The Correlation Technology Research Of Certificate Authority Based On Public Key Infrastructure

Nowadays, network techniques are applied more and more, and people pay more attention to the issue of network security. PKI (Public Key Infrastructure) can be used to resolve the information security problems. Digital certificate is the basic element of PKI, and all security operations are performed with respect to digital certificate. Therefore, it requires an organization trusted by all certificate-holders, called certificate authority, which is responsible for issuing and managing of digital certificates.This dissertation mainly focuses on designing secure CA schemes without trusted center by means of elliptical curve cryptography. The main contributions of this dissertation can be summarized as follows:(1) Signature schemes based on threshold secret sharing could be classified into two categories: (1) solutions with the assistance of a trusted party; (2) solutions without the assistance of a trusted party. Generally speaking, as an authority which can be trusted by all members doesn't exist, a threshold signature schemes without a trusted party appears more attractive. This dissertation improves a previously proposed (t, n) threshold signature scheme without a trusted party such that an external attacker can't cheat when generating signature. Meanwhile, it foils inner attacker's cheating behavior.(2) In traditional CA schemes, every share server's sub-secret key is generated by a trusted center. However, in many particular cases, an authority which can be trusted by all members doesn't exist. In this dissertation, based on a system architecture [21], we present a (t, n) threshold signature scheme without a trusted center based on ECC, and apply it to the CA scheme to ensure that invader can't gain the CA's private secret key as long as the number of compromised servers is less than a given threshold. Therefore, we achieve intrusion tolerance in our CA scheme. Hence, we design a PKI/CA system which is distributed and has redundant architecture.(3) The design of fault-tolerant distributed key distribution server avoids single point of failure inherent in the traditional centralized key distribution protocol. As key agreement is characterized by less communication and more efficient computational cost, a distributed conference key distribution scheme based on ECC is proposed in this dissertation. (4) We design an improved ECC based Digital Signature Algorithm, called T_ECDSA, by using java platform. Performance analysis shows that the digital signature algorithm T_ECDSA is efficient.