| With the rapid development of information technology, mankind isentering a network-based information age, and information intelligence isgradually coming into every corner of our life, in which remote meter readingsystem is a typical example. Remote meter reading system refers to the systemthat uses microelectronictechnique, Internet, sensor technology and so on toread and process meters'data automatically, and furthermore integrallyprocesses the informations of residents'water, electricity, gas dosage, etc.Automatic meter reading technology fundamentally resolves the troubles ofindoor meter reading and fee charging making to the users, the companies ofwater, electricity and gas, and the residential area management department,avoiding many unnecessary disputes. However, due to the openness of theInternet, there are many hidden dangers to the safety of meter reading data,which threat to the security of the remote meter reading system using.SSL(Secure Socket Layer) protocol is the international popularWWW-based network security solution. SSL protocol uses RSA, DES andother encryption algorithms to achieve the confidentiality of data, uses MD5etc. message digest algorithms to achieve the integrity of data, uses digitalcertificates for authentication and thus, the use of SSL protocol can guaranteethat the transmission of meter reading data on the Internet is secure. Thefunction of SSL protocol is as follows:(1) Information confidentiality: Through the use of public key andsymmetric key technology, SSL protocol can keep information confidential.All businesses between SSL client and server use the key and encryptionalgorithm established in the process of the SSL handshake to encryptinformation. This will prevent a person using Internet tools eavesdropping.Although the eavesdropper still can capture the network-information, theinformation can not be decrypted since the absence of key.(2) Information integrity: SSL uses MAC (Message Authentication Code)to provide information integrity services to ensure the informations betweenthe server and client not be damaged or counterfeited.(3) Two-way authentication: This is the process in which the client andserver recognize each other, and this process is also in the handshake stage ofSSL protocol. Through the exchange of certificates, the two parties in thecommunication prove their identity to each other. Certificates which follow the X.509 protocol specification are promulgated by PKI organizations thatare trusted by both parties in the communication.SSL protocol is a security agreement based on the public key system andhaving strong operability, and can accomplish the tasks of authentication andsecure transmission very well. SSL is located between the transport layer andapplication layer, so SSL can encapsulate the application layer data wellwithout changing application programs located on the application layer, and istransparent to users. In addition, SSL can establish a secure communicationchannel between the client and server to ensure the security of the datatransmission through only one time "handshake" process. Because it hasnothing to do with the high-levels, high-level application protocols (such asHTTP, FTP) can transmit data transparently above the SSL protocol, andtherefore, SSL protocol will have enormous influence on the Internet securityfor a long period. Because SSL protocol has so many advantages as well asthe support of open source project OpenSSL, it has been widely used in onlinebanking, e-commerce and other online electronic transactions. Therefore, theuse of SSL protocol to realize safe transmission of meter reading data hasstrong feasibility and practical significance.In this application, based on the SSL framework of the open-sourceproject OpenSSL, we have realized communications observing the SSLprotocol. The realization of SSL protocol is a complex process, whichinvolves a large number of encryption, decryption, authentication, andsignature algorithms to realize, as well as the realization of the consultationprocess between the two sides of the communication. Therefore, complete redevelopmentis a huge task. OpenSSL is the most famous open library used insecure communications. It was born in 1998, derived from the SSLeay libraryusing C language as a development language, with the cross-systemperformance, and supports Linux, Windows, BSD, Mac, VMS, and otherplatforms. OpenSSL is composed of three parts: the framework of SSLprotocol, the library of cryptographic algorithms and the applications. So far,the algorithms included in OpenSSL have been very sound, supportingSSL2.0, SSL3.0 and TLS1.0. Through the use of the algorithms library andframework provided by OpenSSL, we encapsulated a SSL dynamic linklibrary developed by C language, with the characters of portability,concurrency, and explicit interfaces, which provide all functions of the clientand server while communicating observing the SSL protocol and supportmulti-thread links between the client and server in the communication. In order to ensure the safety of the consultation process of SSL protocol,in this paper, referring to PKI architecture, we designed a small CA system.Because SSL protocol can only guarantee the information security in theprocess of information transmission while doing end-to-end connections, andrelying solely on SSL can not completely guarantee the safety of transactions,so other related measures, such as digital certificates, form signature, areneeded to be taken. The PKI (Public Key Infrastructure) system which isbased on public-key mechanism is a development mainstream of the currentInternet security systems. Despite its many deficiencies existing, it providescomplete and reliable information security services, so it is particularlyapplicable to the application of remote meter reading system. The CA systemdesigned in this paper has realized the functions of receiving users'applyingrequest, promulgating certificates, abolishing certificates, providing queries tousers, etc. The realization of the CA system is also based on the open-sourceproject OpenSSL. While designing the CA system, we referred to PKIarchitecture standards, and used an independent RA. RA is an optionalmanagement entity, is mainly responsible for the registration management ofend-users, and is trusted by CA. Although the registration managementfunction can be achieved directly by the CA, it would be necessary to set up aseparate RA to achieve registration management function while the number ofentity users is very large and is wide in geographic distribution. In the actualdeployment of the CA system, we can decide how many of RAs are neededreferring to the number of certificate users that the CA system is responsiblefor, that is to say, a CA system can have more than one RA, and when a userneeds to interact with the CA system, he can pass his service request to CA byany RA. This can reduce system bottlenecks, and improve systemperformance.Having realized all the functions of the SSL protocol, as well asguaranteed the safety of the consultation process, we applied the SSL dynamiclink library developed by C language, with the characters of portability,concurrency, and explicit interfaces, and X.509 certificates promulgated bythe CA system to remote meter reading system. Under the existing Internetenvironment, we established a private network encrypted channel above thepublic network channel, realized secure information transmission through anunsafe channel, and ensured that the meter reading data and controlcommands are confidential and integrated while transmitted through theInternet.致... |
PDF Full Text Request