Research And Design Of Certificate Authority Based On Intrusion Tolerance

With the rapid development of the Internet technology and electronic business, the changes of people's lives and working have been taken place, which bring the huge economic benefi. At the same time, a lot of hidden trouble of safety has brought. So, safety service is becoming a basic service of Internet and electronic business. PKI was put forward to provide secutity service such as authentication, integrality, confidentiality and so on.It has quite sacle and application foreground. The kernel component of PKI is Certification Authority (CA), CA is of the hotsports of current security researches on network, and its implementation is of significant practical value and social value.The private key of CA is the core of CA safety. It is the foundation of entire CA field safety that protection private key do not reveal. When the private key of a CA is compromised, all the certificates by that CA should be revoked. Generally speaking, CA must be an on line network equipment and especially faces directly CA of user in order to offer corresponding certificate service voluntarily. Keeping the private key secret while providing service on line is very important for a CA. So it is necessary to study and develop intrusion tolerance system (ITS).Intrusion Tolerance is the concept of "The Generation Security(3GS)" presented by DARPA,USA.It aims to help the system to maintion integrity confidentiality and availability of critical information,data and critical services when the system is heavily attacked.Because threshold cryptography can generate,store and issue key safely.The system based on threshold cryptography can protect secret information used in encryption and signature when some components of the system are broken.Therefore,threshold cryptography can provide efficient techniques for building intrusion tolerance system.Firstly the paper introduces the conception, principle, component and providing kernel service of PKI and CA.Then, It explains conception, application area, class and implement method, RSA algorithm and threshold cryptography system of intrusion tolerance technology.Secondly, On the background of RSA, taking threshold aryptography as research objective and intrusion tolerance as application environment, using Langrange polynomial, Shamir secret sharing schemes and improvement threshold RSA signature schemes and so on, the pape provids a threshold RSA signature schemes. Then the thesis uses this scheme to design CA of intrusion tolerance and design the system structure and function.At the same time, the paper points out the method of implement.It provides the method of key update and server measure moreover.Lastly, the pape research security, reliability, validity of threshold RSA signature schemes and the system capability.