传输层安全协议中客户端会话缓存研究与实现.pdf

华中科技大学
硕士学位论文
传输层安全协议中客户端会话缓存的研究与实现
姓名:曹永
申请学位级别:硕士
专业:计算机应用技术
指导教师:胡迎松
20060425
摘要
安全套接层SSL(Secure Socket Layer)是世界上部署最为广泛的安全协议。传输层
安全协议TLS(Transport Layer Security)是 SSL的后继。尽管TLS最常见的用途是保证
Web通信的安全,但实际上它也是一种相当通用的协议,适用于保护种类繁多的各种
通信数据的安全。
使用TLS协议的通信双方通过握手协商,在两台机器之间建立一条安全信道以便
传输敏感信息。在因特网环境中,TLS握手过程所需的加密计算成为服务器性能的瓶
颈。TLS协议因此提供了一种会话重用机制,让服务器在缓存中保留连接参数,以便
曾建立过连接的客户端需要再次连接时可以跳过握手阶段。这种传统的会话重用的弊
端在于开销完全由服务器承担,在实际应用中服务器缓存不堪重负。
对造成这种弊端的成因进行深入分析研究并考虑到负载均衡原理,一个很有希望
的解决方案是将原本由服务器端存储的会话参数转移到相对空闲的客户端缓存当中。
通过使用各种加密算法和安全技术对会话参数进行处理,保证其保密性与完整性后,
将它作为一个会话重用认证凭证保存到客户端上;对原有TLS握手协议及会话重用协
议进行可兼容性扩展以支持这种改进;并用C语言定义了主要扩展协议消息的数据结
构,利用OpenSSL函数库实现了扩展协议正常工作中所需的核心调用函数。通过改进
与扩展,服务器端能够保持更高的对客户端的会话重用率,极大的提高了TLS连接交
互的速度。


关键词:传输层安全协议,客户端缓存,会话重用,认证凭证
I
Abstract
SSL(Secure Socket Layer)is the most widely deployed security protocol in the world.
TLS (Transport Layer Security)is the subsequence of SSL. Although protecting the security
of munications is the mon use of TLS, actually it is a quite universal
protocol, being the same with protection of the security of munication data.
Clients and Servers using TLS build up a secure channel for transporting sensitive
information between puters through a handshake negotiation. In the
environment, the putation that the TLS handshake needs for connecting
es the bottle-neck of the server's performance. es up with a session
resumption mechanism by allowing the servers to maintain the connection parameters of
the sessions and to avoid handshake while reconnecting with the Clients with which the
Server had shared a session before. The abuse of this traditional session resumption is the
spending falls pletely on the side of the server. The server can't bear that much
in the applications.
Considered the Load-Balanced theory ,Transferring session parameters from the
server-side cache to the client-side cache is a reasonable solution. The session parameters
are dealt with encryption algorithm