《PKI原理与技术》教学大纲
课程代码 | 045101351 |
课程名称 | PKI原理与技术 |
英文名称 | PKI:Principles and Technology |
课程类别 | 专业基础课 |
课程性质 | 必修 |
学时 | 总学时:48; 实验学时:16 |
学分 | 2.5 |
开课学期 | 第六学期 |
开课单位 | 计算机科学与工程学院 |
适用专业 | 信息安全 |
授课语言 | 中文 |
先修课程 | 高级语言程序设计、密码学与安全协议 |
课程对毕业要求的支撑 | 本课程对学生达到毕业要求有如下贡献: 1.(工程知识)掌握扎实的PKI基础知识,掌握相关技术和工具,能够将工具应用于解决复杂的PKI安全问题。 2.(问题分析)能够应用PKI的基本原理和技术,并通过文献研究分析复杂的安全问题。 3.(设计/开发解决方案)能够设计针对复杂PKI问题的解决方案,或设计并搭建简单的PKI系统。 4.(研究)能够针对PKI现状进行研究,提取和解决问题。 |
课程目标 | 该课程的目标是使得学生在现有的知识基础上,了解和掌握PKI系统的定义、应用等,并能根据需求设计和搭建简单的PKI系统,掌握PKI编程方法。 |
课程简介 | 该课程是一门理论与实践相结合的课程,通过理论和实验课程,能帮助学生理解PKI的基本概念、主要技术和方法,熟悉PKI的实际应用。 |
教学内容与学时分配 |
重点:实现专业知识教学与立德树人教育的有机融合;激发学生“实干兴邦”的爱国奋斗精神。 1.今天的电子商务和安全趋势,0.5学时 2. 安全服务,0.5学时 3.公钥基础设施,1学时 重点及难点:
(三) 密码学入门,3学时 1.密码学,2学时 (1)对称密码学 (2)非对称密码学 (3)散列函数 (4)数字签名 2.数字证书,0.5学时 3.确保Web事务处理的安全,0.5学时 重点及难点: (1)PKI的组件构成 (2)数字证书的定义 (四)公钥基础设施,3学时 1.数字证书,1学时 2.公钥基础设施的组件,1学时 3.密钥和证书生命周期管理,0.5学时 4.授权的作用,0.5学时 重点及难点: (1)PKI的组件构成 (2)数字证书的定义和应用 (五)PKI服务和实现,3学时 1.密钥和证书生命周期管理, 2学时 2.部署PKI服务, 1学时 重点及难点: (1)密钥的两种类型:加密密钥和签名密钥 (六)密钥和证书生命周期,3学时 1.密钥管理, 1.5学时 2.证书管理,1.5学时 重点及难点: (1)密钥的几种生成方式 (2)证书更新涉及到的四种证书 (七)PKI体系结构——PKIX模型,3学时 1. PKI实体, 0.5学时 2. PKIX管理协议, 1学时 3.非PKIX管理协议, 0.5学时 4. PKIX证书验证协议,1学时 重点及难点: (1)PKI的管理协议类型 (2)PKIX的证书验证协议过程 (八)PKI的应用,3学时 1.基于PKI的服务, 1学时 2.基于PKI的协议,2学时 3.格式标准,0.5学时 4.应用程序编程接口,0.5学时 重点及难点: (1)SSL协议的过程,如何应用PKI (2)IPSEC协议两种模式,如何应用PKI (九)信任模型,6学时 1.信任关系, 1学时 2.信任模型,2学时 3.证书策略,1学时 4.限制信任模型, 1学时 5.路径构造和验证, 1学时 重点及难点: (1)几种重要的信息模型定义和区别 (2)如何构造验证路径 (十)认证与PKI,3学时 1.认证与PKI,1学时 2.口令,0.5学时 3.认证令牌,0.5学时 4.智能卡,0.5学时 5.生物特征认证,0.5学时 重点及难点: (1)其他方式如何与PKI服务结合认证 (十一)实施与运作,2学时 1. PKI规划 2.实施考虑 3.运作考虑 |
实验教学(包括上机学时、实验学时、实践学时) | (一)CA证书的签发与认证, 4学时 1.实验目的 2.实验要求 3.实验环境 (二) C/C++实现证书的读取与验证数字签名, 6学时 1. 实验目的 3.实验环境 (三)C/C++实现RSA密钥对的生成及数字签名, 6学时 1. 实验目的 3.实验环境 |
教学方法 | 课程教学以课堂教学、课外作业、综合讨论以及实验教学综合实施。 |
考核方式 | 本课程注重过程考核,考核形式、考核内容、课程目标、成绩比例为: (1)平时作业、课堂表现、实验(占总成绩的30%) 根据学生平时上课和作业情况,已经完成实验报告的情况; (2)期末考试(闭卷)(占总成绩的70%) 采用笔试闭卷方式,考试内容选择理论课程大部分内容,包含重点内容和小部分难点内容。 |
教材及参考书 | [1] 《PKI原理与技术》,谢冬青、冷健等著,清华大学出版社,2004。 [2] 《公钥基础设施(PKI)理论及应用》,李建华著,机械工业出版社,2010。 [3] 《PKI/CA与数字证书技术大全》,张明德著,电子工业出版社,2015。 |
制定人及制定时间 | 徐玲玲,2019年4月10日 |
“PKI Principle and Technology”Syllabus
Course Code | 045101351 |
Course Title | PKI Principle and Technology |
Course Category | Specialty Basic Courses |
Course Nature | Compulsory Course |
Class Hours | 48 |
Credits | 2.5 |
Semester | The Sixth Semester |
Institute | School of Computer Science & Engineering |
ProgramOriented | Information Security |
Teaching Language | Chinese |
Prerequisites | High-level Language Programming , Cryptography and security protocol |
Student Outcomes (Special Training Ability) | This course has the following contributions to students' graduation requirements:
(4) Research: propose and solve problems after analyzing the research status of PKI |
Course Objectives | Upon completion of the course, students should master the working principle of PKI, be able to design and build simple PKI system according to requirements, and master the PKI programming skill. |
Course Description | The course is a combination of theory and practice, through theoretical and experimental courses, can help students understand the basic concepts of PKI, the main techniques and methods, and familiar with the practical applications of PKI. |
Teaching Content and Class Hours Distribution | No 1. Ideological construction, 1 hour Key points: realize the organic integration of professional knowledge teaching and moral education; Inspire the students' patriotic struggle spirit of "making the country prosperous by doing" . No 2. Overview, 2 hours 1. Today’s e-commerce and security trends, 0.5 hours 2. Security service, 0.5 hours 3. Public key infrastructure, 1 hours Highlights: (1) Several kinds of security services (2) Definition of PKI No.3 Foundations of Cryptography,3 hours 1. Cryptographic algorithms,2 hours (1) syemmetric cryptography algorithms (2) asymmetric cryptography algorithms (3) Hash function (4) Digital signature 2. Digital certificate, 0.5 hours 3. Security of Web, 0.5 hours Highlights: (1)Component compositions of PKI (2) Definition of digital certificate No.4 Public key infrastructure, 3 hours 1.Digital certificate,1 hours 2. Component compositions of PKI 3. Key and certificate lifecycle management 4. The role of empowerment Highlights: (1) Component compositions of PKI (2) Definition and deployment of digital certificate No 5 PKI services and Implementation, 3 class hours 1. Key and certificate lifecycle management, 2 hours 2. Deploying PKI services, 1 hours Highlights: (1) Two kinds of key: encryption key and signature key No.6 Key and certificate life cycle, 3 class hours 1. key management, 1.5 hours 2. Certificate management, 1.5 hours Highlights: (1) Kinds of key generation (2) Four kinds of certificate during certificate updata No.7 PKI Architecture -- PKIX model, 3 class hours 1. PKI entity, 0.5 hours 2. PKIX Management Protocol, 1 hours 3. Non PKIX Management Protocol, 0.5 hours 4. PKIX certificate validation protocol, 1 hours Highlights: (1) PKIX Management Protocol types (2) Content of PKIX certificate validation protocol No.8 Application of PKI, 3 class hours 7.1 PKI based services, 1 hours 7.2 PKI based protocol, 2 hours 7.3 Format standard, 0.5 hours 7.4 Application programming interface, 0.5 hours Highlights: (1) Content of SSL protocol (2) Two models of IPSEC protocol No.9 Trust model, 6 class hours 1. Trust relationship, 1 hours 2. Trust model, 2 hours 3. Certificate Policy, 1 hours 4. Restricted trust model, 1 hours 5. Path construction and verification, 1 hours Highlights: (1) Definition and differences of several kinds of trust models (2) How to construct verification path No.10 Certification and PKI, 3 class hours 1. Authentication and PKI, 1 hours 2. Secret, 0.5 hours 3. Authentication token, 0.5 hours 4. Smart card, 0.5 hours 5. biometric authentication, 0.5 hours Highlights: (1) How to combine other authentications with PKI No.11 Implementation and operation, 2 class hours 1. PKI planning 2. Implementation considerations 3. Operational considerations |
Experimental Teaching | No.1 Issue and certification of CA certificate, 4 hours 1. Experimental purposes Through experiments, we can basically grasp the relevant theories and principles of public key infrastructure (PKI), and the development and use of relevant technologies of PKI. 2. Experiments Requirements (1) Application of Public Key Certificate (2) PKI programming practice, using C language to write digital certificate issuance document encryption, signature and other procedures. 3. Experimental environment Linux kernel 2.6 and above, with OpenSSL installed. No.2 Develop C/C++ program to achieve the certificate read, verify and digital signature, 6 hours 1. Experimental purposes Master the structure of certificates and learn to verify digital signatures. 2. Experiments Requirements Using the library functions provided by OpenSSL, the program is written in C/C++: (1) For a personal digital certificate that has been issued, read out the contents of each field in the certificate and display it. If it is binary content, please use hexadecimal number to display it. (2) Verify whether the digital signature of CA in the certificate is valid (assuming that a CA is credible). 3. Experimental environment Linux kernel 2.6 and above, with OpenSSL installed. No.3 Develop C/C++ program to generate RSA key pair and digital signature,6 hours 1. Experimental purposes Be proficient in generating key pairs and digital signature using key pairs. 2. Experiments Requirements Using the library functions provided by OpenSSL, the program is written in C/C++: (1) Write programs to generate RSA key pairs and save public keys to files. (2) Compute the digital signature of a file after Hash, and save the signature information to the file. (3) Using public key to verify the generated digital signature 3. Experimental environment Linux kernel 2.6 and above, with OpenSSL installed. |
Teaching Method | The course teaching is carried out by classroom teaching, homework, comprehensive discussions and experimental teaching. |
Examination Method | This course focuses on the process assessment. The assessment form, assessment content, course objectives and achievement ratio are as follows: (1) Homework, class performance and experiments(30% of the total score) According to the students' homework, class performance and experiment reports; (2) Final exam (closed book) (70% of total score) Adopt the written test closed method, select the main theory content, containing the key content and a little hard content. |
Teaching Materials and Reference Books | [1] Xie Dongqing, Leng Jian, 《PKI priciples and technology》, Tsinghua University Press, 2004 [2] Li Jianhua, PKI theory and applications, Mechanical industry press, 2010。 [3] Zhang Ming de, PKI/CA and certificate, Electronics industry Press, 2015。 |
Prepared by Whom and When | Xu Lingling, 10th April 2019 |
《PKI原理与技术》实验教学大纲
课程代码 | 045101351 |
课程名称 | PKI原理与技术 |
英文名称 | PKI Principle and Technology |
课程类别 | 专业基础课 |
课程性质 | 必修 |
学时 | 16 |
学分 | 2.5 |
开课学期 | 第六学期 |
开课单位 | 计算机科学与工程学院 |
适用专业 | 信息安全 |
授课语言 | 中文 |
先修课程 | 高级程序设计语言、密码学与安全协议 |
毕业要求(专业培养能力) | 培养学生掌握扎实的信息安全基础理论知识,了解信息安全尤其是PKI发展前沿知识和新兴技术,开拓学生的视野,培养研究能力,培养工程实践能力,培养学生的动手能力和创新能力。 |
课程培养学生的能力(教学目标) | 通过实验,基本掌握公钥基础设施(PKI)的有关理论、原理,基本掌握PKI的开发与使用相关技术。所以实验内容的设置也主要是结合上述的内容。 |
课程简介 | 该课程为《PKI原理与技术》的实验课,包含以下三个实验: 1.CA证书的签发与认证 2.C/C++实现证书的读取与验证数字签名 3.C/C++实现RSA密钥对的生成及数字签名 旨在通过以三个实验,帮助学生掌握PKI技术中CA证书的使用,以及一般的PKI编程方法。 |
主要仪器设备与软件 | 个人计算机,Linux操作系统 内核2.6及以上,OpenSSL |
实验报告 | 说明实验原理(理念)并进行方案选择,阐明为什么要选择这个实验方案以及所采用方案的特点。并重点说明实验是如何实现的,包括:对实验工作的详细表述。要求层次分明、表达确切。 |
考核方式 | (1)本门实验课将结合出勤、实验操作以及实验报告等进行考核,其中出勤占实验课总评成绩的10%,实验操作占实验总评成绩的60%,实验报告占实验总评成绩的30%。 (2)本门实验课总评成绩占课程总评成绩的30%。 |
教材、实验指导书及教学参考书目 | [1]华南理工大学计算机学院“PKI原理与技术”实验手册 [2]佘堃,郑方伟,《PKI原理与技术》,电子科技大学出版社,2007.8 |
制定人及发布时间 | 徐玲玲,2019年5月5日 |
《PKI原理与技术》实验教学内容与学时分配
实验项目编号 | 实验项目名称 | 实验学时 | 实验内容提要 | 实验类型 | 实验要求 | 每组人数 | 主要仪器设备与软件 |
1 | CA证书的签发与认证 | 4 | 学会签发根CA证书,使用根CA证书签发下级证书。 | 综合性 | 必做 | 1 | Linux操作系统内核2.6及以上,OpenSSL |
2 | C/C++实现证书的读取与验证数字签名 | 6 | 掌握证书的结构,学会验证数字签名。 | 综合性 | 必做 | 1 | Linux操作系统内核2.6及以上,OpenSSL |
3 | C/C++实现RSA密钥对的生成及数字签名 | 6 | 熟练掌握密钥对的生成以及利用密钥对做数字签名等操作。 | 设计性 | 必做 | 1 | Linux操作系统内核2.6及以上,OpenSSL |
“PKI Principle and Technology” Syllabus
Course Code | 045101351 |
Course Title | PKI Principle and Technology |
Course Category | Specialty-basis Course |
Course Nature | Compulsory Course |
Class Hours | 16 |
Credits | 2.5 |
Semester | The sixth Semester |
Institute | School of Computer Science and Engineering |
Program Oriented | Information Security |
Teaching Language | Chinese |
Prerequisites | High-level Language Programming , Cryptography and security protocol |
Student Outcomes (Special Training Ability) | Train students to master a solid theoretical foundation of computer knowledge, understand the development of computer science knowledge and new technology, develop students' horizons, cultivate research ability and engineering practice ability, and cultivate students' practical ability and innovation ability. |
Teaching Objectives | Through experiments, we require students master the relevant theories and principles of public key infrastructure (PKI), and master the related technologies of PKI development and application. Therefore, the content of the experiment is mainly combined with the above content. |
Course Description | This course is an experimental course of PKI principles and techniques, which includes the following three experiments: 1.Issue and certification of CA certificates 2.Develop C/C++ program to achieve the certificate read and verify, digital signature 3.Develop C/C++ program implement RSA key pair generation and digital signature The aim is to help students master the usage of CA certificates and the general PKI programming method through these three experiments. |
Instruments and Equipments | Personal computer;Linux operating system kernel 2.6 and above;OpenSSL |
Experiment Report | Explain the experimental principle and scheme, and explain why we should choose the experimental scheme and the characteristics of the adopted scheme. It focuses on how the experiment is achieved, including a detailed description of the experiment. The requirements are clear and exact. |
Assessment | (1) the experiment course will combine the attendance, experimental operation and experimental report assessment, including attendance grades experimental class accounted for 10%, accounting for the overall results of experiment 60%, experiment report for experimental grades 30%. (2) the experiment course grades for courses grades 30%. |
Teaching Materials and Reference Books | [1] PKI principle and technology experiments guide, South China University of Technology. [2]Yu Kun, Zheng Fangwei, PKI principle and technology,UESTC press,2007.8 |
Prepared by Whom and When | Xu Lingling, 5th May2019 |
“CourseTitle” Experimental Teaching Arrangements
No. | Experiment Item | Class Hours | Content Summary | Category | Requirements | Number of StudentsEach Group | Instruments, Equipments and Software |
1 | Issue and certification of CA certificate | 4 | Learn to sign the root CA certificate and issue a lower certificate with the root CA certificate. | Comprehensive | Compulsory | 1 | Personal computer;Linux operating system kernel 2.6 and above;OpenSSL |
2 | Develop C/C++ program to achieve the certificate read ,verify and digital signature | 6 | Master the structure of a certificate and learn to verify a digital signature. | Comprehensive | Compulsory | 1 | Personal computer;Linux operating system kernel 2.6 and above;OpenSSL |
3 | Develop C/C++ program to generate RSA key pair and digital signature | 6 | Master the generation of key pair and do digital signature with key pair. | Design | Compulsory | 1 | Personal computer;Linux operating system kernel 2.6 and above;OpenSSL |
