摘要
针对某政务系统数据安全传输的需求,设计基于SSL及国密算法的数据安全传输系统。通过对SSL、SM3、SM4、防中间人攻击、防重放攻击的研究,设计一套通过SSL通道交换预分配密钥加密的随机数,完成系统间双向握手,建立会话过程的系统实现机制。采用国密算法SM4,既保证数据的安全,又因为采用对称加密算法,保证了数据加解密传输效率。通过时间戳有效防止应用数据重放攻击,通过消息鉴别码有效防止应用数据中间人攻击,增强了系统的安全性,达到了数据安全传输的设计目的。
Aimed at the requirement of data security transmission in a government system,a data security transmission system based on SSL and national secret algorithms is designed.Through the research of SSL,SM3,SM4,man-in-the-middle attack and replay attack,a set of random numbers of pre-distributed key encryption exchange was designed through the SSL channel,which completed the two-way handshake between systems,and established the system implementation mechanism of session process.The national secret algorithm SM4 ensured the security of data,and the symmetric encryption algorithm ensured the efficiency of data encryption and decryption transmission.The time stamp could effectively prevent the application data replay attack,the message authentication code could effectively prevent the application data man-in-the-middle attack,which enhanced the security of the system,and achieved the design purpose of data security transmission.
作者
代乾坤
Dai Qiankun(The Third Research Institute of the Ministry of Public Security,Shanghai 201204,China)
出处
《计算机应用与软件》
北大核心
2023年第2期326-330,共5页
Computer Applications and Software
基金
2017年国家重点研发计划项目(2017YFB0802301,2017YFB0802302)
上海优秀技术带头人基金支持项目(16XD1420200)。
