網際網路的快速發展與資訊教育的普及，促成全世界上網人口的持續增加，各式各樣的電子商務應用持續的增加，網路頻寬也不斷的擴增，以因應愈來愈多的網路交易所帶來的通訊資料量，如此眾多的數位交易資料在網際網路上傳遞，其目的是為了提供了人類即時且無限的服務環境，但是，在網路上傳輸的資料是公開的，每個上網的人都可以藉由通訊協定來得到資料內容，即使資料接收者不是他，因此也衍生了許多有關資訊安全的問題。
隨著近代密碼學的發展，公開金鑰系統架構(Public Key Infrastructure， PKI)的建立，的確可以有效的解決資訊安全的問題，讓透過網路交易的人有了安全保障，也正因此使得公開金鑰系統架構成為網路安全的保護者，致使許多國家、國際組織或商業團體，皆著手制訂自己的安全技術標準，而發展出不少的密碼安全技術出來，在選擇PKI產品時，如何能夠得知此PKI產品符合自己的安全需求。
本論文針對PKI產品在安全評估時，提出一套安全評估流程，並且針對在評估時的系統功能測試作一自動化設計，期望在安全評估的過程當中能夠藉由自動化的工具輔助，達到標準化與自動化的評估。

none

[1] William Stallings, Network And Internetwork Security Principles And Practice, Prentice Hall International Edition, 1995, pp. 1-14
[2] NBS FIPSPUB 46, Data Encryption Standard, National Bureau of Standards, U.S. Department of Commerce, Jan, 1977
[3] R. Rivest, A Description of the RC2(r) Encryption Algorithm, RFC2268, Jan. 1998.
[4] X. Lai and J. Massey, “A proposal for a New Block Encryption Standard,” Advances in Cryptology-EUROCRYPT’90 Proceedings, Berlin: Springer-Verlag, 1991, pp.389-404
[5] National Institute of Standards and Technology :The Advanced Encryption Standard (AES) Homepage : http://csrc.nist.gov/aes/
[6] R. Rivest, A. Shamir, and L. Adleman, “A Method for Obtaining Digital Signatures and Public-Key Cryptosystems,” Communications of the ACM, V.21, n.2, Feb 1978, pp.120-126
[7] C. J. Mitchell, F. Piper, and P. Wild, “Digital Signatures,” Contempotary Cryptology: The science of Information Integrity, G. J. Simmons, ed., IEEEPress, pp.325-378, 1991
[8] T.ELGamal, “A Public-Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms” ,Communications of the ACM, V.21,n.2,Feb 1978, pp.120-126
[9] V.Miller, “Uses of Elliptic Curves in Cryptography”, Advances in Cryptology CRYPTO ’85,Lecture Notes in Computer Science, 218 (1986),Spring-Verlag, 417-426.
[10] R. Rivest, The MD5 Message Digest Algorithm, RFC 1321, Apr. 1992.
[11] NIST FIPS PUB 180-1, Secure Hash Standard, National Institute of Standards and Technology, U.S. Department of Commerce, Apr. 1995
[12] 李南逸,黃宗立, “數位簽章系統之設計與分析,” 國立成功大學資訊工程研究所博士論文, 1996
[13] C. J. Mitchell, F. Piper, and P. Wild, “Digital Signatures,” Contempotary Cryptology: The science of Information Integrity, G. J. Simmons, ed., IEEEPress, pp.325-378, 1991
[14] C. Adams and S. Farrell, Internet X.509 Public Key Infrastructure Certificate Management Protocols, RFC 2510, Mar. 1999
[15] TWG-98-59, Public Key Infrastructure (PKI) Technical Specifications: Part A -Technical Concept of Operations, Apr. 1998, pp.20-25, pp.36-38
[16] RFC 2459 “Internet X.509 Public Key Infrastructure Certificate and CRL Profile”, 1999
[17] CCITT X.500 Series (1992) | ISO/IEC 9594,1--9, Information Technology -- Open Systems Interconnection -- The Directory, 1992
[18] ITU-T Recommendation X.509 (1997 E): Information Technology - Open Systems Interconnection - The Directory: Authentication Framework, June 1997
[19] NIST FIPS PUB 180-1, Secure Hash Standard, National Institute of Standards and Technology, U.S. Department of Commerce, Apr. 1995
[20] NIST(National Institute of Standards and Technology)(1994)Security Requirement for Cryptographic Modules, Federal Information Processing Standards(FIPS)Publication 140-1
[21] ISO(1999)Common Criteria for Information Technology Security Evaluation, Version 2.1, ISO/IEC 15408
[22] 吳賀祥,黃宗立, “公開金鑰憑證管理系統安全評估與分級自動化之設計與實作,” 國立成功大學資訊工程系碩士班碩士論文, June 2002
[23] 張中和,黃宗立, “公開金鑰憑證管理系統安全評估與系統軟元件之設計,” 國立成功大學資訊工程系碩士班碩士論文, June 2002
[24] 張中和,曾宏偉,吳賀祥,黃宗立, “CA-PKI系統功能等級劃分” 國立成功大學資訊工程研究所資訊安全實驗室著, 2002.
[25] RSA Data Security Inc. PKCS#10v1.7: Certification Syntax Standard, May, 26, 2000.
[26] RFC 2560 “X.509 Internet Public Key Infrastructure Online Certificate Status Protocol – OCSP”, June. 1999
[27] CCITT X.500 Series (1992) | ISO/IEC 9594,1--9, Information Technology -- Open Systems Interconnection -- The Directory, 1992
[28] RFC 2251 “Lightweight Directory Access Protocol V3” , December. 1997
[29] 高孟甫,黃宗立, “公開金鑰架構中金鑰與憑證相關安全認證之設計與研究,” 國立成功大學資訊工程系碩士班碩士論文, July 2001
[30] 阮孝緒,黃宗立, “公開金鑰架構系統安全管理認證之設計與研究,” 國立成功大學資訊工程系碩士班碩士論文, July 2001