节点文献
POP3协议的安全策略研究及其实现
The Research and Implementation of the POP3 Protocol’s Security Mechanisms
【作者】 陈磊;
【作者基本信息】 上海交通大学 , 软件工程, 2008, 硕士
【摘要】 本文通过对POP3协议安全策略的研究,讨论了如何实现对POP3协议数据传输过程中的数据加密。在理论部分中,首先从理论方面阐述POP3协议的基本内容,包括POP3会话的生命周期,POP3会话的三个状态,POP3命令的解释。然后讨论POP3协议中现有的安全相关设置,包括身份认证,数字签名和数字加密等。接着阐述POP3协议是如何收取信件的全过程,列出用Telnet连接POP3服务器的标准过程。再接着是对常用的加密算法做出讨论,包括MD5算法,DES算法,三重DES算法,和AES算法。然后讨论了RSA公钥加密算法。然后讨论了国内外常用的POP3协议传输安全性解决方案SSL和IPSec。最后结合已知的理论,提出对POP3协议邮件工程加密的想法,即只要对POP3协议加入三个安全指令就可以对邮件的传输全过程进行加密。在程序部分中,首先阐述如何实现POP3邮件服务器程序:POP3邮件服务器的实现是参考网上的一个开源代码程序LumiSoft Mail Server。LumiSoft Mail Server本身就支持SMTP/POP3等协议,本文在保留其原有功能的基础上,做出一些安全方面的改进,使得其可以支持安全指令,从而也支持邮件加密和SPOP邮件客户端。然后阐述如何实现POP3邮件客户端程序:POP3邮件客户端程序的实现参考了RFC1939里的命令,主要功能就是收信,同时也加入安全指令的客户端代码。最后分别对POP3邮件服务器代码和POP3邮件客户端代码进行分析。在测试部分中,首先布置了测试环境。然后通过安全性测试比较使用POP3客户端和SPOP客户端的安全性差别。最后通过性能测试说明安全性的提高同时性能也没有很大损失。在最后的结论部分中,首先讨论了对于三种加密算法(DES,三重DES,AES)的选择条件。说明了SPOP服务器可以支持普通POP3客户端,而SPOP客户端也可以被普通POP3服务器支持,并且这种支持是透明的不需要额外配置。并且进一步分析了本人的解决方案,针对可以改进的地方进行了深入地研究并为后续的研究指明了方向。
【Abstract】 This paper does the research for the POP3 protocol security strategy, and then discusses how to achieve data encryption on the POP3 protocol in the process of data transmission.In the theoretical part, it first explains the basic content of the POP3 protocol. That includes the lifecycle of a POP3 session, the three states of a POP3 session, and the explanations of POP3 commands. Then, it lists the existing security-related features of the POP3 protocol. That includes authentication, digital signature, and digital encryption. Then, it explains the entire process of how to receive an e-mail by using POP3. That includes how to receive an e-mail with Telnet. Then, it discusses some commonly used encryption algorithm, including the MD5 algorithm, DES algorithm, the Triple DES algorithm, and then AES algorithm. Then, it discusses RSA algorithm. Then, it discusses commonly used POP3 protocol transmission solution: SSL and IPSec. Finally, it introduces a POP3 mail encryption idea. That indicates that the encryption of the entire mail transmission process can be achieved by adding three security commands.In the program part, it first describes how to achieve POP3 mail server program, and the realization of the POP3 mail server referred to an online open source program which is called LumiSoft Mail Server. LumiSoft Mail Server itself supports SMTP/POP3 protocols. Its original functions are retained and security improvements are made at the same time to make it support the security commands. The improved LumiSoft Mail Server can support mail encryption and SPOP mail client. Then, it describes how to achieve POP3 mail client. POP3 mail client is based on the RFC1939, and the main function is to receive mails. The security commands are added to POP3 mail client at the same time. Finally, it analyzes the code of POP3 mail server and POP3 mail client.In the test part, it first prepares the text environment. Then, it performs a security test to prove the security difference by comparing the results between POP3 mail client and SPOP mail client. Finally, it performs a performance test to prove the performance does not lose with the improvement in security.In the last conclusion part, it first discusses three encryption algorithms (DES, Triple DES, AES) choice conditions. Then, it discusses explains SPOP servers can support POP3 clients and SPOP clients can be supported by POP3 servers. Also, the support is transparent without any configurations. Finally, it introduces some questions about how to further improve POP3 security, and also introduces the proposed solutions.