基于加密扩展的DNS安全系统

发布时间：2018-05-30 18:01

本文选题：域名系统 + 域名系统安全扩展　；参考：《华中科技大学》2014年硕士论文

【摘要】：由于信息能被网络中的每个人访问，通过网络收发消息并不安全。层次分布式域名系统DNS是一种网络命名系统，通过使用ip地址实现源目信息的收发。由于原有的DNS协议说明部包括安全机制，因此使用域名系统安全扩展DNSSEC应对安全问题。 DNSSEC是一套因特网工程任务部(IETF)说明，用于保证用于因特网协议的DNS信息的安全。这是一套对DNS的扩展，提供给DNS客户端，对DNS数据进行原始授权、authenticated denial of existence、数据集成。由于没有有效性或机密性，DNSSEC依然不能保证足够安全。因此，它不能防止信息泄漏。由于DNSSEC是可扩展的，一个合适的办法是为DNSSEC增加某些算法，以便它能改进其安全级别。在这一研究中，试图通过结合数字签名以及非对称密码系统（使用公钥）改进DNSSSEC的安全级别。为了提高安全等级，公钥也被加密并通过网络传递。数字签名是一种能对数字消息或文档提供授权能力的数学模型。一个合法的数字授权给接受者一个相信信息是由一个已知发送者创建的理由，从而是发送者不能拒绝已经发送过信息，并且信息没有在途中被修改。公钥加密，也称为非对称加密，是一类需要两个独立密钥的加密算法：一个为公钥，，另一个为私钥，尽管不同但有联系。公钥用于加密明文或验证签名，私钥用于解密密文或创建数字签名。本研究通过使用伪随机数发生器以一种更快更安全的方式产生密钥对改进了安全性：SHA-1和MD5用于产生和压缩消息摘要，签名使用私有键和消息摘要产生并和公钥一起发送。由于对DNSSEC加入了上述算法，DNSSEC的安全级别得到改进。这保证了在网络上接受或发送信息更安全。
[Abstract]:Because information can be accessed by everyone in the network, sending and receiving messages over the network is not secure. Hierarchical distributed domain name system (DNS) is a network naming system. Since the original DNS protocol specification includes security mechanism, domain name system (DNS) security extension DNSSEC is used to deal with security problems. DNSSEC is a set of Internet Engineering Task Force (IETF) instructions for ensuring the security of DNS information for Internet protocols. This is an extension of DNS, which is provided to the DNS client for the original authenticated denial of existence, data integration of DNS data. DNSSEC is still not secure enough because it is not valid or confidential. Therefore, it does not prevent the disclosure of information. Since DNSSEC is extensible, an appropriate approach is to add some algorithms to DNSSEC so that it can improve its security level. In this study, we try to improve the security level of DNSSSEC by combining digital signature with asymmetric cryptosystem (using public key). In order to improve the security level, the public key is also encrypted and transmitted over the network. Digital signature is a mathematical model that provides authorization for digital messages or documents. A legitimate digital authorization gives the recipient a reason to believe that the message was created by a known sender, so that the sender cannot refuse to send the message and the message has not been modified en route. Public key encryption, also known as asymmetric encryption, is a class of encryption algorithms that require two separate keys: one is public key, the other is private key, although different but related. Public keys are used to encrypt plaintext or verify signatures, and private keys are used to decrypt ciphertext or create digital signatures. By using pseudorandom number generators to generate key pairs in a faster and more secure manner, this study improves security: SHA-1 and MD5 for generating and compressing message abstracts. Signatures are generated using private keys and message digests and sent with the public key. The security level of DNSSEC is improved by adding the above algorithm to DNSSEC. This ensures that it is more secure to receive or send information on the network.
【学位授予单位】：华中科技大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08

【相似文献】