| Internet-based networking value-added applications (for instance, e-commerce and e-government) develop quickly with each passing day. These applications pose new requirements to information security. Such new requirements, like fairness and accountability, are beyond of the traditionally basic security requirements such as confidentiality, integrity, non-repudiation and authentication. Public Key Infrastructure (PKI) technology based on public-key cryptography theory is considered to be the most feasible and most effective method to solve information security problems in large and open networking environment. With design and development of an enterprise PKI system, some key technologies on implementing a secure, reliable and scalable PKI system are both theoretically and practically conducted in this thesis. Fairness is one of the basic information security requirements of e-commerce; and one important kind of fair exchange protocols is thoroughly examined at the end of the thesis. As a result, six principal achievements have been obtained. First, a highly modular and scalable PKI system (which we call ErcistPKI) is designed and implemented. The security of PKI system itself is especially emphasized during the system design and implementation process, which is in accordance with the pervasive characteristic of PKI. Second, the concept of a Trusted Key Management Center (TKMC) is introduced for the first time. This technology greatly strengthens key management practices and allows for smooth transition from PKI to Key Management Infrastructure (KMI). Third, certificate status mechanisms are investigated in depth, and a certificate revocation performance simulation system is devised. All these work will provide guides to practice and employment of PKI applications. Based on time constraints, a new taxonomy for authenticated dictionaries is proposed. Fourth, formal analysis ofOCSP protocol is carried out; then an efficient and scalable OCSP system is developed. Fifth, the special requirements caused by the working environments of Wireless PKI (WPKI) are analyzed. Based on communicative hashing and dynamic Merkle hash tree, an efficient certificate status validation method suitable for WPKI is presented. Sixth, one important kind of fair exchange protocols is studied, and a new CEMBS based on RSA cryptosystem is proposed. Afterwards, a novel fair exchange protocol totally based on RSA signature scheme is devised.
|
PDF Full Text Request