论文标题:安全微支付系统的研究与设计
The Study and Design on Secure Micro-Payment System
论文作者 练斌
论文导师 何大可,论文学位 硕士,论文专业 密码学
论文单位 西南交通大学,点击次数 555,论文页数 100页File Size3145k
2005-06-01论文网 http://www.lw23.com/lunwen_45574817/ 微支付;反透支;高效;BAN逻辑;Kailar逻辑
micro-payment; anti-overdraft; high-efficiency; BAN logic; Kailar logic
尽管电子商务具有许多优点(低交易成本,扩展的市场,以及不受地域和空间的限制等等),但这种交易方式不得不面对众多制约其广泛应用的安全问题。电子商务必须提供诸如:加密、数字签名、电子信封、电子证书及防火墙等安全技术,向交易参与者提供相关的安全服务,包括:认证服务、接入控制服务、保密性服务、交易行为不可否认性服务以及其他可靠的安全服务。其安全体系包括:支持服务层、传输层、交换层及商务应用层。目前,安全方案主要有安全通信协议、支持安全传输的商务服务器和电子支付系统,但是,其中有很多问题尚待解决。与常规支付方案相比,微支付提供的是协议计算代价低,而且通信量小的支付方案。其方案适用于海量、低价值的信息支付服务,这种支付服务特别适合于电信固网系统,移动通信系统以及计算机网络。 随着网络应用的飞速发展,网络安全越来越成为一个焦点问题。网络安全中一个非常重要的因素就是密码协议。过去三十年中,密码编码学领域取得了很多的进展,但是还远远不够。网络安全的核心在于密码编码包括:对称密码及公钥密码等。然而,大多数网络安全问题通常存在于网络协议,而并不在密码算法本身。众所周知,设计正确而安全的密码协议是一项容易出错的任务。1989年,Burrow,Abadi和Needham提出了BAN逻辑,它很快得以广泛的应用并且成为分析协议的常规方法。BAN逻辑的出现激起学术界极大的研究热情,在此基础上,发展出诸如GNY、AT、VO及SVO等系列逻辑体系,即通常称作的BAN类逻辑。但作为信仰类逻辑,BAN不能很好地运用于电子商务协议的分析。必须考虑电子商务协议涉及的可追究性,否则,电子商务将容易引起争议。在此背景下,Rajashekar Kailar提出了分析具有可追究性要求的密码协议的框架。即Kailar逻辑,它是第一个正式用于分析电子商务协议的逻辑。在此论文中,BAN逻辑及Kailar逻辑将被用于分析为微支付系统所设计的协议。 考虑到在未来移动通信系统中的潜在应用,深入地研究和分析了PayWord微支付系统。在此系统基础上,对支付协议作了很大程度的优化及
In spite of its advantages of lowering the cost, expanding the market, unrestrained by the geographical areas and space etc, electronic commerce is confronted with many security issues that hinder its widespread applications. It must adopt the security technologies (e.g. encryption, electronic signature, electronic envelope, electronic certification, and firewall) to provide the participants with the authentication service, access control service, confidentiality service, undeniable service, and other reliable security service. Its security architecture includes support service level, transport level, switching level, and business level. At present, the security scheme mainly involves the security communication protocol; commercial servers supporting secure transactions and electronic payment system, but many problems remain to be resolved. Micro-payment schemes provide lower cost of protocol computation and communication overhead than conventional ones. These systems are suitable for a considerable of low value information-payment services on telecommunications, mobile communications and computer networks.With the rapid growth of network applications, network security has become a more and more important issue. A very important factor of network security is cryptographic protocols. Much of development has been achieved in the area of cryptography for the last thirty years, but it is not enough. As we know, the core of network security is cryptography including traditional block ciphers and public key ciphers. But many problems of networks security always lie in protocols not in the cipher arithmetic. It is well known that designing correct and secure cryptographic protocols is an error-prone task. In 1989, Burrow, Abadi and Needham developed BAN logic, which quickly become the most widely used and discussed formal method for the analysis of protocols. The appearance of BAN logic has led several authors to propose alternatives to BAN including GNY, AT, VO and SVO etc, which we call BAN-like logics. But as belief logic, the
|
