A Study Of Some Key-Techniques Of PKI And It's Application

Public Key Infrastructure (PKI) is a very important component of information security infras-tructure and a prevalent way to protect network. With the incessant development and application ofPKI, there already are perfect theory and model to support it. PKI is already playing an importantrole in electronic commerce and electronic official affairs.Public key cipher is the basement of PKI, its application may be making use of almost allcryptographic techniques and knowledge. Therefore PKI is opened structure, the improvements forto enhance the security and efficiency are endless until a discovery of a new secure system which canreplace it at all.PKI is the context and main clue of this dissertation, and then we study some key cryptographictopics of PKI. The aim of this dissertation is to expand applied range and to enhance the security ofPKI. The main contents and fruits of this thesis are outlined as follows:1. We deeply analyze RSA public key system from Shannon theory viewpoint, then we propose ainvariant set partition of RSA plain text and cipher text and we can get the mutual informationbetween plain text and cipher text. So we also suggest to choose safe-primes for RSA key pairs toavoid weak plain text in little invariant set. Although the proportion of weak plain text decreasesfor larger primes p and q, the fewest weak plain text should be the best choice.2. A common signcryption scheme and a semi-anonymous signcryption scheme based on XTRpublic key system are presented. The receiver don't know really ID of the sender until he (she)unsigncrypt message. They collects the advantages of XTR and signcryption, complexity ofcommunication and computation is obviously decreasing.3. We study block cipher-AES algorithm detailing. Firstly, we present an improved AES algorithmwhich cryptographic properties are same or better than original algorithm. Specially, the encryp-tion procedure and decryption procedure of new one are same, so it is of advantage to applicationof hardware; Secondly, we discuss the structure of AES and obtain three kinds of equivalent ci-phers of AES. We can get a conclusion: S box's affine transformation of AES cipher can beseparate from S box transformation.4."Fairy two-party protocol"is impossible in real world, so"Rational Protocol"and"Strong Ra-tional Protocol"definitions are proposed by game theory, and we bring forward a scheme todecide whether a protocol is rational. 5. We summarize the principles of designation of three-party protocol. Following them we designtwo protocol: a fair and non-repudiation signed-contract-cryptographic-protocol according to"non-repudiation Hanoi Tower game"and an efficient anonymous authentication and key agree-ment protocol.6. At last, we complete the designation and implementation of Digital ID Authentication System ofEducational Electronic Government Affair in Ministry of Education based J2EE software struc-ture and PKI. This system is under opened and loose coupling structure, so it has nicely extendedproperty and is seasoned with opened network environment. Otherwise, a novel authenticationand login scheme based VCS is used in RA subsystem of this system, it avoids the traditionalcryptography's disadvantages by adopting only two cryptography components-visual cryptogra-phy and MAC and doesn't reduce safety; Another is a new scheme of distributed managementcenter (DKMC), it enhances the security and reliability of this system and is suited for the trendthat one KMC will provide RSA key service for multi-CA.