| With the rising popularity of the Internet on a global scale,the informationization has spread to all areas of daily life.Humans have officially gone into the information age,and depend on various information technologies increasingly.In the distributed network environment,only depending on the resources of one enterprise,traditional enterprise form is difficult to meet the market demand.Thus,novel enterprise cooperation forms are more and more mentioned.Those systems,such as,agile manufacturing,virtual enterprise and enterprise instant messaging,can help the enterprises,which may be dispersed geographically,be organized into a cooperative alliance to pool resources together.However,there exist various independent trust domains among different enterprises.In the process of network access,the request of accessing the shared resources comes from local trust domains,and from foreign trust domains as well.Therefore,when the users of local trust domains access foreign resources,or the users of foreign trust domains access local resources,the problem of heterogeneous cross-domain authenticated key agreement will occur.In addition,as the cloud computing becomes popular gradually,more and more sensitive data is stored on the third-party servers and shared through the Internet.Storing the data in the form of encryption has become an inevitable trend and selection.However,the user has no control of his/her data stored in the cloud server and lacks his/her confidence in the cloud service provider.The complex,dynamic and open cloud network,and the diversification of user demands make the traditional asymmetric cryptography not applicable in the cloud computing environment,which greatly hindered the further application and development of cloud computing.Based on the traditional asymmetric cryptography algorithms,the scholars need to design a better asymmetric cryptography to protect the integrity and confidentiality of data.Thus,attributed-based cryptography was introduced,which can be seemed as a generalization of identity based cryptography.On the one hand,the attributed-based cryptography enhances the descriptiveness of the identity of the users by expanding the concept of identity,which can be viewed as a series of attribute set.On the other hand,Combined with the concept of access structure,only under such condition,the user's attributes satisfy certain constraints or some kind of access structures,can the user make cryptography operations such as decryption or signature,which provides a new direction for access control of the encrypted data,and can realize the one-to-many communication.Attributed-based cryptography has become a hot research area in the field of cryptography.However,the current attributed-based encryption schemes cannot avoid the vulnerability caused by key cloning and key abuse.In this paper,we mainly study on the heterogeneous cross-domain authenticated key agreement protocol and the attributed-based encryption scheme which consists of many attribute authorities and can avoid the vulnerability caused by key compromise and key abuse.The research content is shown as follows:First of all,we look back on the theory and the basic knowledge of cryptography,including the theory of bilinear pairings,the difficulty problems and provable security theory.Then,the formalized definition of public key cryptosystems and security models are described in detail.Secondly,in the enterprise instant messaging system,aiming at the problem that the user and the resource of the PKI domain and the IBC domain cannot communicate with each other securely,a novel and detailed heterogeneous cross-domain authenticated key agreement scheme is proposed in this paper.This scheme uses the method of temporary identity and access authorization ticket to realize the function of identity authentication and key agreement,when the user of IBC domains accesses the resource of PKI domains.By establishing the indexed account on the resource side and the authentication server side,this scheme realizes the function of identity authentication and key agreement,when the user of PKI domains accesses the resource of IBC domains.Analysis shows that the proposed scheme can resist all kinds of known attacks by the means of empirical analysis.Finally,the existing attribute-based encryption schemes which can avoid the vulnerability caused by key cloning and key abuse all use the method of trator tracing through the trusted third party,which may do harm to the system's accessing strategy.In order to solve this problem,this paper puts forwards an attributed-based encryption scheme which consists of many attribute authorities and can resist key compromise and key abuse by introducing the identity authority and the security parameter of each attribute.Only under the condition,the user's attribute sets are the same as the attribute sets which is used to generate the user's secret key,can the user use this secret key to decrypt messages.Finally,the paper verifies the validity of the scheme and proves that the proposed scheme has the ciphertext indistinguishable under the chosen-ciphertext attacks in the random oracle model and the BDH assumption. |
PDF Full Text Request