| Based on the research of PKI and Elliptic Curve Cryptography techniques, this paper proposes to use ECC in PKI system and implements a Certification Authority to apply, issue, verify, search and revoke ECC digital certificates. Meanwhile, for the advantages of ECC on high security and efficiency, ECC certificates have been used in every communication terminal to establish secure channels for communication. This way not only improves the security and efficiency of system, but also reduces consume of network resource.The main contributions of this dissertation include: Firstly, deeply research on underlying techniques of PKI system, emphatically analyze dissymmetrical public-key cryptography ECC and compare it with other cryptography techniques. Secondly, based on the aims and functions of this system, design the whole framework structure including five modules: client program, secure server, registration authority, certification authority and certificate/CRL repository. Each module uses its ECC certificate to set up the secure channels for network transmitting. Thirdly, according to the standards of digital certificates and ECC, design the data structures of ECC keys, PKCS#8 private key, PKCS#10 certification request, X.509 certificate and PKI message. Implement a Certification Authority Based on the Elliptic Curve Cryptography. Apply ECC certificates issued by CA to IPSec VPN for authentication by designing APIs. Finally, test both the prototype system and IPSec VPN based on ECC certificates, and also analyze the testing results.At present, ECC has been used more and more widely but the mature products of PKI for issuing and managing ECC certificates are quite few. The paper extends public key cryptography supported by PKI and adds elliptic curve cryptography to CA system. ECC certificates issued by CA are smaller and more efficient with the same strength compared with RSA certificates. They are more suitable for the development of future network security. |
PDF Full Text Request