| Intrusion Tolerance is the core of the concept of "Third Generation Security (3GS)" presented by DARPA, USA. It aims to help mission-critical system to maintain integrity, confidentiality and availability of critical information and critical services when the system is heavily attacked.Threshold cryptography can generate, store and issue secret key safely. The system based on threshold cryptography can protect secret information used in encryption and signature when some components of the system are broken. Therefore, threshold cryptography can provide efficient techniques for building intrusion tolerance system. Study on threshold-cryptography-based intrusion tolerance concentrates on the design and implementation of secret sharing scheme, threshold decryption and threshold signature scheme. Up to now, the research on threshold- cryptography-based intrusion tolerance focuses on using threshold RSA cryptography.With the development of the method of large integer factorization and technique of parallel computing, the size of RSA key has to become bigger and bigger and then the RSA based system becomes slower and slower. Currently, ECC is regarded as an attractive cryptography that can provide greater security strength, higher speed and smaller keys than RSA. Therefore, the research on ECC and its applications are becoming new highlight in information security field.Because the design of ECC based threshold cryptography cannot adopt that of RSA based threshold cryptography, new approaches are necessary to seek. So the design of ECC based threshold cryptography is a theoretically difficult one. As for the work on threshold-ECC-based intrusion tolerance application, there is no any report about it by far. It is believed that ECC will take place of RSA in the future. So it is significant and valuable from theoretical and practical point of view, to study ECC based threshold cryptography and its application, such as application in intrusion tolerance. On the background of ECC, taking threshold cryptography as research objective and intrusion tolerance as application environment, the author explore ECC based threshold cryptography and its application. Some targets of the research works include the secret sharing scheme, ECC based threshold decryption and signature schemes, threshold ECC based intrusion tolerant Web security and CA applications. Some innovative contributions of the dissertation are enumerated as: Proposing a status-tree based (t, n) secret sharing scheme. The method is visual, concise and efficient. It consists of secret split algorithm and secret reconstruction algorithm. The former has polynomial complexity and the latter has linear complexity. The scheme can provide threshold confidentiality and threshold availability. Meanwhile, an ECC based zero-knowledge test method is proposed. The method can test if a participant of a threshold scheme has a valid share, but at the same time, it never reveals anything about the share.Proposing an ECC based (t, n) threshold decryption scheme. By analyzing the security, communication and computation cost of the scheme, it shows that the scheme is characterized as excellent security and performance. Meanwhile, a flexible and dynamic ECC based (t, n) threshold decryption scheme is proposed. The latter is more reasonable, secure and efficient in comparing with existing scheme.Proposing an ECC based (t, n) threshold signature scheme. Based on the foregoing proposed secret sharing scheme, the author propose an ECC based ElGamal (t, n) threshold digital signature scheme. By analyzing the security and the performance of the scheme, it shows that no secret communication is required in the signature-issuing phase. The scheme can resist chosen-message attack and has excellent efficiency. Proposing an intrusion tolerant network security architecture. Its core components, i.e., the secure communication scheme, the intrusion early warning scheme and the error treatment scheme, are discussed. The secure communication scheme can adopt Elliptic Curve Encryptio...
|
PDF Full Text Request