Research And Implementation Of End-To-End Authentication And Key Management

The 21st century witnesses the rapid development of network technology. In the same time, security issues in network are increasingly critical. As one kind of liable security model, end-to-end security mechanism can provide more security than other models which making it a hot topic for Internet and wireless networks. From the aspect of purpose, end-to-end security at least contains two parts: end-to-end authentication, end-to-end encryption.State-of-the-art end-to-end authentication schemes mainly adopt public key cryptosystem. In public key cryptosystem, each side of the communications has a pair of keys, which include a public key and a private key. Traditional public key cryptosystem relies on certicates systems. Certicates systems distribute public-key for every user. Certificate contains the identity of the user, public key, the period of validity, as well as the signature from authority (CA) for it. Only CA-signed certificates are valid, legitimate certificate. Therefore, CA, in the certificate-based public key system, plays a vital role which is responsible for the certificate issuing, updating, revocation and verification. However, the certificate management will consume large amounts of resource, because of huge number of certificates at the same time. More communication steps have been adopted in the two sides of communication for certificate authentication. End-to-end encryption schemes based on Public-key cryptosystem also have the same problem of relying on the CA.Based on the analysis of cryptographic algorithm which might be applicable to end-to-end security applications, this paper focuses on end-to-end authentication and end-to-end encryption key management. The main work has the following aspects: 1) Compare the characteristics of different cryptographic algorithms, analyze their applicababity to end-to-end security system; 2) Research on end-to-end authentication scheme with smart device and one-way hash function, which achieves high-performance, research on key distribution and agreement in security group communication in Identity-based cryptosystem; 3) Study and design public mobile network end-to-end encryption system and security protocols in public mobile network, implement key management center for public mobile network end-to-end encryption.