| Internet is becoming one of the most important infrastructures in the global information system. The wide development and application of safe e-mail, e-commerce and e-bank put forward higher request to network security. PKI can provide integrity, confidentiality and nonrepudiation services. It also has encryption, authorization and authentication functions. So it can meet the requirement that transmit data safely on the Internet, and provide reliable security for network.A complete PKI is comprised of the following several parts, they are registration authority, certificate authority, certificate repository and distribution system and PKI-enabled applications. Besides application system, other portions usually are deployed within a department. While providing security for network, the PKI system begins to become a target of the network attacks. It is particularly difficult to resist the attacks from internal departments. It is very easy to cause that the security of application system which depends on the PKI system can not be ensured.This paper proposes a solution which uses Transport Layer Security to provide safe connection for the communication. Through the establishment of safe connection between each part of the PKI system, it can effectively resist the attack from the internal department. But the use of safe connection increases burden to inquiring certificate at the same time ensuring security. To improve the efficiency of the certificate inquiring, we use LDAP as the certificate distribution system in the premise of not reducing safety performance.We design and implement this PKI system with Java in MyEclipse platform. This system has been applied to an actual e-government system. It improves the ability of PKI to resist internal attack. For the most frequently used function that authenticates certificate, we conduct analysis in the local area network. From the result we can conclude that we increased the security of the system and improved the efficiency of the certificate inquires. |
PDF Full Text Request