基于ECC算法的SSL连接迁移机制的研究

发布时间：2018-03-04 22:00

本文选题：SSL　切入点：选择性部分恢复　出处：《中南大学》2014年硕士论文　论文类型：学位论文

【摘要】：摘要：随着电子商务的快速普及和在线支付服务质量的提升,因特网的服务模式已经由传统的信息浏览模式向在线交易转变。因为Internet本身的开放性,使得一些对Internet依赖较高的服务都有着很高的安全需求。安全套接层协议(SSL协议)以及它的后续版本安全传输层协议(TLS协议)被广泛用来保障互联网中两个通信实体的通信安全。毫无疑问,保证客户端和服务器端之间的连接通畅对于各种安全级别要求较高的网络服务至关重要。通常,由于SSL服务器负载过重,会导致SSL连接频繁中断的情况出现。针对这个问题,传统的解决方法是为中断的SSL会话重新建立一个SSL连接,这种处理方法往往会带来不同程度的时延,从而降低了网络服务质量。基于以上问题,本论文结合ECC加密算法的优势,提出了一种选择性部分恢复(Selective Partial Recovery, SPR)策略的SSL连接迁移机制,该机制能够通过SPR策略重用必要的SSL会话元素将已经中断的SSL会话进行迁移。此外,为了满足系统稳定性的需要,论文还提出了一个基于服务器池的参数优化模型,该模型能够避免所有服务器同时运转以减小开销。服务器池是服务器集群的一个子集,它能够同时应对大量的外部请求,并在服务器池中出现宕机时,通过指定恢复服务器对已经中断的会话进行连接迁移。因为整个实现过程对客户端是透明的,所以该机制能够被应用于实际的框架中而不用改变TCP/IP协议和客户端。最后,通过实验的模拟结果表明：基于ECC加密套件的SSL协议能够有效加速SSL握手过程,并比基于RSA加密套件的SSL协议效率更高；基于SPR策略的连接迁移机制对于加速SSL会话恢复过程有着非常明显的效果,并能将恢复时间控制在用户可容忍的时间范围内；服务器池参数优化模型不仅能够满足系统稳定性,还能通过结合SSL连接迁移机制保持一个相当高的成功迁移比率。论文包含图18幅,表3个,参考文献65篇。
[Abstract]:Abstract: with the rapid popularization of e-commerce and online payment services to enhance the quality of Internet service mode has changed from the traditional information browsing to online transactions. Because Internet openness, make some of the Internet dependent services have a higher security requirement is very high. The SSL Protocol (SSL protocol) and its subsequent versions of transport layer security protocol (TLS protocol) is widely used to guarantee the safe communication two communication entities in the Internet.
No doubt, to ensure unobstructed connection between client and server is crucial for all higher level of security requirements for the network service. Usually, because the SSL server overload, SSL connection will lead to frequent interruptions occurred. To solve this problem, the traditional solution is to interrupt the SSL session to establish a SSL connection, this treatment the method often leads to delay in different degree, so as to reduce the quality of network service.
Based on the above problems, this paper combines the ECC encryption algorithm has the advantage of proposed a selective partial recovery (Selective Partial Recovery, SPR) strategy of SSL connection migration mechanism, this mechanism can be interrupted by the SSL session has elements of SPR strategy reuse necessary SSL session migration. In addition, in order to meet the needs of system stability and the paper also proposed a parameter optimization model based on the server pool, the model can avoid all servers running simultaneously to reduce overhead. The server pool is a sub set of server cluster, it can also deal with a large number of external requests, and downtime in the server pool, by specifying the server connection migration of recovery the session has been interrupted. Because the entire process is transparent to the client, so the mechanism can be applied to the actual frame without changing TCP/IP Protocol and client. Finally, the experimental results show that ECC encryption suite SSL protocol can effectively accelerate the handshake process based on SSL, and RSA than encryption suite SSL protocol based on higher efficiency; based on connection migration mechanism of SPR strategy has a very obvious effect to accelerate the SSL session recovery process, and can be the recovery time of control in the user tolerable time range; server pool parameter optimization model can not only meet the system stability, but also connection migration mechanism to maintain a fairly high success rate of migration by binding to the SSL. This paper contains 18 figures, 3 tables, 65 references.

【学位授予单位】：中南大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.09

【参考文献】