| With the fast development of the information technologies, computer and network have soaked in many aspects of people's life and work, and they are indispensable tools for people's information communication. Although, they improve people's working efficiency and bring much convenience, they bring an unparalleled threat on information's storage, transmission and access control. According to statistics about 85% security thread comes from local network, from local desktop. Because of shortage of precaution sense and enhanced intelligent of network crime, user desktop has already be a bottleneck of network security, weakness point of guarding against network attack, and then the entire network security is not protected. How to control the privilege for accessing confidential device and information, how to guarantee the transmitted information to be not distorted, and how to authenticate the legal user identity, are urgent problems to be solved.The desktop security involves system security technologies (including OS security and so on), data security technologies (including data secure storage, secure transmission and so on) and content securiry technologies (including virus-killing, firewall, IDS and so on), this article was mainly focus on data security technologies including off-line security technology (digital envelope), online security technology (secure channel), identity authentication technology and so on. And the methords were proposed on how to solve the problems and implemented in the actual system.The research of desktop security mainly includes four aspects: basic theories, offline-security (digital envelope) technology, online-security (secure channel) technology and identity authentication.Firstly, the basic cryptographic theories were researched and concluded. The cryptographic theories knowledge is the basic tool to build all types of security model.Secondly, the off-line security technology was analyzed; especially digital envelope technology .A strong security archive distribution system was discussed making good use of digital envelope technology, which guarantees the properties: confidentiality, integratity, authenticatity and non-repudiatity. And in the practice project, combined with USB Key hardware, the encapsulating and unwrapting processes were implemented using CryptoAPI functions.Thirdly, on-line secure channel technology was analyzed and the basic model was generalized. The typical secure channel technology, VPN, was analyzed as well as the SSL protocol for constructing VPN. The basic SSL VPN form, Web Reverse Proxy, was analysized. Combined with practice project, the key technologies of design and implementation for SSL VPN gateway were emphatically discussedAt last, As far as identity authentication is concerned, all kinds of authentication technologies all the world were summed up, and their developments, prosperities and principles were analyzed. More emphasis was put on USB key PKI technologies. Through security analysis on them, step by step, the flaws of them were revealed and the improvement was made, relative securer schemes were proposed.The desktop security is close to everyone, which is the last-meter security for the whole security architecture and the key point of success or failure. So analyzing desktop security is great meaningful for applying and theory. |
PDF Full Text Request