Dissertation > Excellent graduate degree dissertation topics show

Development and Design of Security Middleware Based on PKI Technique in Security Certification System

Author: ZhangZhuoNan
Tutor: WangZuoXuan
School: Jilin University
Course: Software Engineering
Keywords: PKI CA application security support systems public key cryptography authentication secure transmission SSL OCSP
CLC: TP393.08
Type: Master's thesis
Year: 2008
Downloads: 97
Quote: 0
Read: Download Dissertation

Abstract


As the widespread application of internet and information technology in industry manufacturing and human daily life, information security increasingly becomes a critical real problem. Among various security threats, identification confirmation, data privacy, data completion, behavior repudiation and visit control are more important. Therefore, the PKI (public key infrastructure) technique obtains more and more attentions and recognitions in solving those problems.In recent years, a lot of standards, protocols, relevant law and regulations were released and implemented. This induced the development and design of the PKI technique becomes easy and convenient. At the same time, many PKI system manufacturers appeared in the market. In fact, most of the PKI systems developed by them are based on the same international standards and protocols. From the viewpoint of technology, there are significant differences among the PKI systems offered by different manufacturers. On the other hand, from the viewpoint of the users of the PKI system, the most important thing is how to apply PKI system to their daily work and to solve the security problems easily and flexibly. Currently, there are no standardized protocols which can be used in the combination of PKI systems and application systems. It is difficult to formulate a set of open standards because of different application forms and different development tools used in the development processes. Therefore, almost all the PKI system manufacturers regard the support of the application system as the highest target in their strategic decision.The security support system in function is mainly to solve the problem to authentication system, data confidentiality, visit control, audit and other related actions of security issues in the information system, but in the traditional system, there are generally two issues,one is to identify the user’s registration, the other is to control the authority based on the user’s identity. In order to provide high-strength authenticate and management,we can use the PKI technique to solve the problem for authorization by providing a digital certification for the user’s identification, and we can use PMI (previliage management infrastructure)technique to solve the authorization problems by awarding user certifications.Thus, when users access system with the digital certificate and attribute certificate, through the application system analyzes the certificates as well as a number of algorithms and password to use this information agreement, which applied to the system a big problem: applications reform burden.There are two kinds of ways to resolve the problem for the safety, efficient access to the PKI, PMI infrastructure platform in current applications system,one is based on the completion of the PKI, PMI connections, API will be embedded in to complete the application of the access problems; The other is to use a unified platform to support a deal based on the PKI, PMI connections in order to complete the application system access issues,The solutions to applications problem with using interface,is characterized by embedded the interface into application and it does not need additional hardware and transmission equipment consumption,and it is more suitable for individual applications system and a stable needs situation.The use of such methods will result in changing a lot and frequent revision, and it is not easy to maintain when the number of applications increases or the demands change,The feature of solving the application problem by using application security supporting platform is that security supporting platform is independent from the application support, and it can focus on dealing with the PKI, PMI’s connecting problems, and multiple applications can use the same application platform to support security, making the application system access PKI, PMI greatly reduce the workload of the system, and easy to maintain and expand. Application security support system security middleware is based on the J2EE development framework, including the realization of the transmission encryption, digital certificate-based authentication of high-intensity, directly facing the user-oriented business system and it provides authentication and security services to support the security of transmission.In this paper, this issue has discussed something including PKI system architecture, standards, as well as the development of the situation all over the world. At the same time,we’ve talked about the problems about enterprise applications in the process of using PKI system. Then we put forward the idea about developing the middleware based on the development of applications and the PKI technique to support the security system,and also elustrated that the two important parts in the suppoting system -- authentication and security of transmission; and we also described the design and architecture for the middleware based on PKI system in detail, and finally completed a support system in both the design and practical application in realityDeveloping application security support system security middleware is based on the principles as following:Safety is thefirst:PKI, PMI is a high-end security infrastructure, the most important thing is safe duing the process of solving the application problems based on PKI and PMI, and we can not decrease the vulnerability of the overall security result from the leaks of the resolving styles.The two "minimum":The workload,of the transformation in application system is minimum; the cost of the implementation of the system is minimumThe two "easy":The system is easy to maintain, The system is easy to expand.On the basis of the principles above, according to the " separation of safety and application " principle applied to resolve the issue of strengthening the security system. Let professional persons do professional things (that is, let security-related person deal with security issues, let appliction-related person deal with application issues)and the character is PKI, PMI combined closely with the infrastructure, seamlessly connection, when the PKI and PMI change, for example, a void or amend a certificate authority, immediate feedback can be applied to the system without human intervention; In addition, this solution to the application of reinforcing security issues can make it easy about the accessing and maintaining,so it is very suitable to a large number of applications as well as the transformation and being universal of the PKI, PMI techniques.When the client needs to access a server application, first of all, the client browser and application security system should support each other through the certificate to verify the both sides; Second, SSL channel shoule be built between the client browser and applications system. And send the data requests from the users to the application system by using the connecting between the application secutity supporting system and application system.Middleware plays the role of agents during the application security support ting in the transmission system. When users visit the application server to send the request, the request has not been sent directly to the application server, but the application was received by the security support system, the data was encoded firstly by the security support t system and then executed the authentication and access control security policies, eventually the data were transformed into the appropriate back-end agreement could be transmitted to the application server. The private network was effectively protected because of the implementation of security policy before allowing data streams into the application server.The middleware is developed based on the open standards, and it has good feature of compatibility and scalability, and it can also support of the PKI / CA system and PMI systems in every field, and it can be connected with a third-party products seamlessly and achieve security and transfer functions and identity authentication system, as well as authority to resolve tightly integrated system, meet the needs of user authentication,between the information system and information privacy, so it can be used in a wide range of fields;for example:it can be applied to e-commerce, e-government and web servers for enterprise portals and it can also be applied to specific security guarantees. Therefore it can bulid a secure transaction environment for users to meet the needs of the privacy, integrity, non-repudiation, security and auditing

Related Dissertations

  1. Research on Transparent Security of JPEG Image,TP391.41
  2. Study on Prohexadione Calcium on Growth of Rice and Wheat,S511
  3. The Design of Computer Forensics Model Based on Windows Log,D918.2
  4. Research on the Design and Implementation of Border Access Platform in Public Security Network,TP393.09
  5. Research on the Efficiency of Circle-Flow Constructed Wetland Process for Swine Wastewater Treatment and Zeolite Regeneration,X713
  6. Design on the Individual Cow’s Identification and Position System Based on ZigBee,TN929.5
  7. A Study of Related Factors to Post-stroke Depression of Patients with First-onset of Cerebral Apoplexy,R749.1
  8. Information-oriented physical systems IEEE802.15.4MAC protocol analysis and optimization,TP212.9
  9. Eu- doped α-SiAlON phosphor First-principles study,TB34
  10. Study on Legal Issues in Concluding Electronic Commerce Contract,D923
  11. Research on the Application of Image Information Hiding Technique,TP309.7
  12. The Clinical Study of Classification About Ischemic Stroke According to OCSP Criteria,R743.3
  13. Image Restoration Method Research and Its Application Based on Probability PCA,TP391.41
  14. Research and Application on Security Authentication Technologies in Internet of Things,TN929.5
  15. Research and Application of digital signature system based on smart cards,TP393.08
  16. Design and Implementation of Secured Network Hard Disk System Based on USBKey Authentication,TP393.08
  17. Shantou high the technical school office automation system based on J2EE Design and Implementation,TP311.52
  18. Design and Development of Accident Management Information System for Large-scale Hydropower Projects,TP311.52
  19. Research on the Low-cost RFID Systems Security Protocol,TP391.44
  20. Research and Implementation of Embeded Web System Security,TP393.08
  21. Study on Kinetics and Morphology of Calcium Carbonate Precipitation Catalyzed by Bacterial Carbonic Anhydrase,O643.32

CLC: > Industrial Technology > Automation technology,computer technology > Computing technology,computer technology > Computer applications > Computer network > General issues > Computer Network Security
© 2012 www.DissertationTopic.Net  Mobile