| An investigation of crucial techniques of session key establishment is taken in this thesis, including interoperability of different public key infrastructure (PKI) trust domains, public key encryption algorithm and signature algorithm, the soundness justification of authentication protocol formal proof methods, and analysis of authentication protocols in special systems. The main contributions follow below.1. The first aspect is about interoperability of different PKI trust domain. A new model was given out for the interoperability, namely vitual bridge certificate authority (VBCA) model. The model enjoys local CA autonomy property, limits the trust path construction process in a single PKI domain, and technically provides a chance for democratic decision about interoperability operations. The new model is suitable for competitive units to expand PKI service ranges based on their original PKIs.2. The second aspect is about public key encryption algrithom and signature algrithom. A new public key encryption algrithom was given out with an indistinguishable adaptive chosen ciphertext attack (IND-CCA2) proof in the standard model. New hard problomes were given out, based on which the Schnorr signature scheme was proved satisfying chosen message attack (CMA) in standard model. The new public key encryption was derived from Cramer-Shoup public key encryption scheme, which was small in cipher size and efficient in computation, a save of bandwidth and computaion resources. The new hard problems were based on the multivariant congruence problem which was proposed informally by Schnorr. We formalized the multivariant congruence problem, and gave out a series of hard problems, based on which the Schnorr signature scheme was proved CMA secure.3. The third aspect is about justification of symbol formal proof methods on authentication protocols. A soundness proof was given out for formal attacker ability description. We uniformly processed the key indexed hash functions and signature algorithms as Goldreich did, gave out a symbol formal system including only the two algorithms and concatenation operation, and proved the attacker closure set definiftion in the system sound. A hybrid model was given out where many operations can be expressed. The definition and deduction method in the hybrid model were shown by an example system including encryption, decryption and concatenation operations. A conclusion about disabilities of a practical protocol attacker was given out when the used encryption scheme had a strong security level.4. The fourth aspect is about authentication protocols analysis in special systems. We gave out the security analysis of AKE protocol and reauthentication protocol in the POD copy protection specification. We also gave out the security analysis of AKE protocols in DTCP specification. The reauthentication protocol in POD copy protectionspecification can not defend the protocol against a simplest replay attack. The AKE protocol in the specification has unwelcome security attributes on implementation. The AKE protocol in DTCP specification has the sender mismatching or receiver mismatching attributes, which can threat the integrity goal of DTCP system and may affect possible application scenarios.
|
PDF Full Text Request