多功能SSL轉接架構

Abstract

在本篇論文中，我將提出一個底層使用SSL/TLS來實作的多功能轉接架構。在此架構下，使用者將不用擔心網路應用程式是否具備加解密的能力，卻可以享有使用SSL/TLS保護通訊資料流的功能，不僅可以做到使用者驗證、存取控制、機密性、及資料完整性，更可以藉由繞路設定，服務來自不同信任區域的信任主機，將其安全地接駁到目的主機。 在系統的對外安全方面，我是使用X.509機制來驗證點對點、點對端、端對端、及端對點的身份認證，配合Access Control機制來對管理人員及使用者做不同等級的群組存取控制。通訊資料流使用強化的SSL/TLS保護機制，針對SSL/TLS已知缺失與漏洞，作避免與補強的動作。 在系統的對內管理方面，我是採用多階層管理機制，將管理階層依權限及責任劃分為三個等級，分別給予系統內部的憑證管理、金鑰管理、繞路管理、及使用者管理的適當權限，並且在系統的金鑰保存上作硬體保護，避免系統金鑰因有意或是無意而洩漏的危機發生。

In this thesis, I purpose a multipurpose relay model which users will not concern about encryption and decryption of application functionality, but has communication environment protected by SSL/TLS protocol. This model not only provides users with authentication, access control, confidentiality and data integrity, but also services trusted hosts and relay its data to the destination hosts securely by route setup. In system security, I use X.509 mechanism to authenticate SSL Relays and users in the models of point-to-point, point-to-end and end-to-end. In assigning attribution of management and users I take access control mechanism in distinguishing different degrees and privileges. All the transferring data between Relays is protected by enhanced SSL/TLS protocol, which was strengthened according to the security survey of Eric Murray. In system management, SSL Relay system is designed by multilevel operation with the different roles to perform function. There are Initiators, Managers, and Operators. Different roles have different management privileges and responsibilities in system’s confidentiality and route management. Moreover, I use hardware accelerator in preventing malicious hackers from divulgating private keys.