中国科学院软件研究所机构知识库
Advanced  
ISCAS OpenIR  > 中科院软件所  > 中科院软件所
题名:
一个Kerberos化POP3取邮件系统的设计与实现
作者: 司伟生
答辩日期: 2000
专业: 计算机应用技术
授予单位: 中国科学院软件研究所
授予地点: 中国科学院软件研究所
学位: 博士
关键词: POP3协议 ; Kerberos协议 ; 私钥密码体制 ; 公钥密码体制
摘要: 本系统的实现是为了解决把Email从服务器取到客户端的安全性问题。由于Email的安全问题存在着多个方面,所以本文在绪论中首先对Email的安全问题进行了总结,并指出了每一类问题目前已有的解决方法,从而使大家对本系统在解决Email安全问题中所处的位置有一个清楚的认识。在绪论中还对用于取邮件的POP3协议进行了介绍,因为它是本系统致力于增强的对象。绪论的最后部分指出了POP3协议在安全方面存在的不足之处,即向大家说明我为什么要实现这个系统。本系统实现的基本思路是把Kerberos认证协议(版本5)引入到POP3协议当中去,用术语来说就是把POP3协议Kerberos化(Kerberize)。为了使大家清楚的了解Kerberos协议,本文在第二章对Kerberos V5进行了详细的介绍和分析。简而言之,Kerbero是一种基于私钥密码的,需要第三方认证服务器的,支持双向认证的,和提供数据通讯加密功能的认证协议。本系统主要在两方面对原来的POP3协议进行了增强,一是用Kerberos认证过程替换掉了POP3协议原有的认证过程,二是利用Kerberos协议中的会话密钥对POP3的通讯过程进行了加密。为了达到以上两个目的,就必须对POP3协议的两端(POP3服务器和POP3客户端)都进行Kerberos化。但是由于目前很多Email客户端软件已经为大家所熟悉并乐于使用,所以我在客户端这一头采用的是插入一个Kerberos化POP3代理的方法。通过上面这种做法,用户就可以在完全不更换他所心爱的Email客户端软件的情况下使用本系统。本系统的实现工作主要有两个-实现一个Kerberos化POP3服务器和实现一个Kerberos化POP3代理,本文在第三章中对它们的实现过程进行了具体的介绍。第三章首先介绍了整个系统的体系结构,然后分别详细介绍了Kerberos化POP3服务器(实现于Sun Solaris 2.6)和Kerberos化POP3代理(实现于Win98)的实现方法。Kerberos协议是目前讨论得比较多的认证协议之一,本文在第四章给出了我个人对进一步改进Kerberos协议的看法。因为目前的Kerberos协议没有包含任何公钥密码算法,所以很多研究者提出了用公钥密码体制来加强Kerberos协议的方案。但是我认为,由于Kerberos协议本身体系结构的特殊性,引入公钥密码体制不仅会给系统带来非常严重的冗余,而且所解决的问题非常有限或者不如在私钥密码范围内加以解决,故此引入公钥密码体制是弊大于利的。另外,我还对在私钥密码范围内进一步加强Kerberos协议提出了一些自己的意见。在第五章中,我对全文进行了总结,文后的附录为本系统的使用说明。
英文摘要: The implementation of this Kerberized POP3 system is to secure the process of fetching Email from the email server to the email client. Because the issue of Email security has many aspects, I present an overview of it in Chapter 1 in order that you can clearly know what my system has solved and what it hasn't. In Chapter 1 I also give an introduction to the POP3 protocol, which my system is intended to enhance. And in the end of Chapter 1, I point out the security weaknesses of POP3 protocol, explaining in detail why I came out the idea to implement this system. The basic approach of this implementation is to integrate the Kerberos protocol into the POP3 system, or in another word, to Kerberize the POP3 system. To make you understand the Kerberos protocol, I present a detailed description of Kerberos V5 in Chapter 2. Here in short, Kerberos protocol is a kind of third party authentication protocol based on secret key cryptography, and it possesses the functionalities of mutual authentication, single sign-on, and data privacy protection. This system improves the original POP3 system in two places-changing the authentication process to Kerberos authentication and providing the encryption of the POP3 communication with Kerberos session key. In theory, I need to Kerberize both the POP3 server and the POP3 client. However, since many Email client shave been well accepted by users, it is not advisable to change them, so I insert a Kerberized POP3 proxy before each of them instead. By doing this, users can enjoy my Kerberized system without changing their favorite Email software. There are mainly two tasks to implement this system: to develop a Kerberized POP3 server and to develop a Kerberized POP3 proxy, and they are described in Chapter 3. In Chapter 3 I first give an overall introduction to the design of my system, and then I give thorough illustrations to the implementation of the Kerberized POP3 server (on Sun Solaris 2.6) and the implementation of the Kerberized POP3 proxy(on Win98). Kerberos V5 is currently under hot discussion, and I add my opinion in Chapter 4. Because of the lack of public key algorithm in Kerberos, many researchers proposed methods of enhancing Kerberos by introducing the public key cryptography. However, I believe, due to the special architecture of Kerberos protocol, introducing the public key cryptography not only will bring great redundancy to the system but also is inferior to solving the same problem within the secret key cryptosystem, so it is not desirable. In addition, I also present some suggestions on the improvement of Kerberos V5 within the secret key cryptography. In Chapter 5, I give a summary to the whole thesis. And the appendix is the user's guide to this system.
语种: 中文
内容类型: 学位论文
URI标识: http://ir.iscas.ac.cn/handle/311060/7270
Appears in Collections:中科院软件所

Files in This Item:
File Name/ File Size Content Type Version Access License
LW002137.pdf(1525KB)----限制开放-- 联系获取全文

Recommended Citation:
司伟生. 一个Kerberos化POP3取邮件系统的设计与实现[D]. 中国科学院软件研究所. 中国科学院软件研究所. 2000-01-01.
Service
Recommend this item
Sava as my favorate item
Show this item's statistics
Export Endnote File
Google Scholar
Similar articles in Google Scholar
[司伟生]'s Articles
CSDL cross search
Similar articles in CSDL Cross Search
[司伟生]‘s Articles
Related Copyright Policies
Null
Social Bookmarking
Add to CiteULike Add to Connotea Add to Del.icio.us Add to Digg Add to Reddit
所有评论 (0)
暂无评论
 
评注功能仅针对注册用户开放,请您登录
您对该条目有什么异议,请填写以下表单,管理员会尽快联系您。
内 容:
Email:  *
单位:
验证码:   刷新
您在IR的使用过程中有什么好的想法或者建议可以反馈给我们。
标 题:
 *
内 容:
Email:  *
验证码:   刷新

Items in IR are protected by copyright, with all rights reserved, unless otherwise indicated.

 

 

Valid XHTML 1.0!
Copyright © 2007-2017  中国科学院软件研究所 - Feedback
Powered by CSpace