网上超市安全系统的设计与实现

上海交通大学硕士学位论文网上超市安全系统的设计与实现姓名：施琛申请学位级别：硕士专业：计算机技术指导教师：邱卫东20070901InternetInternetInternetInternetInternetVPNVPNDESIGNANDIMPLEMENTATIONOFONLINESUPERMARKETSECURITYSYSTEMABSTRACTWiththedevelopmentofInternet,e-commercegraduallyrisesandismoreandmoreacceptedbythepeople,andthefutureisverytempting.Atthesametime,e-commerceactivitiesalsofacingtheincreasinglyseriousproblemofsecuritywhichrestrictsitsdevelopment.HowtoprotecttheenvironmentofInternete-commerceactivities,makingelectronictransactionsassafeandreliableasthetraditionaltransactionsisthegoalofthispaper.Thispaperexploreshowtorealizee-commerceaccessintheopenInternetenvironment,thesecuritytradingactivities,Atthesametimethispaperdiscussesthetheloopholesandshortcomingsofthird-partypaymentplatformforthepaymentmode.Toaddresstheseissues,thispaperpresentsauniversalsecuritysystemforonlinesupermarketinInternetenvironmentanddesignsanewmodelOnthisbasis.ThispaperfromthreatofsupermarketsthatInternetmightfacethestartwithanalysisofexistingsafetytechnigy,thispaperestablishesanInternet-basedfirewallandVPNbasedonlinesupermarketsafetysystem.Onthisbasis,thispaperdesignedabankreliedthird-partypaymentplatformforthestandardizationandtransparencyinthepaymentmodel,andthenthemodelistherealizationoftheproblemsisdonetoexploreandtechnicaldirection.Thissystemcanberealizedwiththeeffectiveandsafety,meettheneedsofthee-businessapplications.Keyword:e-commerce,firewalls,vpn,paymentmodelDESDataEncryptionStandardIDEAInternationalDataEncryptionAlgorithmSAFERSystemforAdvancedFinancialEnvironmentPKIPublicKeyInfrastructureCACertificationAuthoritySETSecureElectronicTransactionSSLSecureSocketsLayerVPNVirtualPrivateNetworkPPTPPointtoPointTunnelingProtocolL2TPLayer2TunnelingProtocolGREGenericRoutingEncapsulationQosQualityOfServiceIPSecSecurityArchitectureforIPnetworkIPSPDSecurityPolicyDatabaseSADSecurityAssociationDatabaseSASecurityAssociationAHAuthenticationHeaderESPEncapsulatingSecurityPayloadIKEInternetKeyExchange11.1[1]InternetInternetInternetWTO1.11.1Figure1.1Basicframeworkofonlinesupermarket•••••2•1.2InternetInternet1.2.11)2)Internet3)InternetInternet4)1.2.231)2)3)4)1.31)RosettaNet199978RosettaNetImplementationFrameworkRNIFSpecification2001999X5094SETSSLPGPS/MIME2)199910500EDIIETFRFC2801B-C1234IPIP1.45VPNVPNIPSec6Internet2.1[2]2.1.12.12.1Figure2.1Configurationoffirewall7ITInternet2.1.21)IPIP82.22.2Figure2.2TheflowdiagramofPacketFilteringInternet92),UNIXUNIXUNIXCPU101)2)3)4)5)6)2.2[3],,()()2.32.3Figure2.3Theprocessofencryptionsystem111.[4]DESIDEASAFER1)DES[5]DESDES56864162)IDEAIDEA1288IDEAIDEA2.[6]DiffieHellmanRSARSApqn=pqnee(p-1)(q-1),d,(ed-1)(p-1)(q-1)ednend2.3122.3.1[7]2.3.1.11.XYAAYAXXAmEKA[IDXH(m)]AYEKA[IDXmEKA[IDXH(m)T]]EKAAXYH(m)mTIDXX1XEKA[IDXH(m)]mmA2AXIDXTYTYYYmXEKA[IDXmEKA[IDXH(m)T]]AAAHmX2.CK1)m128132)3)m4)E5)3.ETSETSHashDTSDTS4.[8]X.509141)2)WebWebWebWebWeb3)2.3.1.2,1)2)3)2.3.22.3.2.11)[9]15CACACA2)AKDCIDAIDBASAEKas[IDAPKaT]EKas[IDBPKbT]ABEKas[IDAPKaT]EKas[IDBPKbT]EPkb[EKa[KsT]]KasKaASAPKaPKbABEAS1AAS2ASA3ABBABAST2.3.2.21)AhashMD2)APVARSAMDDS3)ADESSKSDAPBAE4)BPBBRSASKDESK5)AEDEB6)BDEPVBSK7)BSKDESESDAPBA168)BAMD9)BMD`10)MDMD`2.3.3CACAPKIPKICACACACACA/CACACRLCACAROOTCACAPCACAOCARARegistrationAuthorityRARALRACA2.42.4.117NetscapeTCPSSL[10]SecureSocketsLayerSSLNetscapeWeb,HTTPTELNETFTPNNTPGOPHERSSLSSL,:1)SSL,2)SSLhash,3)CA,SSLSSLSSLSSLSSLTCPTCP2.4WebHTTPSSLTCPIPEthernet/TokenRingLAN/WAN2.4SSLFigure2.4ThelayerlevelofSSLprotocolSSLSSLSSLSSLSSL182.4.2SET[11](SecureElectronicTransaction)VISAMasterCard19975Internet,,SETX.509,,,,,SET2.5[12]1)2)3)4)195)2.620VPNVPN[13]VPN[14]VPN168Bit3.1VPN3.1.1VPNVPNVPNVPN3.13.1VPNFigure3.1TheintendmentofVPNVPN1)VPNIPVPN2)VPNIP3)QoS214)VPNAccessVPNExtranetVPNVPN1)AccessVPNISPVPN2)ExtranetVPNVPN3.1.2VPN3.1.2.1PPTPL2TP1.PPTP[15]ISPPPTPLANVPNPPTPVPNPPTP2.L2TP[16]L2TPLACL2TPAccessConcentratorLNSL2TPNetworkServerL2TPLNSPPTPInternetPPPVPN3.1.2.2GREIPSec[17]1.GREGREGREIPIPGRE2.IPIPSec22IPSecIPIPSecIP3.2VPN1)2)3)IPIP4)5)VPNIPVPNVPNPPTPL2TPIPSecMPLSVPN1.IPVPNVPNIETFATMVPNIDVPNVPNIDVPNVPN2.VPNVPNVPNIDVPN3.VPNVPN23IPSecSA4.VPN5.VPN6.VPNVPN7.8.QoSVPNVPNQoSVPNVPNQoSIPVPNVPN1)IP2)3)4)243.3IPSecIPSec[18]VPNIPSecIPSecAHAuthenticationHeaderESPEncapsulatingSecurityPayload3.3.1IPSec3.3.1.1IPSecIPSecAH[19]ESP[20]IKE[21]3.23.2IPSecFigure3.2ThearchitectureofIPSec3.3.1.2IPSecIPSecAHESP1.IPIPIPSecAHESP3.3253.3Figure3.3Transmissionpattern2.IP3.4IPAHESPIPIPIPSecIP3.4Figure3.4Tunnelpattern3.3.1.3SASAIPSecAHESPSASAIPSecIPSecSA1)SPDIPSPDIPSec2)SADSAAHESPSPDSADSPDSASAD3.3.1.4IPSecIPSecSPDIPSecSADSA1)SA2)SAIKE13)SAIKESA261IPSecSADSASPDTCPSASA3.3.2AHAHIPAH51,AH3.5[22]3.5AHFigure3.5TheheadformatofAH8AHIPv44IPv6418322AH160SPI3232ICV3.3.3ESPESPIPESP50,ESP3.6[23]273.6ESPFigure3.6TheheadformatofESPSPI3232ESP8IPv443.3.4IKEIKEIPSecISAKMPOakleySKEME[24]SAIKEISAKMPIPSecISAKMPOakleySKEMEIKESAIKEIKESAIPSec283.4VPNVPNIPSec29InternetCNNIC20011008Internet4.11.[25]2.3.4.5.30InternetWeb4.1Figure4.1Thetopologyofonlinesupermarket4.14.2,4.2:4.2Figure4.2Thefirewallsystembetweenclientandbusiness314.2.1Internet4.2.21.,4.3:4