Research On Several Key Problems In Security Of Information System

With the abstruse theoretic topics and widely applications, Information System Security is regarded as a new integrative intersectional subject inosculated with modern cryptograph, computer network Security and secrecy communicate theory. This study focused on these topics from two angles: firstly discussing in theoretic and then studying the applications. Consisting of two parts, the study firstly started from establishing a theoretic framework of Information Security in systematically and integrality. And then part two mainly targets to studying the relational theory, and established an application.In part one, the concept of the information security was discussed firstly, and then the characteristic of information resources and the system security was summarized, as well as the possible type of being attacked, the requirement and the system designing principle was also figured out.Meanwhile, the limitation of the classical theory on Information System Security was pointed out, and the modern system concept and the security technologies were discussed. Further more, the multi-layer model of the network security was established.Based on the security methodology and considering the threats from practice, a solution was brought forward to maintain the reasonable security services with the design of security mechanism and the protective fortress into the system. With the definite definition of each kind of services, the corresponding security mechanism was analyzed, which resulted to the construction of the security framework. Under the framework, three mechanisms, authentication, access control and information transmission safety, are identified as the essential elements. Based on the framework, multi-system of safety can be organized to provide the consolidated service for the various kinds of applications, as well as realize the consistent management of the comprehensive system.. Thereby, the system can be assured to be protected in a elaborated logical.In part two, the study firstly focused on the Public Key Cryptography used to authentication and the key distribution. By comparing the performance of RSA and ECC, the method on how to intercept the elliptic curves and howto code the Elliptic Curve Crytosystems (ECC) was provided. Fast point multiplication on a family of Koblitz elliptic curves in characteristic 3 is considered. Utilizing the complex multiplication property of the curves and using a modulo reduction and Frobenius expansion technique, Bring forward that there is a fast point multiplication method without precomputation on the curves, which is 6 times fast than the ordinary repeated-double-add method. The idea of the fast method is independent on the optimization of finite field arithmetic and the choice of coordinate expression of points of elliptic curves.The Kerberos protocol is improved here based on the stronger and more advanced ECC as the secrecy and signature way, especially the way of ticket and the validated protocol are amended to ensure the safety, facticity and authenticity of the whole validation. Following the systematical analysis of the whole framework and the mechanism of DCE, the method of role-based access control is designed within the DCE environment.Therefore, one platform can be integrated to manage the information security with the DCE-based network safety middle-unit. Besides, as the substitute of DCE authentication protocol and the DCE original authorized access control, Kerberos ECC authentication protocol can realize the role-based access control and construct a comprehensive services management platform to sustain the security management switching from users to applications.