| Internet aplications need a security mechanism that can provide privacy,integrity and authentication services for network communications. Cryptography technology provides the basis for such a mechanism. Symmetric cryptosystems can provide privacy service;Hash functions and message authentication codes can provide integrity service;Asymmetric cryptosystems (public key cryptosystems) can provide authentication service. The limitation of symmetric cryptosystems is that the key distribution is difficult. Asymmetric cryptosystems can make their public keys published and provide a better solution for the key distribution issue. A public key certificate provides a method for binding a public key and its owner's identity informations. Public key infrastructures can be used to create,manage,store,distrbute and revocate certificates. Based on symmitric cryptographic techniques,asymmitric cryptographic techniques,message authentication code techniques,public key certificate and public key infrastructure techniques,Transport Layer Security (TLS) protocol and Secure Sockets Layer (SSL) protocol provide security mechanisms used to provide provacy,integrity for network communication data and authenticate the communication parties. OpenSSL implements SSL2.0,SSL3.0 and TLS 1.0. OpenSSL provides abundant TLS/SSL application programming interface and can be used to construct complicated TLS/SSL applications. OpenSSL also provides some utility programs with Certificat Authority (CA) functions that can be used to create certificates for SSL clients and servers.Many current network applications protect their network communications by using security technologies (or protocols) such as IPSec,TLS/SSL,SET etc. But some network applications without adequate security features are still running. These unsecure applications cannot provide privacy,integrity for communication data and authentication of communication parties. We may redevelope these applications to solve their security problems. But sometimes,for some reasons,we would not like to redevelope these applications. Even if we decide to redevelope these applications,we will have to use the current unsecure versions before new versions are available. So,we hope we can secure the communications of these unsecure applications without rewriting them. This article introduces the Secure Information Transmission System (SIT-TLS) developed by the author. Based on TLS protocol and proxy mechanism,this system can provide secure data transmission service and authentication service for unsecure applications without modifying their codes.
|
PDF Full Text Request