电子支付安全技术研究

重庆大学硕士学位论文电子支付安全技术研究姓名：王磊申请学位级别：硕士专业：计算机系统结构指导教师：廖晓峰20050501IInternetVPNSSLSETSSLSETPaywordWWWPayWordIIABSTRACTWiththeincreasingpopularizationandrapiddevelopmentoftheInternet,electroniccommercehasalsodevelopedquickly.Astheimportantpartofelectroniccommerce,secureelectronicpaymenthasbecomethefocusofmoreandmorepeople.Thispaperanalyzesandstudiestheapplicationsofinformationsecuretechnologyinelectronicpayment.Atfirst,thedevelopment,characteristic,content,effectofelectroniccommerceandtheimportanceofelectronicpaymentinelectroniccommercearebrieflyintroduced.Thentheconcept,generalmodel,pattern,classificationandsecuredemandsofelectronicpaymentarediscussed.Someinformationsecuretechnologyrelatedtoelectronicpayment,suchasfirewalltechnique,VPNtechnique,dataencryptiontechniqueandSSL,SET,arealsointroduced.Subsequently,themainworksofthispaperareorganizedasfollows:TheSSL,whichisanetworktelecommunicationprotocol,andSET,whichisaprotocolforelectronicbusiness,arestudiedindetail;Theirfeature,security,tradeflow,advantagesanddisadvantagesareanalyzed.Insuccession,detailedcomparesaremadebetweenSSLandSET.BasedonthesufficientcomprehensionofPayWordprotocol,weexpandandimproveittobesuitableforWWWcondition.Comparedwithoriginalprotocol,itismorepractical,secureandfair.Moreover,itdoesnotaffecttheperformanceofthesystem.AndsomefurthersuggestionsareproposedtoimprovePayWordprotocolbetter.Wetrytointegratechaoticcryptographictechniquewithtraditionalcryptographictechnique,andapplythemtopracticaltransactionsinelectroniccommerce.Achaoticencryption-hashalgorithmwithparallelpropertyisdesigned,andalotofexperimentsaremadetoverifytheperformanceofthealgorithm.Experimentalresultsdemonstratethatthisalgorithmhasbetterhashperformance,anditcancompletethecomputationofencryptionandhashsimultaneously.Thenanelectronicpaymentschemebasedonthealgorithmisproposed,andsomeperformanceevaluationsaremadeindetail.Finally,theresearchworkofthispaperissummarizedandthefutureresearchdirectionisindicated.Keywords:ElectronicCommerce,ElectronicPayment,DigitalCash,Micro-payment,CryptographicTechnique,Chaos111Internet[1,2,3,6]1.11.1.1609030Internet1997531VISAMastercardSET[7]SecureElectronicTransferProtocol1997Internet12ElectronicDataInterchangeFaxCommunicationICATMVANs90InternetJAVAInternetVANWWWWeb1.1.2InternetInternetInternetElectronicMarketInternet131.1.32090InternetWebUN/EDIFACTIBMBusinessBusinessBBBusinessConsumer1IntranetInternet2BCInternet143BBBusinessBusinessInternet1.1.419983121.5151.1.51.21.2.116IBMSET1.2.21.3SSLSETPaywordWWW17SSLSETPaywordPaywordWWW1.4282InternetTCP/IPIPv6Internet2.12.1.1InternetPC2.1.229CA2.12.1Fig2.1thegeneralmodelofelectronicpaymentsystem2102.1.3IBMi-Key-ProtocoliKPVisaMicrosoftSecureTransactionsTechnologySTTMasterCardSecureElectronicPaymentProtocolSEPP1996VisaCardMasterCardGTEIBMMicrosoftNetscapeSAICTerisaVeriSignSecureElectronicTransactionSET[7]STTSEPP2.2SET123452.2Fig2.2thepurchasingflowchartbasedonpaymentprotocolofcreditcard211678FirstVirtualInternetInternetSSL[33]WebSSL12PKISSLSETSETSSLSETSSLSET2.31E-mailWWW23ISIInformationSciencesInstituteNetChequeKerberosCarnegie-MellonNetBillFSTCElectronicCheck2122.4D.Chaum[35]ChaumE-mailWWW2.3Fig2.3thebasicflowofelectroniccheck/2.4Fig2.4thepaymentmodelofelectroniccashsystem213ChaumChaumFiatNaor[36]OkamotoOhta[37]Damgrd[38]Two-partyComputationPfitzmannWaidner[39]FranklinYung[40,41]DamgrdDiscreteLogarithmAssumptionFranklinYungTsiounisChanFrankel[42]RSAFranklinYungOkamotoOhta[43]Cut-and-choosePaillesBrands[44,45]DigiCashDigiCashISINetCash214MicropaymentMPTPPayWordMicroMintAgoraMiniPayMillicent[27]PaywordWWW2.1.45IC2.1.5215ConfidentialityIntegrityVerificationofIdentityNon-repudiationofDisputedChargesFault-tolerance2162.22.2.1TCP/IPWWWTelnetDMZ2172.2.2VirtualPrivateNetworkingVPNISPInternetNSPInternetVPNVPNTunnelingEncryption&DecryptionKeymanagementAuthenticationVPNPPPL2FPPTPL2TPVTPIPSecIPSecIPSecurityRFCIPVPNInternet2182.2.3ARABBRABR219[32]2.2.41976DiffieHellman[26]1RC4DESNN2HellmanDiffie19761978RSA220SSLDigitalEnvelope1K2MM34KK5KM1KM2KK3KMM1DigitalDigestHashabHashHashcHash2DigitalSignature221HashaMHashHbHScMSaMSbMHashHcdSHeHHHHDigitalCertificateCACertificateAuthority2.2.5222Kerberos///PINPIN2.2.6S-HTTPIPv6SNMPv3S/MIMESSLSETS-HTTPSSLSETS-HTTPHTTPS-HTTPHTTP1994CommerceNetIETFWebTransactionS-HTTP/S-HTTPInternetHTTPHTTPMACS-HTTPS-HTTPS-HTTPWeb223SSLSSLSecureSocketLayerNetscape1994SSLTCPSSLWebSSLSSLSSLSSLSSLSSLS-HTTPHTTPS-HTTPS-HTTPHTTPS-HTTPSSLWebSETSETSecureElectronicTransactionVisaMasterCardSETDESRSAS-HTTPSSLSETSET2.3VPNSSLSET3SSLSET243SSLSETSSLSET3.1SSLSSLSecureSocketLayerNetscapeWeb/3.1.1SSLSSLInternetSSLInternetWebHTTPSSLSSLSSLWebSSLSSLSSLSSLWebWebSSLTCPHTTPFTPTELNETSSLSSLSSLWebSSL3SSLSET253.1.2SSLSSLSSLSSL3.1SSLSSLSSLSSLSSLHandshakeProtocolSSLSSLSSLRecordProtocolSSLSSLSSLTCPTCPTCP/IPSSLMACMessageAuthenticationCodeSSLSSLSSLSSLSSLOSISSLSSL3.1SSLFig3.1thehiberarchyofSSLProtocolSSLSSLSSLHTTPSSLTCPIP3SSLSET263.1.3SSLSSLSSLSETSSLSSLTCPSSLSSLSSLSSLSSLSSL2141024MACMACMAC1024SSLPDUSSL3.28bit8bitSSL8bit16bit88883.2Fig3.2thepa