| With the development of Internet and network infrastructure, email has become one of the most important applications. However, traditional email is a plaintext and it's not suitable to transport important messages. It restricts the use and development of email. We can take various technologies and means to achieve the security of e-mail system as it is an important component of information security. Current email system rarely guarantees the authentication of the email website's identity so the phishing website can easily get user's password and email. Moreover, current secure email protocol always use RSA algorithm, with the improvement of large integer factorization algorithm, RSA keys become longer and longer and it's sharply reducing the computational efficiency of RSA algorithm.In this paper, we adopt authentication and data encryption to enhance the security of the email system. At first, we use certificate to guarantee the website's identity. Then we adopt ECC (Elliptic Curve Cryptography) which time consuming is only 1/6 of RSA in the same security strength for data encryption. Finally, we apply secure socket layer protocol to protect the security of network data.In this thesis, we first briefly introduce the current research of this topic and the main work we had done, and then introduce the mechanism and the transmission protocols of e-mail. And then we describe the basics of the information security especially ECC which is the hotspot of modern cryptography, and then analyze the security issues of email system and the related techniques to solve those issues. Finally, we realize certificate and ECC by using an instrument named "keytool" and the ECC API (Application Programming Interface) in Bouncy Castle crypto APIs of Java, and then combine those two crypto means to implement a secure email system. By analyze the security of our system, it not only has the function of ordinary e-mail system, but also satisfy confidentiality, integrity and server's authentication. |
PDF Full Text Request