Design And Implementation Of Key Management System Based On KMIP

Cyberspace has become an indispensable virtual space,in which the mastery of resources is embodied in the possession and control of information.Therefore,it is increasingly important for the information security of organizations and individuals.As the mainstay and core technology of networks and information security,cryptography is widely applied to personal privacy,commercial secrets,even military and national defense.In modern cryptography,the security of cryptographic algorithm is indisputable;key security counts only on key security.Therefore,key management plays an important role in modern information security system.On one hand,key management is an important content of cryptography;on the other hand,it has an important impact on the security of various cryptographic technologies.In modern cryptography,design and implementation of cryptographic algorithms are in accordance with kerckhoff principle,i.e.algorithm security depends on the secrecy of the key only.Therefore,key management plays an extremely important role,or a decisive role,in modern information security system.Different security systems have different methods for key management,i.e.the key management mechanism and key management algorithms are various.The only purpose for key management is to guarantee key security.KMS is an integrated system that designed for the lifecycle management of symmetric keys and asymmetric keys,realizing real-time monitoring from infrastructure layer to system management layer.Based on KMIP protocol,KMS management includes cerate key,create template,activate key,revoke key,destroy key,cancel key,delete key,rekey,recover key,archive key,etc.In addition,functions of key configuration policy,key service,log management,user and group management,key management,policy management,policy management,CA management,certificate management,network configuration management,backup and restore,SNMP service management,system management(time and timezone management,shutdown and reboot management),and cluster management are included.The thesis complete following major works:Frist,requirement analysis in accordance with actual requirements of KMS.Second,set KMS operating environment and complete design for database,overall system structure,and system functions.Third,under the support of technology,theory,and related regulations,complete design and codes of each module.Forth,each phase of software development,operate function test,compatibility test,and system test.This system encrypts and stores the master key,as well as manages key lifecycle to ensure information security.