电子商务安全协议研究与b2c交易系统实现

上海交通大学硕士学位论文电子商务安全协议研究与B2C交易系统实现姓名：熊丹丹申请学位级别：硕士专业：通信与信息系统指导教师：薛质20080101B2CIB2CSSLSSLSSLSSLSETPetriSSLB2ChttpPetriB2CIIResearchofElectronicCommerceSecurityProtocolsandSimulationofB2CTradeSystemAbstractWiththerapidprevalenceandwideapplicationsofelectronicinformationtechnology,electroniccommerceisreceivingmoreandmorerecognitionsfromthesocietywithitsadvantagesofbeingswiftandconvenient.However,duttoitsdistributedandopennature,securityproblemsbecomeanimportantinfluenceonthedevelopmentofE-Commerce.Thisthesispresentsasystematicreaserchonthesecurityarchitectrueofelectroniccommerceandexpatiatesonitsnetlayer,encryptionlayer,authenticationlayer,securityprotocollayerandapplicationlayer.ThenthethesisanalyzesthestructureandpracticeruleofSSL.Handshakeandrecordprotocolprocessisthekeystone.Thesecurityperformanceisdiscussedfromtheaspectsofkeymanagementandidentityauthentication,andthesecuritylimitationsarepointedout.SSLsecurityagentisproposedasasolutiontotheselimitations.AsforthedataandruleofSET,theprocessofregisterapplicationanddualsignatureisformallymodeledandspecifiedbytheanalysistoolPetrinets,andsomekeytechnologies,suchassymmetricalanddissymmetricalcryptography,messegedigest,digitalsignatureanddigitalenvelope,areinvolvedintheprocess.OnthebasisoftheoryresearchthisthesissimulatesaB2CelectronictradesystembasedonSSL.Thesimulationincludesthedesignanddevelopmentofmerchantsystem(foregroundshoppingwebsiteandbackgroudmanagmentplatform),thethird-partypaymentplatformandthepaymentgatewayofthebank.Securitymechanismslikehttpsignatureandnotifyverificationareadoptedinthethird-partypaymentplatformandtheB2CIIIplatformprovidesservicesthroughserviceinterfaceandnotificationinterface.Keywords:electroniccommercesecurityarchitecture,SSL,SET,Petrinet,thethird-partypaymentplatform2008115□□√”“√”20081152008115[1][2]B2BBusinesstoBusiness90%B2CBusinesstoCustomerC2CCustomertoCustomer,[1]1.ECECEC2.ECECEC://www.521taobao.com/B2C41.3SSLSETSSLSSL——SSLSETSSLSETSSLB2C[3]SETSSLCAhash2.1Fig.2.1SecurityArchitectureofElectronicCommerce5,C,K,E,DMCKEDEM×K→CEMKCDC×K→MDCKM2.2KMCC=EkMK’CMM=Ek’CKK’(M)(E)(C)(D)(M)KK2.2Fig.2.2SimpleEncryptionandDecryptionModelofCryptography2.2.1StreamCipherBlockCipher“”“”“”FeistelFeistelFeistelDES2.2.1.2DESDESDataEncryptionStandard1972NBSIBMW.TuchmanC.MeyersLucifer1977NBSDESIBMDESDESFeistelDES64645686464DES[4][5][6]64bitIP56bit1664bit16K’KKi=K’16-i+1i=12…16Kii’iiKK’56bitM=m1m2m3…m64K=k1k2k3…k64C=IP-1•T16•T15……T2•T1•IP(M)1IPIP2.1MIP-12.2IP-1•IP=1Mm1m2m3…m64IPm58m50m42…m72.1IP2.2IP-158606264575961635052545649515355424446484143454734363840333537392628303225272931182022241719212310121416911131524681357403938373635343387654321484746454443424116151413121110956555453525150492423222120191817646362616059585732313029282726252TDES16i2.3Li-1(32bit)Ri-1(32bit)E+SP+Ri(32bit)Li(32bit)Ki(48bit)F2.3DESiFig.2.3EncryptionProgressofDESii-1Li=Ri-1Ri=F(Ri-1,Ki)Li-1M0=L0R0=IP(M)+118Ri-132bit8Ri-11bit2.4bitRi-1159131721252926101418222630371115192327314812162024283215913172125292610141822263037111519232731481216202428323248121520242859131721252912.4EFig.2.4ExpandProcessofDES48bitRi-1i48bitKiKi2.5K64bit56C0(28bit)D0(28bit)C1(28bit)D1(28bit)K1K162.5DESKiFig.2.5CreationofKeyKi×16jSjRi-1j6bitSj4bitRi-1Ex1x2…x47x48S(x1x2…x47x48)=S1(x1x2…x6)S2(x7x8…x12)…S8(x43x44…x48)Si(h1h2h3h4h5h6)Sih1h6h2h3h4h5PPS32bitDES2.6bitS1591317212529261014182226303711151923273148121620242832152804131182161114177261210192722302322932016259138524P2.6PFig.2.6PermutaionProcessofDESFLi-1i32bitRiLiRii+116L16R163IP-1L16R16IP-12.2.1.3AES209056DES19973VerserInternetDES56DESDESDES3DES112bit168bit3DES3DESDES{NkNb}+6NbNk32bitDES2.2.2PublicKeySecreteKeyPKSK2.2.2.11RSAECCy=fk(x)yxxky=fk(x)yk’k’yxk’x=fk’-1(y)k’yxx=fk’-1(y)yky=fk(x)f-1k’k’(M)BCPKBM=DSKB(C)2.2.2.2RSA1976DeffieHellman1977RonRivesetAdiShamirLenAdlemanRSARiveset-Shamir-Adleman1978RSA1RSARSA“”nZn={0,1,2,…n-1}nZnwzw•z=1modnzwnpapap-1≡1modpnnnф(n)pqф(p)=p-1ф(p•q)=ф(p)•ф(p)=(p-1)(q-1)anaф(n)=1modnElucid2RSARSAф(n)(n)RSARSApqpq[1075,10100]nф(n)=(p-1)(q-1)eenф(n)eф(n)ddeф(n)d•e=1modф(n)endnRS