【作者】 杨立；

【导师】 李涛；

【作者基本信息】 四川大学 ， 计算机软件与理论， 2004， 硕士

【摘要】 从Internet出现以来,电子邮件就是Internet上最重要的服务之一。随着网络的迅速发展,如今通过电子邮件进行信息交流,已经成为人们联系沟通的重要手段,而电子邮件的安全问题也越来越得到使用者的重视。电子邮件的世界是明信片的世界,就像明信片后面的信息一样,机器与机器之间传输的信息都是公开和可获取的,机器旁的每个人都可以查看上面的内容,并且信件的内容可能在不为人知的情况下被篡改,不怀好意的人甚至还可以冒充身份发送邮件。考虑到电子邮件所传送信息的敏感性,保证其通信的安全性自然成为人们高度关心的问题。然而平常使用的电子邮件的安全性远远达不到要求,因此如何保障邮件服务的安全是一项非常重要的课题。本文实现了一个基于PKI体系的完整的安全电子邮件系统,包括了安全电子邮件服务器MailGod和客户端安全电子邮件收发系统鸡毛信的设计与实现。通过使用安全电子邮件系统,能够比较完善地保证在邮件发送过程中,从服务器到客户机的安全性。具体来说,本文的主要贡献有:提出了一个具有完备的功能特性的安全电子邮件系统。MailGod服务器和鸡毛信客户端提供了从服务器安全到客户端安全的整套解决方案。整个系统在遵从国际标准的同时拥有自主的知识产权。MailGod服务器和鸡毛信客户端的体系结构、功能服务均遵从电子邮件的各种相关标准,如SMTP、POP3、MIME等等。就保证安全性而言,两者都严格遵从PKI规范,并且从设计到实现具有完全的自主知识产权,符合国家安全部门的有关规定。 <WP=3>实现了一个功能强大的安全电子邮件服务器系统。MailGod服务器除了提供通用邮件服务器所具备的各种功能外,还支持安全模块扩展,并提供了方便简洁的服务器配置功能。实现了一个功能强大、方便易用的客户端安全电子邮件收发系统。鸡毛信客户端除了提供通用离线邮件软件所具备的各种功能外,还基于PKI体系提供了电子邮件的数字签名和数据加密服务,并且具有方便、简洁、易用的特点。服务器系统采用了数字水印日志技术。MailGod服务器系统严格记录各种操作日志,并且采用数字水印技术保证日志的权威性、不可否认性和完整性。客户端系统采用了地址簿与证书管理一体化技术。鸡毛信客户端系统将证书管理与地址簿管理合二为一,使得用户不必专门学习密码学的知识,就能够通过熟悉的地址簿对证书进行方便而有效的管理。客户端系统创新了邮件多重加密同时封存/开封技术。鸡毛信可使用多个证书中的公钥对邮件进行嵌套加密,这样当解密邮件时,就要求所有的证书拥有者都同时到场并分别提供各自的数字证书。该技术在一些特殊应用中十分有用,例如在政府采购中,可以保证整个招投标过程的公开性、公平性和公正性。2003年4月,“基于‘龙芯’的多功能安全电子邮件服务器和客户端安全电子邮件收发系统”通过了四川省科技厅专家的鉴定,并得到了很高的评价。鉴定委员会一致认为该成果是“国内第一款集成智能安全网关、基于Internet的容灾技术于一体的多功能安全电子邮件系统,属国内首创。该项目成果整体技术处于国内领先水平”。2003年9月,客户端安全电子邮件收发系统中创新的“一种文件多重加密同时封存/开封方法”在国家知识产权局申请了发明专利。2003年11月,MailGod服务器和鸡毛信客户端作为“电子政务/商务安全网络平台”其中的关键部分,获得了成都市科技进步一等奖。总之,MailGod服务器和鸡毛信客户端的实现具有完全的自主知识产权,有<WP=4>效地解决了传统电子邮件存在的若干安全性问题,对保障我国电子邮件通信安全具有重大意义。更多还原

【Abstract】 Now Email is one of the most important applications on Internet. With the development of network, using email has become an important method of people’s communication, and the security of email has been paid great attention to by more and more people. But just like the message on postcards, all the message of email is open and can be gotten while being tranferd between machines. Everyone who can use computers can see the content of email. Moreover, the content of email can be modified by someone while other people hardly know that, and somebody with malignity can send an email imitating another person. The information transferred through email is so tender that how to protect the security has been highly concerned by many people. Because traditional email that we usually use has little security, it is a very important issue for us to provide secure email service.In this paper, a secure email system is proposed, including the secure server named MailGod and the secure client, JiMaoXin. This system can provide good security services while transfering email between server and client.Basically, the contributions of this paper are as follows:Propose a secure email system with complete functional performance. The MailGod server and JiMaoXin client presents the full solution of email security.Keeps to the international standards and has entire intellectual property. In MailGod and JiMaoXin, the architecture and the service keep to the email protocols, such as SMTP, POP3, MIME and so on. In addition, both of them <WP=6>strictly keep to the PKI standards, and act according to the prescripts of the national secure department.Implement a secure email server with powerful function. MailGod server provides not only various functions with supporting of secure module extension but also simple and convenient configurations.Implement a convenient email client with powerful funcion. JiMaoXin client not only has traditional email clients’ characteristics but also provides Digital Signature and Data Encryption based on PKI standards.Digital watermark technology is used in server system. In MailGod, all of the operations are recorded in system log, and digital watermark technology is used to ensure authoritativeness, accountability and integrity.A technology of integrating address book and certificate management is used in client system. In JiMaoXin, users can conveniently manage certificates through the familiar address book without learning the knowledge of cryptography.A nested encryption is innovated in client system. In JiMaoXin, more than one public key can be used in encryption, so that all owners of those public key should be present in decryption. When used in some special situations, such as public bidding of government, this technology can provide publicity, impartiality and equity.In April 2003, the secure server and client passed the authentication of technological experts.The committee regarded this system as the first multi-functional secure email system with intelligent gateway and disaster recovery system.In September 2003, the technique innovated in JiMaoXin client was applied for the inventive patent, which was named as a method of multiple encryption.In November 2003, as the pivotal part in the secure network-platform of E-Government and E-Commerce, MailGod server and JiMaoXin client won the first-class award of technological progress in Chengdu.<WP=7>In a word, the implementation of MailGod server and JiMaoXin client has entire intellectual property. It effectively solves secure problems in traditional email system and has profound significance in guaranteeing security of communications.更多还原