Research & Implementation On Application Security Middleware Based On PKI

There are five general security services in network communication at present: confidentiality service, identification service, integrality service, non-denial service, access control service. Some of these services can be solved by relevant security system. If only using these systems, it will bring some new unpredictable problems. According to various framework, platform, protocols, network environment, user application environment, we need an application security middleware which can provide flexible interface and support multi-platform application. Meanwhile, it can easily compatible with application system without any extra reconstructions.This article is about how to research and develop an application security middleware. It will analyze the reliable security technology and the way to improve the SSL handshaking protocol. Firstly discuss and analyze the foundation of cryptology, PKI standard and digital certificate, 802.1x access authentication based on PKI, SSL authentication, digital signature validating, then bring forward a design of security middleware. Finally test the system and analyze the result of performance test statistics.On foundation of cryptology, it analyzes symmetric and asymmetric encryption techniques. These two elements are the most important technology of security middleware. They are always used together in the real application.On PKI standard and digital certificate, it expatiates on the PKI component, PKI standard and digital certificate.On 802.1x access authentication, it analyzes the framework and access authentication principle, and then points out the defect of general application. Finally it discusses the EAP extension protocol by using the digital certificate to improve the security of 802.1x access authentication.On SSL authentication, it analyzes the system framework of SSL protocol, and then figures out the remaining security defects. To meet the security need of local digital certificate, dual-certificate must be used to improve the SSL handshaking protocol security issues.On digital signature validating, it expatiates on the necessity of digital signature in security middleware. Then it discusses the two digital signature methods.On system designing and implementation, it brings out the PKI security middleware framework and the flow of user access process after analyzing the application requirement. Then the subsystem design and implementation will be discussed.On system performance test, LoadRunner tool is used to simulate clients to test the system performance. The statistics will be listed and the result will be analyzed.The article designs an application security middleware based on PKI after researching and analyzing the relevant technology. This paper is definitely helpful in the aspect of network security application by utilizing the current PKI techniques.