摘要
在全球資訊網(World Wide Web)上,安全性越來越重要。尤其現在網路上的各種交易頻繁,而在網路上活動的人,大多也考慮三個問題:(1)是誰在跟他連線(Authentication),(2)網路上傳送的資料是否能完整的送達(Integrity),(3)網路上傳輸的資料是否有隱密性(Privacy)。在近幾年中,網際網路(Internet)已深入許多機關、企業之中,網路的巨浪成為一股不可抗拒的潮流。 在網路上資料傳輸的保密主要是靠所謂的加密金鑰(Secure Key)[17][18]來作加密,由於美國出口的限制[6][7],使得加密金鑰的長度被限定在只有40-bit,這大大降低了資料的安全性。本論文即針對該問題,設計一個支援128-bit長度的加密金鑰的伺服器,使得Client-Server端之間的資料傳輸能有高度的安全性(high level security)。除了安全性之外,本論文也提供認證(Authentication)[9]的功能,透過數位憑證(Digital Certificate)的交換,來加強網路上的安全性。 本論文所設計出的伺服器,在一般網路通訊協定上是採用HTTP Protocol[1][3],在安全上是採用Secure Sockets Layer(SSL)的Protocol[17][21],來建立一個安全的通道。安全的通訊協定是採用HTTPS Protocol,並利用SSLeay來設計該安全通道。而在此之上,我們也建立一個簡單的憑證中心(CA)[22],來作為憑證的管理。
並列摘要
With the rapid growth of our global World Wide Web (WWW), tremendous volume of information is exchanged and transacted over the Internet everyday. Information security has become an essential element that is required to address the following concerns: (1) Authentication - the identity of all parties involved must be verified; (2) Integrity - the information has not been tampered or corrupted in any form; and (3) Privacy - the information is seen and accessible only by authorized user(s). In the recent decades, the Internet has penetrated many organizations and corporate, its openness offers an irresistible platform for electronic commerce and communications. On the Internet, an encryption algorithm and a secret key enforce data privacy. Due to the export restriction on cryptography, exportable secret key from the United States is limited to 40-bit, which offers only low-grade security. The core of this thesis thus focuses on a secure web server model with extended support for full 128-bit encryption. The proposed model will provide high level security for all communications between browser and server. In addition, it provides support for digital certificate to strengthen the security on the open network. The proposed secure web server supports HTTP, HTTPS, and SSL protocol for secure Internet communication. The design of the secure channel in the proposed model is based on SSLeay. A basic Certification Authority (CA) with a friendly browser-based management interface is built in this web server to offer easy certificate management.
參考文獻
[2] J. Postel, "Transmission Control Protocol(TCP)", DARPA RFC 793, USC/Information Sciences Institute, September 1981.
[7] Spencer Ante, "Clinton Encryption Policy Criticized by Government Panel", http://www.pcworld.com/news/daily/data/0596/05309606.htm.
[9] CCITT. Recommendation X.509: "The Directory-Authentication Framework". 1988.
[15] VeriSign Digital ID FAQ, http://digitalid.verisign.com/id_faqs.htm.
[20] Security Issues in WWW, http://www.cs.unc.edu/Courses/wwwc/public/hanes/security.html.
延伸閱讀
- 蘇鈞毅(2012)。安全的網頁伺服系統設計〔碩士論文,健行科技大學〕。華藝線上圖書館。https://www.airitilibrary.com/Article/Detail?DocID=U0022-1806201201380500
- 黃肇祥(1998)。高安全度網路傳輸通道介面之設計〔碩士論文,元智大學〕。華藝線上圖書館。https://www.airitilibrary.com/Article/Detail?DocID=U0009-0112200611330073
- Liu, C. H. (2011). 資料安全的控制技術之設計與應用 [master's thesis, National Taichung University of Science and Technology]. Airiti Library. https://doi.org/10.6826/NUTC.2011.00058
- Hsiao, Y. K. (2007). 安全的網格架構感測網路資料傳輸技術之研究 [master's thesis, Tamkang University]. Airiti Library. https://doi.org/10.6846/TKU.2007.00501
- Shang, Y. W. (2004). The Design and Implementation of a Web Service Security Technologies Based Portal [master's thesis, Chung Yuan Christian University]. Airiti Library. https://doi.org/10.6840/cycu200400612