密钥管理系统前台的设计与实现

发布时间：2018-04-18 10:38

本文选题：密钥管理 + C/S架构　；参考：《西安电子科技大学》2014年硕士论文

【摘要】：随着网络、计算机技术的飞速发展,网络信息的应用已经遍布于各行各业和人们的日常生活。然而,伴随着信息化的建设,网络数据存储、访问的安全问题日益突显。为了解这一类问题,安全存储产品应运而生。密钥管理系统作为安全存储产品的不可缺少的组成部分,其可靠性关乎整个系统的安全。本论文以有关部门相关安全专项为依托,设计了一种适用于安全存储产品的密钥管理系统,具有很好的实用价值。文中通过介绍安全存储产品的工作流程,分析其中有关密钥的需求,在比较不同的密钥管理实现方式后,设计了一套适应于安全数据储存服务的密钥管理系统前台模型,分别在系统框架、工作原理、服务接口和通信协议方面给予了详细阐述。主要工作如下:1.抽象并细化密钥管理阶段,依据实际应用需求,通过将密钥管理划分为生成、销毁、更新、注入、备份、安全存储等一系列操作,实现了工作密钥从生成到分发以及最终销毁的整个生命周期的有效管理。2.针对管理员管理身份合法性验证问题,提出多要素认证机制。多要素认证机制包括USB Key、口令、身份认证等信息;为弱化超级管理员权限,采用Shamir秘密共享机制实现超管理员身份的认证。3.面向系统运行状态的可查询性、事故责任的可追究性需求,设计了相应的日志审计模块。该模块中记录的日志信息包括管理员操作所产生的日志信息以及使用对应管理员的签名私钥对日志信息摘要值进行签名的签名值。4.以C/S架构为基础进行了系统实现。在保证通信两端安全及通信代价低的前提下,基于SSL协议和密码学相关技术,设计并实现自定义安全协议,从而满足通信建立过程中双方的身份认证、密钥协商、安全加密通信等需求。
[Abstract]:With the rapid development of network and computer technology, the application of network information has spread all over the industry and people's daily life.However, with the construction of information, network data storage, access security issues have become increasingly prominent.In order to understand this kind of problem, the safe storage product arises at the historic moment.As an indispensable part of secure storage products, the reliability of key management system relates to the security of the whole system.In this paper, a key management system for secure storage products is designed, which is based on the relevant security items. It has good practical value.In this paper, the workflow of secure storage products is introduced, and the requirements of key management are analyzed. After comparing the different key management methods, a key management system foreground model suitable for secure data storage service is designed.The system framework, working principle, service interface and communication protocol are described in detail.The main work is as follows: 1.Abstract and refine the key management stage, according to the actual application requirements, by dividing the key management into generation, destruction, update, injection, backup, security storage and a series of operations,It realizes the effective management of the whole life cycle of the working key from generation to distribution and final destruction.In order to solve the problem of administrator management authentication of identity legitimacy, a multi-factor authentication mechanism is proposed.The multi-element authentication mechanism includes USB key, password, identity authentication and so on. In order to weaken the authority of super administrator, Shamir secret sharing mechanism is used to realize the authentication of super administrator.The corresponding log audit module is designed to meet the requirement of the query of system running state and the responsibility of accident.The log information recorded in this module includes the log information generated by the administrator operation and the signature value. 4.The system is implemented on the basis of C / S architecture.Based on the SSL protocol and cryptography technology, a custom security protocol is designed and implemented to satisfy the identity authentication and key negotiation of both sides in the process of communication establishment, on the premise of ensuring the security of both ends of communication and the low cost of communication.Secure encrypted communications and other requirements.
【学位授予单位】：西安电子科技大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP311.52;TN918.4

【相似文献】