Elliptic Curve Digital Signature Algorithm With Keyed-Hash Message Authentication Code

With the rapid development of digital information and extensive application of computer, people pay more attention to the security of the information in networks. Hackers intrude a computer system by exploiting some security vulnerability. They can do some activities without authorization such as acquiring the control authority of the system, attacking the system, hiding their tracks, opening back door. The most efficient method is tampering with files such as putting their monitoring program into the system, replacing the key file, compiling trusted file.File integrity checking is one of the most efficient means of protecting the files of the objective computer. The common method of file integrity checking is comparing the later hash value of the file with the original of the file by using a hash function, which make sure whether the contents or attributes of a file has changed. At present, there are some hash algorithms such as MD5, SHA-1. It becomes urgent to produce a new securer algorithm because of the explanation ofMD5 and SHA-1.Although ECDSA has been used to implement identity authentication, this thesis adopts it as a kind of resolution to check file integrity. SHA-1 is the hash function of ECDSA. For SHA-1 has been explained, the security of SHA-1 isn't trusted. Because guessing the key is very difficult, HMAC is securer than SHA-1 to a certain extent.The improved ECDSA which is called HMAC-ECDSA adopts HMAC to compute the hash value rather than SHA-1. Then it is applied to file integrity checking. The contents of the thesis are as follows:1) The current situations and the development trend of the elliptic curve cryptography are introduced. The security of ECDSA is analyzed in detail based on ECC and the security of ECDLP.2) HMAC-ECDSA is put forward and the implementation of the algorithm is described in detail. The thesis uses VC++6.0 to implement HMAC-ECDSA, since VC++6.0 has several advantages such as performing an important computing function, designing a better interface and compatibility. A file signature-verification system which based on HMAC-ECDSA is designed and realized. The file signature-verification system has four function blocks such as the production of key pairs, signing a file, verifying the signature and HMAC. The file integrity is not only checked by verifying the signature but also by computing the HMAC value of the file.3) HMAC-ECDSA is proved to be effective in implementing file's security by the theory of cryptography, program design and the high resistibility prove to attacks. HMAC compute the hash value of a file using a given key and the usability of this verification is instantaneous. Because the implanted hash function of HMAC is implemented as an individual function block, this block could be replaced easily according to the security request. The high capability of withstanding attacks of HMAC-ECDSA algorithm is proved by using modular arithmetic.In a word, HMAC-ECDSA in this thesis has high security, it is capable to withstand several attacks such as negational attack, forgery attack and birthday attack. The function blocks adopt VC++6.0 in the thesis so that function blocks have some characteristics such as expandability, reusability, independence. The file signature-verification system is characterized by high security and easy operation.