Research and Implementation of TLS Browser Supporting Commercial Cryptographic Algorithm

doi:10.3969/j.issn.1671-1122.2017.04.004

Abstract

Abstract:

We implement a TLS browser which support commercial cryptographic algorithms on Windows platform. A CCA (commercial cryptographic algorithms) library is developed using Windows system interface CryptoAPI: Next Generation. Due to the CCA library, Windows 10 can support the commercial cryptographic algorithms and certificate. Secondly. Using the CCA library and the TLS 1.2 protocol which is modified to add the support of the commercial cryptographic algorithms, the open source browser Chromium is modified to support the commercial cryptographic algorithms. The experiment results show that the implemented TLS browser not only support the HTTPS access based on the commercial cryptographic algorithms, support digital certificates based on commercial cryptographic algorithm, keep similar performance with international cryptographic algorithms, but also keep all the original browser owned features.

Key words: commercial cryptographic algorithm, TLS protocol, BoringSSL, Chromium

CLC Number:

TP391

Chuan XIANG, Wuqiong PAN, Huorong LI, Jingqiang LIN. Research and Implementation of TLS Browser Supporting Commercial Cryptographic Algorithm[J]. Netinfo Security, 2017, 17(4): 26-33.

Figures/Tables 11

References 12

[1]	林雪燕,林璟锵,管乐,等. 在桌面虚拟化系统中实施国产密码算法[J].中国科学院大学学报,2015(5):701-707.
[2]	国家密码管理局. SM2椭圆曲线公钥密码算法[EB/OL]. ,2010-12-22/2017-2-26.
[3]	国家密码管理局. SM3密码杂凑算法[EB/OL]. ,2010-12-22/2017-2-26.
[4]	国家密码管理局. SM2椭圆曲线公钥密码算法[EB/OL]. ,2010-12-22/2017-2-26.
[5]	李义杰. 基于国密算法的小型CA系统设计与实现[D].西安:西安电子科技大学,2014.
[6]	吴永强. 国密SSL安全通信协议的研究与实现[D]. 西安:西安电子科技大学,2014.
[7]	王勇,岑荣伟,郭红,李新友. 国家电子政务外网电子认证系统SM2国密算法升级改造方案研究[J]. 信息网络安全,2012,(10):83-85.
[8]	Google. Chromium Sources and Documentations[EB/OL]. , 2017-2-26.
[9]	Google. BoringSSL Sources and Documentations[EB/OL]. .
[10]	Young E A, Hudson T J, Engelschall R. Openssl: The open source toolkit for ssl/tls[EB/OL]. , 2017-2-26.
[11]	徐恒. 确定性随机数产生器安全性分析及改进[D]. 上海:上海交通大学,2009.
[12]	李奇. Windows访问控制实施框架研究、设计与实现[D].合肥:中国科学技术大学,2009.

[1]	CHEN Xiangrong, CHENG Ding, QIN Pengyu, CHENG Cheng. Research on a User Data Security Protection Strategy Based on STDM Technology [J]. 信息网络安全, 2017, 17(5): 44-50.
[2]	HUANG Qiang, WANG Gaojian, MI Wenzhi, WANG Lunwei. Centralized and Unified Trusted Computing Platform Management Model and Its Application [J]. 信息网络安全, 2017, 17(4): 9-14.
[3]	WANG Shuo, CHENG Xiangguo, CHEN Yameng, WANG Yue. Research on Key-insulated Group Signature Scheme [J]. 信息网络安全, 2017, 17(4): 40-45.
[4]	KANG Nianhua, CHEN Mingzhi, FENG Yingyan, LIU Chuanbao. An Anti-interference Browser Fingerprinting Generation Algorithm Based on Implicitly Acquiring Features [J]. 信息网络安全, 2017, 17(4): 71-77.
[5]	LIANG Zhong, ZHOU Jiakun, ZHU Han, CHEN Bo. Research on Aggregation Technology for Information Security Knowledge Based on Security Ontology [J]. 信息网络安全, 2017, 17(4): 78-85.
[6]	LIANG Zhiqiang, LIN Dansheng. Information Security Risk Assessment Mechanism Research Based on Power System [J]. 信息网络安全, 2017, 17(4): 86-90.
[7]	Tengfei ZHANG, Qian ZHANG, Jiayong LIU. URL Classification Method Based on AdaBoost and Bayes Algorithm [J]. Netinfo Security, 2017, 17(3): 66-71.
[8]	Yameng CHEN, Xiangguo CHENG, Shuo WANG, Ming GAO. Research on Certificateless Group Signature Scheme Based on Bilinear Pairings [J]. Netinfo Security, 2017, 17(3): 53-58.
[9]	Hong MEN, Shunli YAO. Research on a Framework Based on Virtual Cloud Network for Monitoring Safe Production [J]. Netinfo Security, 2017, 17(3): 14-20.
[10]	Jianhong ZHANG, Pengyan LI. An Efficient Data Integrity Verification Scheme for Cloud Storage [J]. Netinfo Security, 2017, 17(3): 1-5.
[11]	Dongliang WANG, Junyan YI, Shihui LI, Hongxin WANG. Task Scheduling of Cloud Computing Based on Fusion of Load Balancing and Bat Algorithm [J]. Netinfo Security, 2017, 17(1): 23-28.
[12]	HUANG Jianhui, SHI Wenchang. The TPCM Active Measurement and Power Control Design for ATX Motherboard [J]. 信息网络安全, 2016, 16(11): 1-5.
[13]	LI Zhaobin, LIU Dandan, HUANG Xin, CAO Hao. Design and Implementation of Secure Access Device Based on Guomi Algorithm [J]. 信息网络安全, 2016, 16(11): 19-27.
[14]	HU Yangrui, CHEN Xingshu, WANG Junfeng, YE Xiaoming. Anomalous Traffic Detection Based on Traffic Behavior Characteristics [J]. 信息网络安全, 2016, 16(11): 45-51.