Design And Realization Of Security Service System On Two-Way Authentication Technology Of SSL

With the fast development of the network and communication technology,which lurks behind frangibility,insecurity and risk,faces with enormous security threat.How to establish and consolidate the relationship of trust on Internet,to defense security risks of computer system and to protect the security of important information becomes a force which is concerned by users.This thesis in-depth studies and demonstrates the security of SSL, and designs a Security Service System which is unlike traditional security protection strategy based on computer system and transmission by the findings.Main contributions are as follows:1.This thesis comprehensively introduces the content of SSL protocol from many aspects,such as its composition and security technologies.And after detailedly analyzing the workflow and security mechanisms of one-way authentication mode of SSL,We summarize some attacks which are likely faced with on this mode of SSL,and focus on one of them,the man-in-the-middle attack.2.This thesis focused analyzes two-way authentication mode which is now commonly used methods in commercial field which needs high security like bank to safeguard data security.With the workflow of the man-in-the-middle attack on one-way authentication mode of SSL,we design and implementation two methods of man-in-the-middle attack, directly forwarding the client authentication information and replacing the client certificate.Then,we analyze the reasons of the failure to attack and the superiority in terms of secrity of two-way authentication mode by authentication flow.3.Studying and designing a Security Service System which is a new security protection strategy based on user-level.Because existing security transmission protocols still exist security issues for its design and practical application,and there are many security risks inherent in computer systems which existing security measures such as firewalls can not prevent security attacks completely,the object of security protection of this new system are from security of the system and transmission to security of user-level,which make security services not establish secure real-time transmission channels for consultations and not defense system attack.The Security Service System establish authentication thinking of using certificate in two-way authentication,and ensure the security of data transmission and storage by many security technologies such as USB KEY,encryptionhash,algorithms and so on.