中国科学院SAMP系统的加密通信  被引量：2

作　　者：肖欧 尹震宇[2] 

机构地区：[1]中国科学院大学,北京100049 [2]中国科学院沈阳计算技术研究所,沈阳110168

出　　处：《计算机系统应用》2016年第5期19-27,共9页Computer Systems & Applications

基　　金："数控系统功能安全技术研究"国家科技重大专项(2014ZX04009031)

摘　　要：中科院仪器设备共享管理平台(Apparatus and Equipment Sharing Management Platform of Chinese Academy of Sciences,以下简称SAMP)在通信过程中,存在重要数据在传输时没有加密、可能会接收到第三方恶意数据等数据通信安全问题,导致SAMP系统可能存在数据被窃取、收到的数据不安全等威胁.针对这些问题,结合SAMP系统的特点以及其通信数据的特征,将基于Axis2 Rampart模块的WS-Security数字签名和加密技术应用于SAMP数据通信安全问题.本文首先简单介绍了Axis2框架、数字签名和加密技术、Axis2 Rampart模块加密原理,然后基于Axis2 Rampart模块,采用数字签名+口令+非对称加密的WS-Security通信安全方案,对SAMP系统网络之间的数据传输接口进行封装,实现了消息传输的签名、认证和加密、解密过程,最后测试并分析对比了使用安全方案前和使用安全方案后,SAMP的Web Services数据传输接口的响应处理时间和CPU占用率.实验结果表明:使用Axis2 Rampart模块+数字签名+口令+加密来保证SAMP系统的数据通信安全问题具有高安全性、高可扩展性和高响应处理速度,符合实际应用需求,也能够广泛的推广到其他企业Web应用中去.Considering these security problems of data transmission such as some import data is transited without encryption, malicious data might be received from a third part in Apparatus And Equipment Sharing Management Platform of Chinese Academy of Sciences（SAMP）, SAMP system may result these threats of data theft and data receive insecurity. To solve these problems, combined with the characteristics of SAMP System and its features of data transmission, the technologies of digital signature and encryption of WS-Security based on the Axis2 Rampart module are applied to the issue of data communication security of SAMP System. Firstly, the Axis2 framework, digital signature, encryption technology and the encryption principle of Axis Rampart module are introduced by this paper briefly. After that, encapsulate the data transmission interface of SAMP System by using a data transmission security solution, which uses a combination of digital signature ＋ password ＋ asymmetric encryption of WS-Security. It implements the signature, authentication, encryption and decryption process of message transmission. Finally, it also tests and analyzes the processing time of the response and CPU usage of data transmission interface in SAMP System. The experiment results show that by using the combination technology of Axis2 Rampart module ＋ digital signature ＋ password ＋ encrypt, it can ensure that the security issue of data transmission of SAMP system has a high security, high scalability and high response speed, meet the demand of practical application, and be widely promoted to other Web Application of Enterprise.

关 键 词：WS-SECURITY AXIS2 Rampart 签名与加密 模块扩展 SAMP 

分 类 号：TP309.7[自动化与计算机技术—计算机系统结构]