基于Web的教务管理系统安全方案设计

:2005-12-07:(0424220060);(2003520289):(1970-),,,,:;(1968-),,,,:;(1980-),,,,:;(1971-),,,,:;(1975-),,,,:.:1001-9081(2006)05-1198-04Web孙飞显1,徐明洁2,杨进1,王铁方1,刘孙俊1(1.四川大学计算机学院,四川成都610065;2.河南教育学院教务处,河南郑州450014)(sjysfx781@126.com):分析了传统教务管理系统存在的安全问题,提出了基于Web的教务管理系统安全设计方案从网络边界安全身份鉴别与访问控制入侵检测数据加密服务器安全灾难备份与恢复等方面对系统进行全方位保护,并给出了整体设计架构该方案能阻止非法用户的入侵,防止合法用户越权访问;同时,基于身份的加密方案确保数据在使用存储传输和处理过程中的机密性可用性完整性和不可抵赖性,克服了PKI机制公钥管理困难成本高效率低等不足理论分析和实验结果表明,该方法是保证高校教务管理系统安全运行的一种有效解决方案:网络安全;PKI/PMI;基于身份加密;教务管理系统:TP393.08:ADesignofsecuritysolutionforWeb-basededucationaladministrationsystemSUNFe-ixian1,XUMing-jie2,YANGJin1,WANGTie-fang1,LIUSun-jun1(1.SchoolofComputerScience,SichuanUniversity,ChengduSichuan610065,China;2.EducationalAffairsOffice,HenanInstituteofEducation,ZhengzhouHenan450014,China)Abstract:Thesecurityproblemsoftraditionaleducationaladministrationsystems(TEAS)wereanalyzed.Inordertoimprovetheirsecurity,anovelintegratedsolutionwasproposed.Inwhich,networkborderprotection,useridentificationandaccesscontro,lintrusiondetection,serverssecurity,anddisasterrecoverywerepresentedorstrengthened.Sotheinvaliduserscanbeheldback,andtheexceedingaccessofvaliduserscanbeprevented.Atthesametime,thenewmethodofIdentity-BasedEncryption(IBE)canensuretheconfidentiality,integrality,usabilityandtheundeniable-nessofthedataduringtheprocessesofstorage,transmission,processing,andsoon.Asaresult,theshortagesofPKI,suchasthedifficultyinmanagingthepublickeys,highcosts,andlowperformancecanbeovercome.TheoreticalanalysisandtheexperimentalresultsshowthatitprovidesagoodsecuritysolutiontothefieldofMIS.Keywords:networksecurity;PKI/PMI;Identity-BasedEncryption(IBE);educationaladministrationsystem0引言,Web;;,,,,[1,2],,:1):,,,;2)Web,;3),;4),,;5):;6),,[3]PKI,,PKI,;,PKI[4,5]:,;,;CRL;,,PKI,,第26卷第5期2006年5月计算机应用ComputerApplicationsVo.l26No.5May2006PPDRPDRR[2],[6~9](Identity-BasedEncryption,IBE),Web(Web-BasedSecurityEducationalAdministrationSystem,WBSEAS),,PKI1系统安全Web,;3.11.1,,,,,IDS,WBSEAS,,,,,,,,1.2,,,WBSEAS,,VPN,,1.3,;,WBSEAS,;,,,,PKI,WBSEASIBE,1.4,TCP/IP,,WBSEAS(IDS),,,IDS,;IDS,IDS,IP,1.5,,WBSEAS,,:;,E-mail;1.6,,,WBSEASInternet,Web,;,,;,WBSEAS,,2IBE基本原理IBEPKI,(PrivateKeyGenerator,PKG),,()IBE,PKI,RSARSA,,1199第5期孙飞显等:基于Web的教务管理系统安全方案设计,IBE[10,11],IBE:Cocks[8],,,,;Boneh[6]Baldwin[7],,,IBE[6]:1)PKG:1024p,q,p=6q-1;WDH(WeilDiffie-Hellman)y2=x3+1,:E/GF(p),:pq,pG;,:GGGF(p2);HashH1GF(p2){0,1}n,IDE/GF(p)qF{0,1}*E/GF(p);sZ*q,s,ppub=sp,PKG{p,n,,p,ppub,H1,F}M={0,1}nC=E/GF(p){0,1}n,s2)PIDIDE/GF(p)F(ID)IDUserIDPKG,SID=sPIDUserID3)/ADB,ArZ*q,:Dencrypt=(rp,DH1(grID)),grID=(pID,pPUB)GF(p2)Dencrypt=(W,V),BDencrypt,WE/GF(p),Dencrypt,SID:VH1(e(SID,W))=D/:(pID,pPUB)r=(rPID,sp)=(sPID,rp)=(SID,rp)3系统设计3.1C/S,,,;B/S,,,,,WBSEASC/S/SB/S/S/:,C/S/S;B/S/S,11WBSEASC/S/SB/S/SC/SB/S,,,,;,C:1)VPN,,VPNInternet,,,;2),,,;3)Web,;4),Internet,,2WBSEAS4实验与分析WebWBSEAS,,1200计算机应用2006年,[14]PKI[3]4.12,,WBSEAS,Linux,IBE[12],CIBE//;,PKG4.2TEAS[14],WBSEAS,,11TEAS[14]WBSEAS22PKI[3,4]WBSEAS/s20/s10.5/ms1310/(s-1)180200/Mbps3250:WBSEASPKI,,3[13]3PKIIBEPKIIBECACRLCA/RA/CRL/PKG,:Web,,;,/,,;,WBSEASPKI,,5结语Web,;PKIWBSEAS,WBSEAS,:[1].[M].:,2005.[2].[M].:,2004.[3],,,.PKI[J].,2003,32(4):440-443.[4]BRANDSS.RethinkingPublicKeyInfrastructuresandDigitalCer-tificates-BuildinginPrivacy[M].MITPress,2000.[5]ELLISONC,SCHNEIERB.TenRisksofPKI:WhatYoureNotBeingToldaboutPublicKeyInfrastructure[J].ComputersecurityJourna,l2000,16(1):1-7.[6]BONEHD,FRANKLINM.Identity-basedEncryptionfromtheWeilPairing[A].AdvanceinCryptology-CRYPTO2001[C].LNCS2139,2001.213-229.[7]BALDWINM.IdentityBasedEncryptionfromtheTatePairingtoSecureEmailCommunications[Z].MasterofEngineeringThesis,UniversityofBristo,l2002.[8]COCKSC.AnIdentity-basedEncryptionSchemeBasedonQuadra-ticResidues[Z].CryptionandCoding,LNCS2260,2001:360-363.[9]HORWITZJ,LYNNB.TowardHierarchicalIdentity-basedEncryp-tion[A].KnudsenLEUROCRYPT2002[A].Berlin:SpringerVerlag[C],2002.466-481.[10]PATERSONKG.ID-basedSignaturesfromPairingsonEllipticCurves[J].ElectronicsLetters,2003;38(18):1025-1026.[11]BONEHD,FRANKLINM.ShortSignaturesfromWeilPairing[A].BoydCASIACRYPT2001[C].Berlin:SpringerVerlag,2001.514-532.[12]BONEHD,FRANKLINM.StanfordIBELibrary[DB/OL].[13]PATERSONKG,PRICEG.A.ComparisonBetweenTraditionalPublicKeyInfrastructuresandIdentity-basedCryptography[J].In-formationSecurityTechnicalReport,2003,8(3):57-72.[14].[Z].,2001.1201第5期孙飞显等:基于Web的教务管理系统安全方案设计