| In the face of a variety of threats and attacks in the Internet, the recipient of the information is necessary to authenticate the message he received. Message Authentication is aimed at checking the identity of the sender, verifying whether the message is damaged, modified, forged, replaced, or sent de-layingly in the course of transmission by third-party. There are two means to achieve Message Authentication: Manipulation Detection Code, which is often called Hash function, and Message Authentication Code. The security of Manipulation Detection Code such as MD5 and SHA series has been questioned by many cryptanalysts at present. The latter, which is often based on block cipher in its structure, is usually considered as safer because of adding a shared secret key between the two sides of communications.The MAC based on block cipher can be proved safe in theory, however the efficiency of most this MAC is much lower than MDC such as MD5 or the MAC based on keyed-MDC in practice. Using MAC can only authenticate the massage data integrity but the message source. Although utilizing Hash function and public-key codes can implement the message source authentication, it's not efficient.To solve the problems above, this dissertation proposed a Message Authenci-ton scheme based on block cipher and achieved the correspongding applications, with analysing the theory including block cipher and its operation mode and the structure of the Hash function based on block cipher. The main innovations in this paper are as follows:1. Proposed a parallel RC6-PMAC algorithm. Through the methords of dividing the message twice, increasing the register number of RC6 algorithm, embedding a secret block into the message to generate MAC by parallel operation, and so on, reduced the amount of calculation, enhanced the efficiency and security of the algorithm. 2. Repaired the shortcomings of the Needham-Schroeder Protocol. Improved the use of random number and its verification function in this protocol: using some confidential information that can identify the user identity uniquely in the application system as the independent variable of the random number verification function, this can not only verify whether the message is fresh, but also certify the message source; introducd the MAC which is gernerated by the message that includes a secret data string to implement the message data integrity and message source authentication.3. Designed and implemented a Message Authentication subsystem. On the basic of research above, in the process of realization: defined a message data-structure which added authentication information and encapsulated a encrypted IP address information for the two sides of communications such as the IP Head Domain of IPsec; defined the content and location functions of the secret data string, gave the chaotic order replacement and the inverse permutation rules; using VC++6.0 development tools, implemented the Message Authentication subsystem , which outputs 256 bits as the authentication code and is integrated into the "electronic document security protection system" software. Practice shows that the subsystem can quickly and effectively play its role of authentication message. |
PDF Full Text Request