| In recent years, Internet/Intranet network technology has been developed by leaps and bounds, and used widely in various fields such as military, political, economic, financial and so on. The current military construction is being transformed from mechanization to information, as the information technology front, the military technology must be outstanding in all the information fields, but because of the characteristics and demands of the military substratum, in recent years that it has gradually realized electronic office. And how to ensure the security of electronic transaction processing and information exchanging activity in military information networks is very crucial. So the digital certificate as an authoritative document used to validate identity in the Internet/Intranet also arises at the historic moment. The digital certificate uses the public key system, that is, using a pair of keys matching each other processes digital information by encryption, decryption, signature, validation, ensure that the information is exclusivity and security.At present, the digital certificate usually adopts the RSA public key system, RSA digital certificate has been widely used in the electronic commerce field. However, the security requirements of networks are improving along with the network development, RSA is already difficult to meet the demand for the developing need of the network security. Compared with RSA, ECC based on more difficult mathematical problems, namely, have higher security. In addition, there are so many advantages such as small calculating load, fast processing speed, lower key length, less bandwidth to be taken up etc, which are especially suitable for the conditions such as limited computing power,limited integrated circuit space, limited broadband, and requirements of high-speed realization, especially for military information networks of which equipments are relatively backward, safety performance requirements are higher and network environment distributed widely. Designing a CA certification system based on Elliptic Curve CryptoGraphy, to solve the security authentication of two communication sides in the military document circulation process, the confidentiality and integrity of data transmission, the non-repudiation of operation, and the identity authentication of the access control mechanism on network resources, thereby provides more robust security technical safeguard for the electronic military affairs.The author's main research works are as follows:Firstly, research and analysis of PKI/CA certification system and cryptographic techniques which the PKI/CA certification requires based on ECC, focusing on mathematical principles, its applications and its safety performance analysis of Elliptic Curve Cryptosystem, in order to provide the theory of implementing a PKI/CA authentication system based on ECC for a certain aviation division's information networks.Secondly, based on ECC, design a CA authentication system for a certain aviation division information networks. Firstly build overall design model, then detail related modules function and interaction process of the user terminal and server-side of the system.Finally, building the development environment, use OpenSSL toolkit to realize the pivotal techniques of the main modules. And compared with RSA, assess its performance. |
PDF Full Text Request