Research And Develop Of IBE Private Key Generator

With the development and popularization of the Internet in recent years, moreand more people’s activities and behavior are associated with the network, more andmore data is sent and received over a network, or is stored directly on the network.Especially, since the emergence of cloud computing, the secure storage of the data isfacing a severe challenge. Recently, it was reported that the total server data of somelarge companies in our country such as Huawei is stolen by the United States. Sonowadays people pay more and more attention to the safety problems of theinformation. Also under such circumstances, Public Key Infrastructure based on RSApublic key algorithm gets a long-term development. But PKI still faces manyproblems such as certificate management, revocation and cross-certification and so on.To solve these problems, a new public key cryptosystem, the identity basedencryption system, is proposed.In the IBE system, users can finish encrypting if they know an identity andpublic parameter, they decrypt after obtaining the private key from a trusted thirdparty, which is Private Key Generator. PKG produces the private key by what iscalled a master key. After the private key is calculated, it will not be stored in PKG,for PKG only stores the master key. Thus it can be seen the very important thing inIBE system is whether PKG can store the master key safely and a private key can bedistributed to the correct users or not. And this paper is to propose a applicationprogram to develop a high-performance, high-security PKG.Firstly, this paper explains the whole architecture part of PKG, including thedesign and implementation of three module, they are private key generation server,cryptographic hardware and configuration management tool. And on the basis of theSSL protocols, it designs and implements a secure communication protocol based onC/S. Secondly, because IBE parameters are stored in cryptographic hardware, privatekey generation server is designed as a bridge between the key server and thecryptographic hardware, it receives requests from client and obtain public parametersand private key from cryptographic hardware, then it send these parameter to client.Thirdly, for security reason, after cryptographic hardware is designed on personal computer and compile through a cross compiler called arm-linux-gcc, it istransplanted into hardware finally. Then on the relevant theoretical basis of thebilinear mapping and elliptic curves, this paper completes the configurationoperations to public parameters of cryptographic hardware, the master key data andso on by the interaction between configuration management tool and cryptographichardware. Finally, in order to verify the correctness and feasibility of the program,here I test and analyze the PKG performance in the paper.Innovation and characteristics of this paper is that private key generator verifyidentity of user and calculate private key is separate, and the cryptographic hardwarewill be transplanted into hardware machine, while the master key used to calculate theprivate key can be divided and stored separately in different hardware machine afterthe division to relieve the harm caused by the master key leaks.