安全的 TELNET 傳輸協定設計

Abstract

本篇論文提出在目前現有標準的TELNET protocol上，運用密碼學內的資料安全演算法，將這些方法運用在protocol中。而此論文的目的在於，透過telnet程式溝通的clinet和server端，能夠確認彼此的身份，並且防止任何對於傳輸過程中傳輸資料的竊取，擅改與破壞。簡單的說，也就是提供溝通雙方一個安全的傳輸環境。 本篇論文所設計的安全方法為某一組密碼方法的組合(本論文以DH, RSA，DES，MD5這四種方法為例)，這樣的設計可視為一種開放式的架構，任何本篇論文程式的實作，皆可根據使用者的需要，加入其它的密碼方法組合。這種開放式架構的另一個優點在於，未來所設計出更好，更新的密碼方法將可很容易地加入依本論文所實作的telnet程式之中。 為了要和現有的TELNET protocol相容，本篇論文依照TELNET protocol Command Name and Code的標準來設計，定義一個新的實驗性質的command name，以及它以下的command codes，並希冀此實驗性質的command name在未來能成為TELNET protocol的標準。

This theis purposes a secure communication environment over Internet, which is based on the existing TELNET protocol standard. To achieve this goal, some cryptographic algorithms are used to resist attacks such as eavesdropping, tampering and forgery. The method proposed in this thesis is to form one combination of cryptographic algorithms(the combination of DH, RSA, DES and MD5 is the example in this thesis) and how they are interoperated. It is such designed that any newer and stronger cryptographic algorithms purposed in the future can be easily incorporated in the telnet program implementation which is complied with rules in this thesis. From such point of view this kind of design can be properly seen as one type of open structure. In consideration of the compatability problem, this thesis totally abides by the rules about TELNET Protocol Command Name and Codes. Moreover, the design may be regarded as a command name and codes design of TELNET protocool. The proposition in this thesis is in experimental status currently. However, it is desired to use this proposition to be the standard track in the future.