Dissertation > Excellent graduate degree dissertation topics show

Design and Implementation of Windows Kernel-mode Cryptographic Service Interface

Author: ChenShengHong
Tutor: SunYuQin
School: Harbin Institute of Technology
Course: Instrument Science and Technology
Keywords: Windows kernel-mode security kernel-mode cryptographic service cryptographic service interface disk encryption
CLC: TP309.7
Type: Master's thesis
Year: 2008
Downloads: 50
Quote: 0
Read: Download Dissertation

Abstract


A cryptographic service interface is an architecture that contains a collection offunctions and security mechanisms. The main objectives of it are to protect encryp-tion keys and similar sensitive data, hide the implementation details of cryptographicalgorithms, provide transparent cryptographic services to developers, and define con-solidate APIs for upper applications and lower cryptographic modules, thus allowingtheir independence developments. In this decade, with the development of computernetwork and information security, more and more applications require that the cryp-tographic services run at the level of operating system kernel. Therefore, it has greatsignificance in providing a direct, efficient, and universal solution for them by design-ing a kernel-mode cryptographic service interface.To provide efficient cryptographic services and uniform cryptographic APIs forthe kernel-mode security products, thus convenient for the selection and reuse of thecryptographic modules and algorithms, and improving the development efficiency andreliability of the products, this thesis designs an open, high-security, and practicalcryptographic service architecture in Windows kernel-mode. First, the cryptographicservice requirements in Windows kernel-mode are analyzed against concrete appli-cations. Then the relative cryptographic services, existing interface standards, andinterface implementation technologies are researched. After that, the design and im-plementation of a high compatible and expandable cryptographic service architecturebased on a traditional computer security model, which runs at the level of Windowskernel, are described in details.The architecture invokes a security kernel which is responsible for the messagedispatch, object management, and forcible object access control. It is the securityfoundation of the entire architecture, which isolates the outside applications from in-ternal objects, protects the sensitive data, by creating a security perimeter. On top ofthe kernel are various objects which abstract cryptographic services layered, such asencryption, hash, and key management, by layers. The layered model based on ob-jects makes the architecture has clear structure and ?exible expansibility, furthermore,compatible to the new algorithms and hardware cryptographic products. Finally, a disk encryption system based on the architecture is given. The supportsfrom the architecture to the system design and its security functions are analyzed.And the applications of the architecture in the encryption filter driver and user identityauthentication module based on C/R mechanism are described in details.Testing results and the application example of disk encryption show that, thearchitecture only needs a little overhead to achieve its security goals and guaranteethe compatibility and expansibility. Moreover, the architecture is a universal cryp-tographic framework, which can fulfill almost all security requirements in Windowskernel-mode and effectively improve the development efficiency and reliability of thesecurity products.

Related Dissertations

  1. The Research and Implementation of Trusted Security Enchancement System Based on USBKey,TP393.08
  2. Design and Implement of Diskencrypt System,TP309.7
  3. Design and Implementation of Data Security System Based on TPM,TP309.2
  4. Research of Physical ID Authentication and Physical Encryption Technology to IDE Hard-Disk Based on MEMS Strong-Link,TP333.35
  5. Encryption U disk storage management Research and Implementation,TP333.2
  6. TrueCrypt disk encryption software security analysis,TP309.7
  7. Design of Harddisk Encryption Card Based on NIOS,TP333.35
  8. Research and Implement of Secure File System,TN918.9
  9. Hard disk encryption card design based on FPGA and Nios soft -core processor,TP309
  10. BIOS-based computer security subsystem Research and Implementation,TP309
  11. A Safe Disk in Windows Environment,TP309
  12. Design and Implementation of Key Management System for Hard Disk Encryption Card,TP309
  13. Application and Research of FPGA in Encryption Card for Hard Disk,TP309.7
  14. Removable storage device hardware encryption system,TP309.7
  15. The Design and Implementation of Security Mechanism of Embedded Dependable Computer,TP309
  16. Research on Iris Based Cryptography,TP309.7
  17. The Research of Dynamic Trust Model on Cloud Computing Platform,TP309
  18. Research of Sensitive Information Protection Techniques for Automated Trust Negotiation,TP309
  19. Study on the Access Control of the Court Information System,TP309
  20. Remote FPGA system design and implementation of security upgrades,TP309

CLC: > Industrial Technology > Automation technology,computer technology > Computing technology,computer technology > General issues > Security and confidentiality > Encryption and decryption
© 2012 www.DissertationTopic.Net  Mobile