| With popularization and increase rapidly of computer system and network, the dependency on information's storage and information's intercommunion had increased better. It must make people to attach importance to data and information's protect from being leaked. Encryption and the regulation of network security has been mature. Under this condition, development of actual and instant used applications is needed to strengthen the management.Therefore, in the field of information safety, integrity , confidentiality, authentication,access control and nonrepudiation ,that five major key element that security service is consisted become the most important things in the study of network information safety. Confidentiality is the protection of data of conveying in order to prevent attacking passively. Different according to contents of distributing news, can use the rank of several kinds of protection . The most extensive service can protect the data of users conveyed within some time between two users . Privacy another on one hand protects communication and flows, in order to prevent analysing. This requires assailants not to see source , destination , frequency , length or other characteristics flowing in communication on communication equipment. Integrity can be used in message stream, single message or the fields chosen in the message. And that the most useful and direct protect fashion is to protect the whole message stream. Link oriented Integrity service can deal with message stream in order to ensure the content received according to the content sent without copying, inserting, modifying , recording and replaying. This service also can avoid disturbing data. Therefore link oriented integrity service can solved the problems of modifying message stream and rejecting service. On the other side, non-link integrity service only adapts to perform the single message the has nothing with other great text, and commonly protect the message from being modified. The mechanism of ground floor that this thesis designs is cryptography and public Key Infrastructure (PKI, Public Key Infrastructure ). PKI, offers a kind of key of encrypting the password service of signing with the figure etc. and certificate management system for network application, is it say PKI is it disclose key theory and technology set up offering infrastructure of security service that stand up to utilize to come briefly, used to solve the online security problem. Authentication is use to ensure the reliability of the information. In the condition of there is only one piece of message such as admonition or admonition signal, Authentication service is used to ensure the information the accepter had received is from the origin which it had declared. In the course of the alternating , for example, connect terminal to the mainframe ,it need two sides. Firstly, at the stage of initialization of the connection, the service assure the two entities'dependability; secondly, the service assure another side can not pretend to be one of the two legal entities to disturb the connection or perform the transmit or accept that are not authorized. While putting up system of authentication and administrative center of key , it is extremely important to offer a standardized security API. Can accomplish this, developer needn't again for increase few security function so systematic as to change by itself to application that exist already. So, in the field of information safety ,one of the important progress is to make the standardized security API frame by IETF, namely Generic Security Services Application Program Interface (GSS-API). The advantage of Generic Security Services Application Program Interface (GSS-API) lies in it can make the application program have commonability, its security treatment does not depend on the types and transmission agreements of any specific operating platform , security mechanism , security service , so, application GSS-API have good portabilities, this portability is the hallmark of the Generic Security Standard API, Therefore, a program that takes advantage of GSS-API is more portable as regards network security. The Generic SecurityStandard Application Programming Interface (GSS-API) provides a way for applications to protect data that is sent to peer applications; typically, this might be from a client on one machine to a server on another,therefore ,GSS-API enables applications control over security aspects. The GSS-API does not actually provide security services itself. Rather, it is a framework that provides security services to callers in a generic fashion, supportable with a range of underlying mechanisms and technologies such as Kerberos v5 or public key technologies。 Broadly speaking, the GSS-API does two main things: 1. It creates a security context in which data can be passed between applications. A context can be thought of as a sort of "state of trust"between two applications. Applications that share a context know who each other are and thus can permit data transfers between them as long as the context lasts. 2. It applies one or more types of protection, known as security services, to the data to be transmitted. Of course, the GSS-API is more complex than that. Some of the other things that the GSS-API does include: data conversion; error checking; delegation of user privileges; information display; and identity comparison. The GSS-API includes numerous support or convenience functions. The most basic security service that GSS-API provided is Authentication. GSS-API also can provide the other two type of security service if underlying mechanism sustains: confidentiality and Integrity . GSS-API realized in this thesis designs possesses the following function on the application program grade: 1.Authentication Both sides exchange and believe in the form , through two or three times information exchange, confirm the identities of both sides. Among this process, it need to transfer the identity to prove to the validity inspection believing in the form the target verifies the identity. 2.The key consultingUtilize such keys as RSA ,etc. to exchange algorithms to carry on the key to consult and exchange. 3.The baling / solving the bag of the data Bale the encryption , signature including data in data. The data solve the deciphering including data of bag , prove that signs. Is it can it signs to be can false to sign (such as HASH , MAC ) too really to sign among them. May wrap up and only sign to the data too , does not encrypt . Because GSS-API is a kind of frame structure of offering security service for persons who transfer by way of GE, and support ground floor mechanism and technology of a certain limit, so on how this thesis design and realize GSS-API to analyse and research basic of public-key mechanism, design and implementate eleven function to complete authentication,confidentiality,integrity and nonrepudiation, in future , it can continue expanding to offer the powerful safety measure and more abundant security service. First of all, this thesis have specified in detail the network basic conception of information security and basic principle of cryptography,basic element and workflow of the Public-Key Mechanism ;Secondly, have introduced several ground security mechanisms applied to GSS-API , including the algorithm of the Simple Public Key and form of the protocol, have specified them and GSS-API's combination; Finally , designed and realized it. This API provde security transmition guarantee to application,this protocal is defined the security protocal of key transmition in the PKI by the Bureau of National Key Administration. applying in the e-business Certification Authority,eg. Jilin Certification Authority , such regional Certification Authority and trade Certification Authority, as the Fujian Certification Authority, China financial Certification Authority ,etc., have solved the security transmission problem of user's key in public key infrastructure. |
PDF Full Text Request