- 學位論文
IP 安全機制在校園電子公文傳輸之應用
The Application of IP Security for Secure Electronic Documents Transfer in Campus
摘要
摘要 在本論文中,我們對IP(internet protocol)安全機制在校園電子公文傳輸之應用進行研究。智慧卡(smart cart),X509憑證(certificate),ISAKMP (internet security association and key management protocol) / Oakley金鑰交換,認證表頭(authentication header)/安全承載封裝(encapsulating security payload),傳輸模式(transport mode)與通道模式(tunnel mode),運用多樣安全結合(security association),建構了安全機制的校園電子公文傳輸。 首先我們定義了智慧卡與X509憑證的格式,然後使用Oakley協定,進行第一階段(phase one)金鑰交換,最後提出安全機制的電子化公文傳輸之通訊協定,此協定包含了安全政策資料庫(security policy database)設計,ISAKMP交換協定及不同組合的安全結合。 本論文特色如下: 1. 透過IPSec(internet protocol security)我們可完成安全機制的電子化公文傳輸。 2. 利用憑證來交換通訊雙方之公開金鑰(public key)。 3. 依照不同種類校園合法網路使用者,提供不同的安全結合。 我們深信本論文之研究,將對IPSec應用提供了相當經驗與幫助。
並列摘要
Abstract In this thesis, the application of IP (internet protocol) Security for secure electronic documents transfer in campus is studied. The smart card, x509 certificate, ISAKMP (internet security association and key management protocol) / Oakley key exchange, AH (authentication header) / ESP (encapsulating security payload), transport/ tunnel mode and combination of SAS (security associations) are used to construct a secure channel for transferring the electronic documents in campus networks. At first, the formats of smart card and x509 certificate are given. Then, the key exchange based on Oakley is presented for the phase one key exchange. Finally, the secure electronic documents transfer protocol is proposed. The protocol contains SPD (security policy database) design, ISAKMP exchange, and combinations of SAS. The features of our works are as follows: (1). The secure electronic document transfer can be accomplished via IPSec (internet protocol security). (2). The certificate is used for key exchange based on public key mechanism. (3). Different combinations of security associations are provided for different kinds of users. It is believed that the results of our study in this thesis will be much helpful to future research in the application areas of IP Security.