Chain Custody Of Ssl-based Secure Transmission System Design And Realization

It has been widely accepted that the dismantlement and elimination based on arms control is the destination of nuclear weapons, and the chain-of-custody technique is being deeply studied. To transmit the sensitive data through Internet safely and accurately in the process of storage and transport is a very important subject in the whole chain.Due to such requirements as movable and multi-nod character, an embedded hardware is needed. To satisfy the high level of security requirement, correspongding measures in this respect are also needed. But the common security system is not sufficient, and the study of the embedded system security is a newly started subject. So a new security system based on the special needs in arms control and the features of embedded system have to be established.This thesis consists of 2 parts. The first one introduces the background of nuclear weapons control and the Internet transmission security, the characteristic of PGP, SET, S/MIME, Kerberos, IPSec and the comparison between SSL and the above mentioned protocols. Then the SSL structure, content and main techniques are analyzed and its security capability and measurements are also studied.The second part designs the embedded system protocol from 3 aspects of security strategy, capability strategy and shutdown strategy based on the background of this thesis, including the spending of SSL encryption, algorithm and key length, session reuse, length of record data and so on. Software hierarchy and hardware platform are established. Then the programming in both client/server ends are finished including initialization module, connection module, identity validate module, cipherspec control module, session reuse module, data transmission module and resource release module totaling 7 levels, and all of above are downloaded to both the evaluation board and PC end to complete the connection. Then the embedded transmission security system based on SSL is implemented in the monitoring of moving subject part of chain-of-custody. The result shows that the previous design idea is feasible.This security system can provide security encryption/decryption and authentication to protect the Internet data transmission routin from attack in chain-of-custody, and is a indispensable part to make the chain work properly.