Security modules in building a secure Internet.

摘要

The integration of computer and telecommunication systems has produced a successful interconnection network--the Internet. As the Internet is now being used for an increasing number of mission-critical applications, the risk of intrusion also increases. Without thorough security, information transmitted over the Internet is susceptible to fraud and other misuse by illegitimate or unauthorized users. An effective way to protect data from being compromised is to develop and use efficient and reliable security technologies. This dissertation focuses on several major security technologies including digital signature, network authentication, security failure handling and firewall design.; Internet security is frequently described in terms of security services provided. Each of the security services may be implemented by using a combination of various cryptographic algorithms and security mechanisms. Supported by these cryptographic algorithms and security mechanisms, the Internet utilizes security protocols to protect data exchanges. Security modules can be built based on these cryptographic algorithms, security mechanisms, and security protocols. This dissertation focuses on several security modules that are frequently used in Internet security. This dissertation first discusses generalized schemes of the ElGamal-type digital signature mechanism, and then presents a simplified description of the DES encryption algorithm. Based on the Internet Security Association and Key Management Protocol, this dissertation proposes an implementation mechanism to handle security-related failures. This dissertation also proposes a new extension for the Kerberos authentication mechanism, which provides stronger authentication for client/server applications. The last part of this dissertation offers an improved firewall scheme to meet the high security requirements for the Internet connections.