專題報告-封面.PDF

Similar documents

目录 1. 概述总体方案方案概述软件部署架构技术原理访问场景典型设备 ipad 配置使用示例详细

SiteView技术白皮书

作業系統簡介光有電腦硬體, 會不容易使用必須要有適當的程式, 才方便操作硬體衍生作業系統需求 : 提供方便使用者執行程式平台有效使用各種電腦硬體資源 Jingo C. Lia

Microsoft Word - MP2018_Report_Chi _12Apr2012_.doc

南華大學數位論文

李天命的思考藝術

皮肤病防治.doc

中国南北特色风味名菜 _一）

509 (ii) (iii) (iv) (v) 200, , , , C 57

Sun Storage Common Array Manager 阵列管理指南，版本 6.9.0

「香港中學文言文課程的設計與教學」單元設計範本

穨學前教育課程指引.PDF

Symantec™ Sygate Enterprise Protection 防护代理安装使用指南

中国南北特色风味名菜 _八）

電腦相關罪行跨部門工作小組-報告書

发展党员工作手册

<4D F736F F D D352DBED6D3F2CDF8D7E9BDA8D3EBB9DCC0EDCFEEC4BFBDCCB3CCD5FDCEC42E646F63>

中華電信憑證總管理中心憑證實務作業基準

<4D F736F F D205B345DB5D8AE4CACD AECAAFC5C1C9C1DCBDD0AB48A4CEB3F8A657AAED>

Marketing_WhitePaper.PDF

HP LaserJet Pro M1530 MFP Series User Guide - ZHTW

Microsoft Word - 强迫性活动一览表.docx

Microsoft Word - Panel Paper on T&D-Chinese _as at __final_.doc

Java 1 Java String Date

TopTest_Adminstrator.doc

1 SQL Server 2005 SQL Server Microsoft Windows Server 2003NTFS NTFS SQL Server 2000 Randy Dyess DBA SQL Server SQL Server DBA SQL Server SQL Se

江苏宁沪高速公路股份有限公司.PDF

校友会系统白皮书feb_08

软件工程专业习指南目录一软件工程专业设置背景与发展前景... 3 二软件工程专业实践教条件... 4 三软件工程专业课程类型及核方式软件工程专业课程类型...7

handsome-招股书－新规则－final-version-0422.PDF

产品手册： CA GEN r8

九龍城區議會

國際認證介紹.PPT

榫卯是什麼? 何時開始應用於建築中? 38 中國傳統建築的屋頂有哪幾種形式? 40 大內高手的大內指什麼? 42 街坊四鄰的坊和街分別指什麼? 44 北京四合院的典型格局是怎樣的

<4D F736F F D2031A3AD4A617661BCBCCAF5CAC6CDB7D5FDBEA22E646F63>

经华名家讲堂

尿路感染防治.doc

Microsoft PowerPoint - lect01.ppt

心理障碍防治（下）.doc

2. 我沒有說實話, 因為我的鞋子其實是 [ 黑色 / 藍色 / 其他顏色.]. 如果我說我現在是坐著的, 我說的是實話嗎? [ 我說的對還是不對 ]? [ 等對方回答 ] 3. 這是 [ 實話 / 對的

Cloudy computing forEducation

UNIX Shell Shell UNIX, 21 UN IX, UNIX UNIX UNIX vi UNIX UNIX Shell, UNIX Shell Shell UNIX Shell, Shell Shell Shell Shell Shell UNIX, (CIP) UNIX Shell

CA Nimsoft Monitor Snap 快速入门指南

Microsoft Word - Paper on PA (Chi)_ docx

<4D F736F F D203938BEC7A67EABD7B942B0CAC15AC075B3E6BF57A9DBA5CDC2B2B3B92DA5BFBD542E646F63>

捕捉儿童敏感期

清华得实WebST网络安全行业解决方案

14A 0.1%5% 14A 14A

6112 http / /mops.tse.com.tw http / /

世界名画及画家介绍（四）.doc

iv 不必詫異, 其實成功與失敗之間就是由這樣簡單的工作習慣造成的可見, 習慣雖小, 卻影響深遠遍數名載史冊的成功人士, 哪位沒有幾個可圈可點的習慣在影響着

第四章-個案分析.doc

高职计算机类优秀教材书目 * 序号书号 (ISBN) 书名作者定价出版 / 印刷日期 ** 配套资源页码计算机基础课计算机应用基础刘升贵年 8 月

2005 Sun Microsystems, Inc Network Circle, Santa Clara, CA U.S.A. Sun Sun Berkeley BSD UNIX X/Open Company, Ltd. / Sun Sun Microsystems Su

Microsoft Word htm

LinuxÓÃ»§»ù´¡

1 Par t IBM 7 Par t 2 I BM IBM Par t Q & A

网上路演公告-final.PDF

結合IC卡之校園安全網頁系統的設計與實現

樹木管理專責小組報告人樹共融綠滿家園

Microsoft Word - PKUCS计算机教育 doc

緒言董事會宣佈, 為能更具效率調配本集團內的資金有效降低集團的對外貸款, 並促進本集團內公司間的結算服務, 於 2016 年 9 月 30 日, 本公司中糧財務與管理公司訂立財務

Teaching kit_A4_part4.indd

学院人才培养分项自评报告结果汇总表主要评估指标关键评估要素自评等级 1.1 学校事业发展规划合格 1. 领导作用 1.2 办学目标与定位合格 1.3 对人才培养重视程度合格 1

iGENUS爱琴思邮件系统技术白皮书

第五篇電子化實務範例

User Group SMTP

天津天狮学院关于修订2014级本科培养方案的指导意见

Transcription:

- PDA

...IV...VI 1.1.Page 1 1.2..Page 2 1.2.1 Linux Login Page 2 1.2.2 Web Page 3 1.2.3...Page 3 1.3..Page 4 1.3.1 SafeWord 5.1...Page 4 1.3.2...Page 4 1.4..Page 5 1.5..Page 6 2.1..Page 9 2.2...Page 10 2.2.1 Page 11 I

2.2.2 Page 12 2.2.2.1.Page 15 2.2.2.1-1..Page 16 2.2.2.1-2..Page 19 2.2.2.2.Page 24 2.3...Page 26 SafeWord 5.1 3.1...Page 29 3.2...Page 31 3.3...Page 33 3.4...Page 35 3.5...Page 36 3.6...Page 37 3.7...Page 40 3.8...Page 44 4.1...Page 46 4.1.1 Page 46 II

4.1.2 Page 47 4.1.3 Page 48 4.2...Page 49 4.3...Page 50 4.3.1 Server.Page 50 4.3.2 Client.Page 52 4.4...Page 57 4.4.1..Page 57 4.4.2..Page 57 5.1...Page 59 5.2...Page 60 5.3...Page 63 A.Page 65 B......Page 67 III

1.1 Page 5 1.2 Page 6 1.1 Page 7 2.1 Page 9 2.2 Page 9 2.3.Page 10 2.4.Page 15 2.5.Page 18 2.6.Page 20 2.7.Page 21 2.8.Page 23 2.9.Page 24 2.10.Page 25 3.1 SafeWord 5.1 Page 28 3.2 SafeWord.Page 29 3.3 SafeWord.Page 30 IV

3.4 SafeWord Domain...Page 35 3.5 SafeWord.Page 41 3.6 SafeWord.Page 42 3.7 SafeWord.Page 43 3.8 SafeWord.Page 43 3.9 SafeWord.Page 45 4.1 MD5 Sha-1...Page 49 4.1.Page 50 A PDA.Page 67 B.Page 67 V

VI MIC B2B B2C

VII Two-Factor Authentication ) One-Time passeword Token )

VIII

(Authentication Server ) IC ( IX

1.1 Cracker 1

1.2 Demo ( SafeWord 5.1; ) (1) Linux Login (2) Web 1.2.1 Linux Login Linux Login ( root ) Token 2

1.2.2 Web Server 1.2.3 SafeWord 5.1 Linux Token Program License 3

1.3 1.3.1 SafeWord 5.1 Server SafeWord 5.1 OS Cliemt SafeWord 5.1 OS SafeWord Platinum Token SafeWord Silver 2000 Token Server SafeWord 5.1 OS SafeWord Manager Cliemt SafeWord 5.1 OS SafeWord Client SofToken-II 1.3.2 Server Windows 2000 Cliemt PDA Server Cliemt 4

1.4 ( ) DES SafeWord 5.1 MD5 Sha-1 PDA Server Client ( 1.1 ) 5

1.5 2 ~ 3 T1 3 ~ 4 T2 3 ~ 7 T3 SafeWord 5.1 5 ~ 6 T4 Linux login 6 ~ 7 T5-7 ~ 9 T6 7 ~ 8 T7 MD5 Sha-1 8 ~ 9 T8 9 ~ 11 T9 10 ~ 12 T10 ( 1.2 ) 6

2 3 4 5 6 7 8 9 10 11 12 T1 T2 T3 T4 T5 T6 T7 T8 T9 T10 ( 1.1 ) 7

8

2.1 ( 2.1 ) 1 ( 2.2 ) 9

2 3 4 5 2.2 ( 2.3 ) ( Dynamic Password ) ( One-Time Password ) 10

( ) 2.2 ( Authentication Card ) 2.2.1 11

1 2 3 1 2 3 2.2.2 ( Dynamic Password Generator ) 12

Authenticator ( ) Token ( ) Private Key ( Secret Key ) Private Key 13

(Synchronous) ( Asynchronous ) ( Synchronous Authenticator ) ( Asynchronous Authenticator ) 1 2 PIN 3 One-Time Password 4 PIN 1 2 3 14

2.2.2.1 ( ) ( 2.4 ) 2.4 15

SafeWord 5.1 Silver 2000 Keyring 2.2.2.1-1 ( Time Synchronous ) 16

Secure Computing Program Private Key 17

Demo ( 2.5 ) 1 2 1 2 Challenge / Response 18

3 PC 4 2.2.2.1-2 (Event Synchronous) One-Time Password ( ) 19

( 2.6 ) A B C D E E E D C B A 20

( 2.7 ) 2.7 D D 21

2.7 D C A B D ( C ) ( B ) 22

( A ) D C ( 2.8 ) 1 2 3 23

1 PIN 2 2.2.2.2 ( Challenge-Response ) Challenge ( 2.9 ) 2.9 SafeWord 5.1 SafeWord Platinum Token Silver 2000 Silver 2000 Platinum Token Challenge-Response Challenge 24

( 2.10 ) ( Challenge ) ( Response ) Challenge-Response ( Challenge ) One-Time Password 25

1 2 3 1 Challenge 2 2.3 DNA 1 1 26

2 3 27

SafeWord 5.1 SafeWord 5.1 Token Authenticator ( ) ( 3.1 SafeWord 5.1) 28

3.1 SafeWord 5.1 AAA ( Triple A; ) (Encryption) SafeWord One-Time Password SafeWord 5.1 ( 3.2 SafeWord ) SafeWord Authentication Server 3.2 SafeWord Authentication Server Communication Servers Network Devices 29

( 3.3 SafeWord ) SafeWord Manager Windows (GUI) SafeWord (Supervisor) SafeWord Manager (Add) (Remove) ( Activity logs ) User Database The SafeWord Database SafeWord Authenticator Secret key SafeWord Manager 30

DES(Data Encryption Standard) SafeWord Server (Replicated) Ident SafeWord Unix-based SafeWord Ident Client Authentication Server SafeWord Server Sasd The SafeWord Authentication Server Daemon (sasd) EASSP sasd SafeWord Server 3.2 SafeWord SafeWord Server SafeWord Server 31

EASSP RADIUS TACACS+ EASSP Secure Computing RADIUS TACACS+ EASSP(Extended Authentication and Single Sign on Protocol) Secure Computing Authenticators Secure Computing Single Sign On Secure Session Keys RADIUS(Remote Authentication Dial In User Service) Livingston Enterprises and the Network Access Server Requirements Working Group of the Internet Engineering Task Force (IETF) (Internet RFC2138) TACACS+ TACACS ARPANET Cisco Systems TACACS+ (Extended TACACS) (Internet RFC1492 ) 1985 32

Cisco routers Communication Servers 3.3 UNIX Solaris SunOS AIX HP-UX SGI IRIX BSDi Stratus VOS Open VMS AS400 DEC VAX OSF1/OSF2 Ultrix FreeBSD Windows NT Domain Microsoft NT Server Microsoft Workstation Windows 9X Web Server Microsoft IIS Server Netscape Enterprise Server Apache (Radius) Global Network ipass WorldComm Advanced Networking (formerly CompuServe Network services) IBM Global Network Cisco Ascend 3-Com Bay Networks Shiva Livingston Microsoft RAS RRAS 33

SecureZone SideWinder BorderWare firewalls Check Point's Firewall-1 TIS Gauntlet RADIUS ipass Inc. Red Creek Aventail RADIUS VPN RADIUS Ascend Aventail Check Point Cisco Funk Software Hayes Microcomputer ipass Livingston Microsoft Windows NT RRAS Red Creek Shiva Telebit Bay Networks Cayman Systems CompuServe LeeMah DataComm Merit Network Express TechSmith Xyplex TACACS+ Cisco routers Communication servers SafeWord API 34

3.4 SafeWord SafeWord ( 3.4 SafeWord Domain ) SafeWord Domain SafeWord Domain ( ) Domain Domain Domain SafeWord Domain 35

SafeWord Domain SafeWord SafeWord Domain 3.5 SafeWord ANSI X9.9 Challenge/Response Challenge/Response SafeWord Server ( Challenge) ( Response) Challenge (Event Synchronization) (Private key) 36

SafeWord Server SafeWord Server 3.6 SafeWord SafeWord SafeWord SafeWord SafeWord SafeWord 37

SafeWord SafeWord 1 2 3 4 SafeWord SafeWord SafeWord SafeWord Bob 7:00AM 6:00PM 38

SafeWord SafeWord SafeWord SafeWord ( ) DES SafeWord SafeWord SafeWord 39

SafeWord SafeWord SafeWord Administration API SafeWord API SafeWord SafeWord DES SafeWord ( ) 3.7 SafeWord (Real-time mirroring) SafeWord 40

SafeWord Server SafeWord Server SafeWord Client SafeWord Server SafeWord Server ( 3.5 SafeWord ) SafeWord SafeWord Client SafeWord Client SafeWord Server 41

( 3.6 SafeWord ) A B SafeWord Server SafeWord Client SafeWord Server SafeWord Server 42

( 3.7 SafeWord ) SafeWord ( 3.8 SafeWord ) 43

3.8 SafeWord SafeWord 1 2 SafeWord API 3 4 SafeWord SafeWord 25 SafeWord 44

SafeWord ( 3.9 SafeWord ) 45

4.1 SafeWord 5.1 4.1.1 PDA Palm OS 46

PDA PIN PDA 4.1.2 2.7 47

4.1.3 ( ) MD5 MD5 Hash Function Hash DES MD5 Sha-1 MD5 Hash DES Private Key 48

Key Recovery Sha-1 MD5 MD5 Sha-1 25% ~ 30% MD5 MD5 128 bits Sha-1 160 bits 64 80 4 4 64 4 ( 4.1 MD5 Sha-1 ) 4.2 4.1 (PDA) WEB 49

( 4.1 ) Hash 4.3 4.3.1 Server Java Servlet Java Java 50

Servlet Server Server Servlet Java Server Web Server Mail Server Application Server Windows Linux Login PDA Token MD5 Hash Function MD5 Hash Hash n n Server Servlet Applet Server 51

Applet Server init() Driver Statement Server Client doget( ) dopost( ) Hash Hash n SQL Server 4.3.2 Client Palm OS Palm OS ( http://www.palmos.com ) Metrowerks Code Warrior ( Free Software Foundation GNU ) gcc 52

PRC-Tools C Javasoft Java 2 Platform, Micro Edition Palm OS Java KVM ( Kilobytes Virtual Machine ) Palm OS Java Code Warrior PRC-Tools gcc ( gun c compiler ) Java 2 Platform, Micro Edition Java PDA J2ME Java J2SE J2ME J2ME J2ME PDA Java Palm OS Palm OS 53

Code Warrior PRC-Tools PDA Intel 80x86 Palm Dragon Ball Motorola 68000 MD5 Function Byte Order Intel 80x86 MD5 Java 11 Northeastern University Hector Ho Fuentes & Duncan Shek Wong Mdlib MD5 Hash Function Sha-1 MD5 MD4 Output Input Input Output 54

Email MD5 Hash unsigned char half byte 16 Palm OS API const char Byte Byte 16 : 16 static char hs[] = "0123456789ABCDEF"; digest outp = MemPtrNew(len*2+1); 4 bits 15 AND 16 char for(i=0; i<len; i++) { outp[2*i] = hs[in_str[i]>>4]; outp[2*i+1] = hs[in_str[i]&15]; } 55

PDA MD5 digest unsigned char MD5 Hash Function char digest PDA Palm Palm 8MB C Java Compiler Client 56

4.4 4.4.1 Hash Hash Hash 4.4.2 Private Key MD5 Hash Funtion 57

MD5 Hash Function 128 bits 58

5.1 SafeWord 5.1 Linux SafeWord 5.1 SafeWord SafeWord 5.1 Palm OS Dynamic Password Dynamic Password Paper Meeting PDA Palm OS Palm OS Palm OS MD5 Hash Function Java 59

J2SE J2ME Northeastern University Hector Ho Fuentes & Duncan Shek Wong Palm OS Email MD5 5.2 60

Secure computing SafeWord 5.1 SafeWord 5.1 SafeWord 5.1 61

62

5.3 Private key Public key Token Server Token Private key Server PDA SafeWord Server Windows Server OS Server Server Server String Private key n 63

Java Java JSP PHP Servlet Server SUN Java Servlet Java Servlet Tomcat Web server Server SQL class.forname("sun.jdbc.odbc.jdbcodbcdriver"); DriverManager.getConnection( j dbc:odbc:somedb, user, passwd ) servlet SQL Java 64

SafeWord 5.1 Secure Computing One-Time Password One-Time Password Authentication Card (Dynamic password generator) Token Authenticator 65

Triple A (AAA) Authentication( ) Authorization( Auditing( ) Authentication Authorization Auditing (Message Digest Function) 1 bit bit 2 bit bit 50% 3 66

B ( A PDA ) ( B ) 67