Computer Engineering and Applications ›› 2018, Vol. 54 ›› Issue (3): 74-81.DOI: 10.3778/j.issn.1002-8331.1608-0248
Previous Articles Next Articles
JIA Jifang, ZHANG Lixin, LIAO Mingyao
Online:
Published:
贾冀芳,张立新,廖明耀
Abstract: Based on observation?that security of national commercial cipher algorithms(national cipher algorithms) is stronger than general cipher algorithms, and the performance is weaker than general cipher algorithms, an automatic switching algorithm between SM2 and RSA based on OpenSSL is designed in order to improve system security under the premise of performance standards. SSL/TLS handshake protocol is given the priority to use SM2 algorithm, before new connections per second reaches a certain peak. When the new connection rate of SM2 can not meet the demand, the system automatically switches to the RSA algorithm to reach the higher rate. The algorithm is extended on the data structure and function of OpenSSL. The experimental results show that the SM2 algorithm and RSA algorithm can be switched automatically when the new SSL/TLS connection rate reaches a certain value. The algorithm can effectively improve the system security under the premise of meeting the performance requirements.
Key words: SSL/TLS, SM2 algorithm, RSA algorithm, automatic switching algorithm, OpenSSL
摘要: 为了SSL/TLS协议的安全性与性能能同时满足用户的需求,基于国家商用密码算法(国密算法)的安全性强于通用密码算法、性能弱于通用密码算法的现状,在OpenSSL基础上设计一种SM2与RSA自动切换的算法以满足在性能达标的前提下提高系统的安全性。SSL/TLS握手协议在性能满足需求的前提下,优先使用国密SM2算法,当每秒新建连接数达到一定峰值时,SM2的性能满足不了需求,则系统自动切换到RSA算法,满足更高每秒新建连接数的性能需求。该算法在OpenSSL的数据结构和函数上进行扩展,经过测试实现了在每秒新建SSL/TLS连接数达到一定数值时,SM2算法与RSA算法的自动切换。该算法在满足性能需求的前提下能有效提高系统的安全性。
关键词: SSL/TLS协议, SM2算法, RSA算法, 自动切换算法, OpenSSL
JIA Jifang, ZHANG Lixin, LIAO Mingyao. Design of automatic switching algorithm between SM2 and RSA based on OpenSSL[J]. Computer Engineering and Applications, 2018, 54(3): 74-81.
贾冀芳,张立新,廖明耀. 基于OpenSSL的SM2与RSA自动切换算法的设计[J]. 计算机工程与应用, 2018, 54(3): 74-81.
0 / Recommend
Add to citation manager EndNote|Ris|BibTeX
URL: http://cea.ceaj.org/EN/10.3778/j.issn.1002-8331.1608-0248
http://cea.ceaj.org/EN/Y2018/V54/I3/74