【摘要】：目前在黨政機(jī)關(guān)中,為了保證敏感文件信息的安全,普遍使用專控計算機(jī)作為存儲和管理的工具。然而,保密文件在�？赜嬎銠C(jī)的存儲和調(diào)用過程也存在-定的安全隱患。特別是近幾年來,隨著網(wǎng)絡(luò)技術(shù)的發(fā)展,各種信息安全的問題愈加顯著。對于黨政機(jī)關(guān)使用的�？赜嬎銠C(jī),由于存儲的是敏感文件,信息的安全顯得更為重要。敏感文件存儲在�？赜嬎銠C(jī)當(dāng)中,通常都是加密保存,而文件的操作權(quán)限如何獲得,操作人的身份如何確定,就是要解決的關(guān)鍵問題。目前,普遍的身份驗證方法是基于智能卡的認(rèn)證方式。通過智能卡中存儲秘密信息,只有持卡人才能被認(rèn)證。但是,這種方式存在的不安全因素在于如果攻擊者知道了智能卡密碼并且獲得了智能卡,那么攻擊者就可以冒充用戶。與此同時另一個不安全因素在于,這種方式有可能出現(xiàn)單個人的權(quán)限過大問題,如果出現(xiàn)內(nèi)部人攻擊,則沒有好的防范措施�；谝陨仙矸菡J(rèn)證系統(tǒng)的不足,本文提出一種新型的基于無線UKey的群認(rèn)證系統(tǒng)。即當(dāng)有人想要對保密文件進(jìn)行操作時,需要多個人進(jìn)行操作權(quán)限的授予。圍繞這個系統(tǒng)的研究與實(shí)現(xiàn),本文主要做了硬件和軟件兩方面的工作：(1)在硬件方面,自主研制了新型的無線UKey。由于群認(rèn)證系統(tǒng)需要在UKey上實(shí)現(xiàn)密碼算法的運(yùn)算、密鑰的存儲等需求,市面上的UKey已不能滿足條件,所以本系統(tǒng)使用的是自主研制的UKey。該UKey具有較快的處理芯片,較高安全系數(shù)存儲模塊。另外,由于黨政機(jī)關(guān)中使用的�？赜嬎銠C(jī)都采取了與互聯(lián)網(wǎng)物理隔離的方法,群認(rèn)證過程中不同用戶之間沒有通信的途徑,所以設(shè)計的UKey具有無線數(shù)傳模塊,能夠進(jìn)行信息的無線傳輸。(2)在軟件方面,主要是編寫了UKey的內(nèi)部密碼算法,專控計算機(jī)客戶端以及群認(rèn)證系統(tǒng)的協(xié)議。群認(rèn)證系統(tǒng)實(shí)現(xiàn)分為兩步：個人身份認(rèn)證和群授權(quán),兩步都成功后才可以獲得保密文件的操作權(quán)。在設(shè)計過程中,個人身份認(rèn)證使用了對稱加密算法AES、MD5,群授權(quán)則使用了非對稱加密算法RSA。對于群認(rèn)證系統(tǒng),個人身份認(rèn)證對于最終的安全與否至關(guān)重要,所以認(rèn)證過程使用的為自主設(shè)計的新型認(rèn)證協(xié)議。
[Abstract]:At present, in order to ensure the security of sensitive document information, special computer is widely used as a storage and management tool in the Party and government organs. However, secret files in the storage and call process of the computer also exist-fixed security risks. Especially in recent years, with the development of network technology, all kinds of information security problems become more and more prominent. For the special control computer used by the Party and government, the security of information is more important because of the storage of sensitive files. Sensitive files are stored in a special computer, which is usually stored in encryption. However, the key problem to be solved is how to obtain the operating rights of the files and how to determine the identity of the operators. At present, the universal authentication method is based on smart card authentication. Secret information is stored in a smart card, and only the cardholder can be authenticated. However, the insecurity in this way is that if the attacker knows the password of the smart card and obtains the smart card, the attacker can impersonate the user. At the same time, another unsafe factor is that this approach may have the problem of individual authority too large, if there is an insider attack, there is no good precautions. This paper proposes a new group authentication system based on wireless UKey because of the deficiency of the above authentication system. That is, when someone wants to operate on confidential documents, they need to grant permission to operate more than one person. Focusing on the research and implementation of this system, this paper mainly does two aspects of hardware and software: (1) in terms of hardware, we have developed a new wireless UKey.. Because the group authentication system needs to realize the operation of the cryptographic algorithm and the storage of the key on the UKey, the UKey in the market can not meet the requirements, so the system uses the self-developed UKey.. The UKey has fast processing chip and high safety factor storage module. In addition, because the specialized control computers used in the Party and government organs have adopted the method of physical isolation from the Internet and there is no communication between different users in the process of group authentication, the UKey designed has a wireless data transmission module. (2) in the aspect of software, we mainly write the internal cryptographic algorithm of UKey, the protocol of computer client and group authentication system. The implementation of group authentication system is divided into two steps: personal identity authentication and group authorization. In the design process, personal identity authentication uses symmetric encryption algorithm AES,MD5, group authorization and asymmetric encryption algorithm RSA.. For group authentication system, personal identity authentication is very important to the final security or not, so the authentication process uses a new authentication protocol designed independently.
【學(xué)位授予單位】：西安電子科技大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2014
【分類號】：TP309;TN918.4

【參考文獻(xiàn)】

相關(guān)碩士學(xué)位論文 前1條

1 羅柳平;基于SHA和AES算法的AHB總線監(jiān)視器設(shè)計[D];華中科技大學(xué);2010年

，

本文編號：2257394