| Information security is always a key problem in Compute Science field. Especially today, when the network technology and computer technology develop so fast and are applied broadly, information security problems become more and more serious. Every country takes it as the major research subject.In order to solve the information security problems, all the countries are researching and developing their own Information Security Toolkit, so that the programmers can add some security services such as encryption, authentication and SSL/TLS secure session.This article bases on the development of the information security toolkit CIST (Chinese Information Security Toolkit) which adopts object-oriented technology. It deeply researches the existing cryptology theory and security transportation technology. It analyzes the model of CIST system, kernel, and the theory of cataloguing the system function objects. It develops and realizes the function of secure session in CIST system.The major works of this paper:(1) Analyze, develop and realize the persistent connections of SSL/TLS session in CIST(2) Propose related strategy according to the potential security problems and usual attacks which exist in SSL protocol.(3 ) Propose a real-time certification querying mechanic which applies RTCS protocol according to the shortcomings of querying system in traditional CRL, OCSP certificate revoking.(4) Analyze by comparing the two strategies between upward negotiation and separate port of SSL/TLS session. Propose the revolving methods per the common problems.In the process of designing and implementing the two kinds of sessions, this paper conforms to the international standards and specifications so that the toolkit has better compatibility and extensibility. Meaning while, according to the special security requirements in this system, this paper applies the improved technology such as enhanced cipher suites, compulsory identification certification and session recovery to meet the higher requirements of security and performance.At last, this paper provides advices of future works in CIST.
|
PDF Full Text Request