

10 王浩羽;;網(wǎng)絡(luò)安全技術(shù)與網(wǎng)絡(luò)信息資源管理探討[J];硅谷;2013年14期

本文編號(hào)：2018589