中華民國海軍憑證中心之組織架構與建置

Abstract

為了增加海軍在未來戰爭急速因應快速獲得相關資訊情報的能力，透過網路快速地交換各項情蒐資訊已是不可抵擋的趨勢，而在使用海軍內部網路傳送資訊的同時，資訊安全將是一關鍵性的考慮因素。國軍單位目前資訊系統大都採用通行密碼機制的方式來達成安全的目的，然而這種方式具有易遭人入侵及無法確實得知使用者身份等缺點，對於任務具有高度機密性性質的海軍單位，實是一大弱點。因此，如何及早建置符合X.509的安全管理系統，將是海軍目前刻不容緩的課題之一。在本論文中我們針對海軍憑證中心(Certificate Authority , CA)之需求，探討憑證中心之組織架構與實作憑證中心時的相關問題與解決方案。在參考相關文件與海軍組織架構後我們提出了一個海軍憑證中心之管理組織架構與人員配置方法，同時我們也以open source上的CA原始碼為基礎開發一個適合海軍之憑證中心管理系統。經實驗，此系統配合管理組織架構能有效地加強海軍內部網路安全。

For the navy increase ability of rapidly to obtain relation information of the navy in the future war, by networks quickly exchange information is an unable to resist trend. However, at the same time of using the navy intranet transfer information, information security will be a key factor to consider. In army department, presently information system most are using password system achieve the goal of security. However, this way has several shortcomings that are easy to invade and unable actual know the identity of user. This is a big weakness for the task with highly security property of navy unit. Therefore, how to establish a security management system to fit with in X.509 as soon as possible will be one of topics for discussion to brook no delay. Once the certificate system development to finish, it can support full Certificate Authority system in the network. In the internal part of navy, it will have greatest help for protect network security.In current computer network system, primary security problems come from the problem of user certificate authority, in another word, if we solve the problem of certificate authority, the problem of network security will split all the way down once it's been chopped open. Because using network unlike between human can authentication each other, we must depend on the shared message between user and computer to authenticate a user. Proposed by CCITT (Consultative Committee for International Telegraphy and Telephony) in 1993, X.509 protocol is the most effect safe solution in the current network. As The Research Development and Evaluation Commission give an impetus to National Public Key Infrastructure that use the method of X.509 Certificate management to solve user authentication of network.