Font Size: a A A

Research On The Combination Of Identity-Based Cryptographic Techniques And Public Key Infrastructure

Posted on:2010-11-27Degree:MasterType:Thesis
Country:ChinaCandidate:B YangFull Text:PDF
GTID:2178360278980834Subject:Computer application technology
Abstract/Summary:PDF Full Text Request
X.509 certificate based Public Key Infrastructure (PKI) provides the most effective solution to communication security problems in a cosmically distributing open network environment. However, the use of certificates is so complex that it brings too much inconvenience to the users. At the same time, it is a ponderous burden for the system to manage so many certificates. As a result, the usage and management of PKI should be simplified. Since user's identity can be directly used as its public key in the Identity-Based Cryptography (IBC), the authentication of public key is no longer based on certificate, and then simplified the usage and management of secret key. There are some advantages such as no catalog, convenience for use, easy to maintain, and so on. Whereas, as the user's private key can be produced by trusted third party, then there exists key mandatory problem, so IBC is not applicable to use in cosmically open network environment. On condition that we can combine IBC and PKI to exert their own technology advantages, then not only predigests the management and usage of secret key but also develops the application environment of public key, hence, will gain momentous significance theoretically and practically. However, IBC and PKI are two different public key manage and use pattern, how to combine IBC and PKI and which pivotal questions should be solve then become a significant content of the task. Due to these questions, this article carries out a deeply research, the main assignments are as follows:First, we present the combine application scheme of IBC and PKI. In our combine application scheme, we divide users into different groups in an IBC region format. PKI distributes a region certificate for each IBC region. Users in region provide Identity-Based cryptogram service using IBC; users between regions get Identity-Based cryptogram service via the share of IBC system parameters. When the first time users want to get outer region IBC system parameter and need to do authentication between regions, we can authenticate via region certificate and communicate between regions in a secure manner. This combine apply mode effectively exerts advantages of IBC and PKI: users make use of the Identity-Based cryptogram service directly, then need not deal with the complex process related to certificate; PKI only manage few IBC region certificate who's state is stable so that release the management burden; region certificate contact each independent IBC region to make a bigger IBC application environment, and ensure security for authentication between regions. According to this scheme, we design a combine application model of IBC and PKI in this article, and make analysis of the model.Second, we project the secret key real-time repeal scheme of IBC. Aiming at the secret key real-time repeal question existing in IBC system, we project the mediation-based IBC region, and make use of it in the combine application scheme in order to achieve the real-time repeal of user secret key. In allusion to the mediation-based IBC region structure proposed in this article, we design the encryption and signature scheme, which consists of the mediated identity-based encrypt (M_IBE) and the mediated identity-based signature (M_IBS). We validate security of the scheme mentioned above under the ROM model, and find that the proposed scheme is innovative in practice.Third, we project the inter-region authentication protocol for users firstly share system parameters between different regions. Though this protocol can help users realize authentication via certificate, the users don't operate on certificate, and the process is simply and easy to implement. In the end we use BAN logic to do formalize analysis and validate of the protocol, and show that the protocol can reach the final authentication goal.Forth, we achieve an archetypal system and test it in order to validate the feasibility of combine application. The result shows that the combine application scheme can reach the anticipant goal and fulfill the cryptogram service function, so the combine application scheme is feasible.
Keywords/Search Tags:Public Key Infrastructure, Identity-Based Cryptography, Combination operation, Mediated Identity Based Encrypt, Mediated Identity Based Signature, Authenticate, Protocol
PDF Full Text Request
Related items