A Number Of Theoretical Studies Of The Internet Network Security And Secure Web System Design And Implementation

This thesis consists of three parts, that are Internet security protocols, key management and designing and implementating a secure WWW based on SSL. At first, some researches are done on network protocols, cryptography theory and key management techniques related with Internet security in such protocol layers as IP, TCP, Socket and application layer. Some new algorithms used in key agreement are advanced, and the key management model and construction method based CA certification are given. In order to embed secure mechanism into OS kernel, we also research and analyze how to implement security mechanism in me communication module of OS kernel. Based on which a secure Web system based on SSL is improved and implemented This thesis contributes mainly in the following aspects:Ne(?)working secure protocols.1. Analyzes and proves the feasibility mat a connection oriented TCP protocol can carry out data encryption, authentication and signature in theory. Furthermore, a secure connection protocol is advanced2. Set forth a cipher synchronization scheme in the connectionless oriented IP layer, also present the state transform map of this secure protocol. After defined the sessionless key management, a more secure key agreement scheme based on elliptic curve is proposed. Finally, we describe me key techniques to design the secure IP devices, including secure host and Unix based gateway and secure IP router.Key management:3. Prove how to get a safe P prime with the form of P=2q+1 derived from a serial, and hold a primilitive root of Z_P~*. As a result, three algorithms are designed to generate public keyparameters used in key exchange. According to Fermate little theorem, the author prove mat the best length of DH secret key is log(P/2).4. Describes the key exchange algorithm based on the discrete logarithm problem of elliptic curve over Galois Field Gives the conditions to construct a secure elliptic curve crypto-system after analyzing the crisis of this crypto-system . The testing results from SSL shows that key exchange based on elliptic curve is one time faster man group.5. Propose a key management system scheme. PKIX509 certificate based Advance a method to build mis key management system using the directory access protocol, LDAP, which...