| With the development of Internet in our country, network is widely used, much data needs to be translated from Internet, in order to build a safe networks architecture, CA(Certification Authority) is used in much fields such as e-commerce, e-government, military communication etc. for guarantee the validity and reliability of data. Thereby it can provides the security foundation for the using of other cryptography technology, which can guarantee to the confidentiality, authenticity, integrality, non-repudiation and prevent from being cheated for network transmission.Key agreement is one of the fundamental cryptographic primitive after encryption and digital signature. Such protocols allow two or more parties to exchange information, certificate other's identity among themselves over an adversarially controlled insecure network and agree upon a common session key, which may be used for later secure communication among the parties. Because session key is agreed on between both parties, the impartiality of generating session key can be guaranteed. Meanwhile, both parties possess the same session key, so they can make use of very efficient symmetrical cryptosystem to encrypt data which will be transmitted. Further more, since session key is always different every time, it can ensure one-time pad when transmitting data and provide perfect security for session content. On the other hand, it can also prevent some attacks, such as replay attack and impersonation attack. Thus, secure key agreement protocols serve as basic building block for communicating securely between each party.In this paper, the principle and objective of the protocol design are being researched, furthermore the appropriate key agreement protocol for CA system is chosen and programmed. Main works are as follow.Firstly, the paper gives a brief introduction to key agreement protocol about its background, current research, basic concepts and working flow.Secondly, the security design principle and objective of key agreement protocol are introduced as well as the precondition and hypothesis of attacks to these protocols; the algorithm and technology of classical cryptography such as RSA, AES, Hash algorithm and Digital Envelope are analyzed.Thirdly, in this paper, Helsinki protocol improved by Mitchell-Yeun is chosen and a algrithom of extendind key length is proposed which can generate a key with arbitrary length. Finally, realized in Windows after studying deeply the design principle, objective of protocol and implementation requirements of CA system, furthermore, some security measures are used to protect sensitive information when realize this protocol. The result of experiment show that this improved protocol and extending algorithm can achieve the CA system's goals. |
PDF Full Text Request