Research On Application Of PKI In Campus Network

Cryptography is involved in and heavily depended on by most of today's network security products and systems. In an environment with a large number of communication nodes, such as a campus network, the distribution and life-cycle management of cryptographic keys have to be solved in a secure and effective way. Public Key Infrastructure (PKI) is theoretically ideal for this end, yet real deployment and application of PKI have been hindered by many factors, among which are insufficient support by legacy applications, poor usability, high maintenance cost and the consequent inertia of administrators and developers when they have an alternative scheme simpler than PKI, and interoperability problems among the already-implemented PKI systems themselves due to the still ongoing international PKI standardization process. And in a serious PKI project, decision-making departments as well as law people have to be involved and cooperate with the technical people.The work done by this thesis tries to address and mitigate the above issues in order to facilitate the adoption of PKI in the campus network.Has analyzed PKI through the concrete example in the campus net application, in view of the current PKI application in insufficiency and the barrier, has conducted the safe improvement research to PKI in the campus net traditional application, proposed one kind uses the middleware the security simple point to register plan SSO, causes the traditional application not to need to revise can obtain the safe service which PKI brings; The local area network turned on the control based on PKI to the campus net in to make the safe improvement, made concrete 802.1X + EAP + Radius the plan EAP-TLS authentication process. Carried on in view of the campus net characteristic has conformed to IETF PKIX the standard PKI system improvement design, including trust structure, certificate/CRL including trust structure, the certificate /CRL templates, revocation service, certificates /CRL access services, roaming services design certificate.Finally, PKI in the campus network for further work was discussed and how to give the campus network PKI In the past year and more one-way hash function attacks and the impact of breakthroughs in the corresponding response, security considerations.