Research On Certificate Authority Private Key Protection

Posted on:2007-02-08

Degree:Master

Type:Thesis

Country:China

Candidate:Q L Du

Full Text:PDF

GTID:2178360185986282

Subject:Computer software and theory

Abstract/Summary:

PDF Full Text Request

With the popularization of electronic business and electronic government, users' security requirement for these information services becomes higher and higher. PKI (Public Key Infrastructure) provides an effective method to validate the authorized identity for this requirement. It bases on the core component-Certificate Authority which issues digital certificates with its private key for users. Thus, the private key of CA becomes the security basis of PKI and safeguarding the private key of CA becomes the most important one of all emphases. Generally, the private key can be stored in an authentic server. However, this scheme is less secure when the server is attacked. In that case the private key of CA may be leaked and the electronic operation will terminates.In order to improve the security of the CA private key and meet the safety requirement of electronic business, electronic government and other information services, this paper designs and implements intrusion-tolerant Certificate Authority Private Key Protect System which is based on secret sharing. The main work and innovation are as follows:Firstly, based upon analysis and search on secret sharing and intrusion tolerance, this paper designs the whole structure of the system. Secondly, because the system is vulnerable in the process of key producing and signing, we apply a distributed RSA algorithm to the key producing process and adopt a structure of two-level secret shares storing the private key to improve its security. Thirdly, the paper designs and implements the core components and related classes. Finally we analyze and demonstrate the subsystems' impacts on the security of whole system in the process of key producing, key distributing and signing. The results indicate the system in this paper is provided with higher safety resilience. Even if some servers of the system are compromised, the private key of Certificate Authority will not leak and the system will continue to offer normal signature service for users, which achieves tolerance intrusion.

Keywords/Search Tags:

Certificate Authority, Secret Sharing, Intrusion Tolerance

PDF Full Text Request

Related items

1	Research Of Intrusion Tolerance Technology And Implementation Of An Intrusion Tolerated CA System
2	The Correlation Technology Research Of Certificate Authority Based On Public Key Infrastructure
3	Research On The Certificate Authority System With Intrusion Tolerance Based On Threshold And XTR
4	Research And Design Of Certificate Authority Based On Intrusion Tolerance
5	Research On The Certificate Authority System With Intrusion Tolerance Based On Threshold And Xtr
6	Theory And Approaches For Intrusion Tolerance
7	Theory And Methods Of Intrusion Tolerance: Research And Applications
8	Research And Implementation Of PKI Trust Model And Certificate Authority Based On Intrusion Tolerance
9	Research On Several Problems Of Secret Sharing
10	Architecture For Distributed Database Security Based Of Intrusion-tolerance