本文選題：身份基密碼學 + 公共計算　； 參考：《國防科學技術大學》2014年碩士論文

【摘要】：隨著電子政務、商務的興起和發(fā)展,人類全面進入了互聯(lián)網(wǎng)時代。網(wǎng)絡中傳輸?shù)臄?shù)據(jù)不再是簡單的文本信息,更多的包括賬戶、支付信息等,因此數(shù)據(jù)安全性顯得尤為突出。但傳統(tǒng)的安全網(wǎng)絡傳輸協(xié)議,存在密鑰分發(fā)開銷大、發(fā)起連接延遲長、交互狀態(tài)轉換多和協(xié)議格式定義雜等諸多缺點。而最近提出的基于自驗證標識的可信安全網(wǎng)絡通信協(xié)議,不兼容當前網(wǎng)絡通信的基礎,即TCP/IP網(wǎng)絡體系結構,存在部署困難的缺點。本文針對所指出的問題,對可信安全的網(wǎng)絡傳輸協(xié)議以及密鑰協(xié)商算法展開了深入研究。本文主要的工作和貢獻如下:一、一種有效且可擴展的身份基密鑰協(xié)商算法設計作為安全網(wǎng)絡傳輸?shù)那疤岷突A,密鑰協(xié)商算法具有重要作用。本文針對所采用的身份基密碼學的技術特點,重點關注了身份基密鑰協(xié)商算法的研究進展,將身份基密碼學中跨域的類型進行劃分,并提出了在這兩種多域條件下均適用的密鑰協(xié)商算法。另外,本文首次將公共計算的概念引入身份基密鑰協(xié)商算法,使得本算法可以大幅降低終端設備的計算負載,明顯優(yōu)于其他同類算法。本文還從理論上證明了所設計的算法滿足密鑰協(xié)商算法所應滿足的所有安全特性。二、一種可增量部署的自信任輕量級網(wǎng)絡傳輸協(xié)議設計針對傳統(tǒng)安全網(wǎng)絡傳輸協(xié)議中,用戶的身份與其公鑰信息需要證書綁定的問題。本文通過采用身份基密碼學技術,直接將用戶的IP地址作為公鑰,無需依賴可信第三方頒發(fā)證書來認證,使得協(xié)議具有自信任的優(yōu)點。也正是無需證書,減少了互相傳遞和認證證書的通信和計算開銷。本文還結合具體應用場景,通過采用雙線性對等數(shù)學工具,使得通信雙方甚至無需任何交互,直接計算出可信的會話密鑰,達到了接近IP協(xié)議的輕量級優(yōu)點。另外,本文依然采用傳統(tǒng)的IP地址作為通信地址,因此兼容現(xiàn)有的TCP/IP網(wǎng)絡體系結構。特別地,本文還將最近又得到關注的機會加密思想引入?yún)f(xié)議設計中,使得協(xié)議具備可增量部署特性。該特性有利于協(xié)議的推廣和使用,是目前多數(shù)其他同類安全協(xié)議所不具備的。三、自信任輕量級網(wǎng)絡傳輸協(xié)議的實現(xiàn)與測試本文首先闡述了協(xié)議實現(xiàn)時可以采用的兩種技術路線,并分別分析了兩種技術路線各自存在的優(yōu)缺點。在根據(jù)當前的研究階段以及綜合考量開發(fā)難度而選擇了技術路線之后,本文進一步介紹了協(xié)議實現(xiàn)中所涉及的關鍵技術和具體實現(xiàn)。最后,本文通過功能和性能測試,說明所實現(xiàn)的協(xié)議達到了設計目標。
[Abstract]:With the rise and development of e-commerce and commerce, human beings have entered the age of the Internet. The data transmitted in the network are no longer simple text information, more including accounts and payment information. Therefore, the security of data is particularly prominent. However, the traditional security network transmission protocol has large key distribution overhead and initiation of connection delay. Many shortcomings such as long, interactive state conversion and protocol format definition, and the recent proposed self verifying identification based trusted security network communication protocol is incompatible with the base of current network communication, that is, TCP/IP network architecture, and there is a shortcoming of deployment difficulties. The main work and contributions of this paper are as follows: first, an efficient and extensible identity based key negotiation algorithm is the premise and foundation of secure network transmission. The key negotiation algorithm plays an important role. This paper focuses on the technical characteristics of the identity based cryptography. The research progress of the identity based key agreement algorithm is made, the types of cross domain in the identity based cryptography are divided, and the key negotiation algorithm is proposed under these two multi domain conditions. In addition, this paper introduces the concept of public computing to the identity based key agreement algorithm for the first time, so that this algorithm can greatly reduce the computing of terminal devices. The load is obviously better than the other similar algorithms. This paper also theoretically proves that the proposed algorithm satisfies all the security characteristics that the key agreement algorithm should meet. Two, a lightweight network transmission protocol designed for incremental deployment is designed for the traditional secure network transmission protocol, and the identity of the user and the public key information need a certificate. By using the technology of identity based cryptography, this paper directly uses the IP address of the user as a public key without relying on the credentials of trusted third parties to authenticate the protocol, which makes the protocol have the advantage of self confidence. It also reduces the communication and computing overhead of mutual transfer and authentication certificate without a certificate. This paper also combines the specific application field. In view, by using a bilinear peer to peer mathematical tool, the two parties can directly calculate a trusted session key without any interaction, and achieve a lightweight advantage near the IP protocol. In addition, this paper still uses the traditional IP address as a communication address, so it is compatible with the existing TCP/IP network architecture. In particular, this article will also be the most important. The opportunity encryption idea is introduced into the protocol design, which makes the protocol have an incremental deployment feature. This feature is beneficial to the promotion and use of the protocol, which is not available to most other similar security protocols. Three, the implementation and testing of the lightweight network transmission protocol with confidence, first of all, the protocol implementation can be described. Two technical routes are adopted and the advantages and disadvantages of each of the two technical routes are analyzed respectively. After selecting the technical route according to the current research stage and the difficulty of the comprehensive consideration of the development, this paper further introduces the key technologies and implements involved in the implementation of the protocol. Finally, this paper is tested through functional and performance testing. It shows that the protocol achieved has reached the design goal.
【學位授予單位】：國防科學技術大學
【學位級別】：碩士
【學位授予年份】：2014
【分類號】：TP393.08

【參考文獻】

相關期刊論文 前2條

1 ZHOU Huan;WANG Xiaofeng;SU Jinshu;;An Efficient Identity-Based Key Agreement Protocol in a Multiple PKG Environment[J];Wuhan University Journal of Natural Sciences;2014年05期

2 曹丹;王小峰;王飛;胡喬林;蘇金樹;;SA-IBE:一種安全可追責的基于身份加密方案[J];電子與信息學報;2011年12期

，

本文編號：2001411