發(fā)布時間：2018-10-12 11:55

【摘要】：伴隨著信息技術(shù)的高速發(fā)展,信息安全日益成為阻礙信息技術(shù)被廣泛應(yīng)用于各個領(lǐng)域的核心問題。作為信息安全技術(shù)的重要組成部分,公鑰密碼學(xué)技術(shù)受到了前所未有的關(guān)注。當公鑰密碼系統(tǒng)被部署到不安全的環(huán)境如無線傳感器網(wǎng)絡(luò)或移動終端時,由于木馬、病毒以及操作系統(tǒng)漏洞帶來的密鑰泄露問題也變得不可避免。由于公鑰密碼系統(tǒng)的安全性都依賴于密鑰自身的安全,當密鑰被泄露時,整個公鑰密碼系統(tǒng)的安全性也將被徹底破壞。在傳統(tǒng)公鑰密碼體制中,可以通過撤銷公鑰的手段來緩解用戶密鑰泄露帶來的損失。但在基于身份的公鑰密碼體制中,由于用戶的公鑰都是由用戶的公開身份信息推導(dǎo)而來,難以采用撤銷公鑰的方法來解決密鑰泄露問題。因此,如何有效解決基于身份的公鑰密碼系統(tǒng)中的密鑰泄露問題成為了目前的研究熱點�；诿荑�進化思想提出的密鑰隔離密碼體制將密鑰生存周期劃分為多個不同的時間片,當其中某些時間片內(nèi)的密鑰泄露以后,其余時間片內(nèi)的密鑰仍然能保證安全,因而極大地降低了密鑰泄露可能帶來的危害。本文研究以可證安全為主線,對基于身份的密鑰隔離密碼體制設(shè)計與安全性分析進行了探討,主要的創(chuàng)新點包括以下三個方面:1)本文提出了一個高效可證安全的基于身份的密鑰隔離簽密方案。在分析Chen等提出的基于身份的密鑰隔離簽密方案的基礎(chǔ)上,本文提出了一個新的簽密方案,解決了對自適應(yīng)選擇密文攻擊不能提供不可區(qū)分性(Indistinguishability against Adaptive Chosen Ciphertext Attacks,IND-CCA2)保護和對自適應(yīng)選擇消息攻擊無法提供不可偽造性(Existential Unforgeability against Adaptive Chose Message Attacks,EUF-CMA)保護的安全問題,并在標準模型下證明了本文提出方案的安全性。分析結(jié)果顯示本文提出的方案在計算效率和密文長度等方面,優(yōu)于已有標準模型下基于身份的簽密方案。2)本文提出了一個橢圓曲線密碼體制下的基于身份的密鑰隔離簽名方案。鑒于目前基于身份的密鑰隔離簽名方案均采用計算開銷昂貴的雙線性對來構(gòu)造,為了降低計算開銷,本文提出了一個利用橢圓曲線密碼體制構(gòu)造基于身份的密鑰隔離簽名方案。首先給出了形式化定義和安全模型,然后在隨機預(yù)言機模型下構(gòu)造了一個可證安全的基于身份的密鑰隔離簽名方案,最后通過將方案的安全性歸約到離散對數(shù)難題上證明了其安全性。分析結(jié)果顯示,本文提出的方案在運算效率上優(yōu)于已有的其他方案。3)本文提出了一個橢圓曲線密碼體制下的基于身份的密鑰隔離認證密鑰協(xié)商協(xié)議。鑒于目前已有基于身份的認證密鑰協(xié)商協(xié)議均未提供后向安全性,為增強協(xié)議的安全性,本文提出了一個采用橢圓曲線密碼體制的基于身份的密鑰隔離認證密鑰協(xié)商協(xié)議。分析結(jié)果表明,本文提出的協(xié)議不僅滿足目前已知針對認證密鑰協(xié)商協(xié)議的安全性要求,而且還提供了后向安全性。在本文的研究工作中還對Guo等提出的非交互式基于身份的層次認證密鑰協(xié)商協(xié)議進行了分析,指出了協(xié)議中存在無法抵御葉子節(jié)點或中間節(jié)點攻擊的不足,即只要成功攻擊一個內(nèi)部節(jié)點,那么節(jié)點的會話密鑰就會被破壞。
[Abstract]:With the rapid development of information technology, information security has become a core problem that hinders information technology to be widely used in various fields. As an important part of information security technology, public-key cryptography has been paid more attention. when the public key cryptographic system is deployed to an unsafe environment such as a wireless sensor network or mobile terminal, the problem of key disclosure due to trojans, viruses, and operating system vulnerabilities also becomes inevitable. Since the security of the public key cryptographic system relies on the security of the key itself, the security of the entire public key cryptographic system will also be completely compromised when the key is compromised. In the traditional public key cryptosystem, the loss caused by the leakage of the user key can be relieved by the means of withdrawing the public key. However, in the identity-based public key cryptosystem, because the public key of the user is derived from the user's public identity information, it is difficult to solve the key leakage problem by adopting a method of revoking the public key. Therefore, how to effectively solve the key leakage problem in the identity-based public key cryptosystem has become the current research hotspot. according to the key isolation password system proposed by the key evolution thought, the key life cycle is divided into a plurality of different time slices, and when the key in certain time slices is leaked, the key in the remaining time slices can still guarantee the security, thereby greatly reducing the possible damage to the key leakage. This paper discusses the design and security analysis of identity-based key isolation password system based on the main line of certificate safety. The main innovation points include the following three aspects: 1) This paper puts forward a highly efficient and safe identity-based key isolation signature scheme. Based on the analysis of the identity-based key isolation scheme proposed by Chen et al., a new signcryption scheme is proposed in this paper. IND-CCA2 (IND-CCA2) protection and adaptive selection message attacks fail to provide security issues for the protection of non-forgery (EUF-CMA), and demonstrate the security of the proposed scheme under the standard model. The results show that the scheme proposed in this paper is superior to the identity-based signature scheme under the existing standard model in terms of computational efficiency and cipher text length. The paper proposes an identity-based key isolation signature scheme under an elliptic curve cryptosystem. In view of the current identity-based key isolation signature scheme, this paper constructs an identity-based key isolation signature scheme using elliptic curve cryptosystem in order to reduce computational overhead. First, a formal definition and security model is given, and then an identity-based key isolation signature scheme is constructed under the random oracle model. Finally, the security of the scheme is proved by reducing the security of the scheme to the discrete logarithm problem. The results show that the scheme proposed in this paper is superior to other schemes in the operation efficiency. 3) This paper presents an identity-based key isolation authentication key agreement protocol under an elliptic curve cryptosystem. In view of the fact that the existing identity-based authentication key negotiation protocol has not been provided with backward security, this paper proposes an identity-based key isolation authentication key agreement protocol based on the elliptic curve cryptosystem. The analysis results show that the protocol proposed in this paper not only meets the security requirements currently known for the authentication key agreement protocol, but also provides the backward security. In the work of this paper, we also analyze the non-interactive identity-based authentication key agreement protocol proposed by Guo et al. It points out that there are disadvantages in the protocol that can not resist attack of leaf nodes or intermediate nodes, that is, if only one internal node is attacked successfully, then the session key of the node will be corrupted.
【學(xué)位授予單位】：電子科技大學(xué)
【學(xué)位級別】：博士
【學(xué)位授予年份】：2014
【分類號】：TN918.4

【參考文獻】

相關(guān)期刊論文 前1條

1 ;IDENTITY-BASED KEY-INSULATED PROXY SIGNATURE[J];Journal of Electronics(China);2009年06期

相關(guān)博士學(xué)位論文 前1條

1 李發(fā)根;基于雙線性對的簽密體制研究[D];西安電子科技大學(xué);2007年

，

本文編號：2266015