摘要
为弥补TLS(transportlayersecurity)协议在"抗抵赖"安全特性上的缺陷,提出了一种对TLS协议的改进方案。在保持TLS协议原有安全性的前提下对TLS协议中最主要的两个子协议——握手协议和记录协议分别进行了扩展与改进,在其内部引入了数字签名及验证机制,并且支持在握手协议中对数字签名及验证功能进行动态协商,同时与原有的TLS协议兼容。实验表明,改进后的TLS协议性能优良,运算速度有约10%的提升。
TLS (transfer layer security) is the most widely used security protocol on the Web. However, the original standard only encrypts transfered data and does not implicitly sign data. This paper describes an approach for modifying the TLS protocol to support the underlying digital signature mechanism. The proposal modifies the handshake protocol to negotiate the mechanism, and the record layer protocol which signs and verifies the application data. The new protocol includes a rollback mechanism to allow the peers to gracefully revert to an ordinary TLS protocol when needed. This approach is backwards compatible to allow the client to interoperate with an ordinary TLS server and vise versa. Experiments show that the new protocol provides about 10% increase in signature data transfers.
出处
《清华大学学报(自然科学版)》
EI
CAS
CSCD
北大核心
2004年第1期58-60,64,共4页
Journal of Tsinghua University(Science and Technology)
基金
国家"九七三"基础研究基金项目(G1998030409)
