| Access control is the process of judging whether a user is a legitimate user.The most common access control scheme is that the system checks the user name and password entered by the user.Complex access control methods use more complicated encryption algorithms and protocols,by requiring users to present more information(such as private keys)to prove their own permissions.A basic application mode of the unified authority control mechanism is the unified authentication mode,which is a service usage mode with a unified authority control service as the core.The thesis mainly studies the certificateless encryption scheme and the Kerberos authentication protocol.By systematically studying the certificateless encryption scheme,a new certificateless encryption scheme is proposed and applied to the Kerberos authentication protocol to improve the original Kerberos authentication.The thesis proposes an improved Kerberos protocol under the assumption that the key management center is not trusted.Finally,this protocol is applied to the unified permission platform.The specific content includes the following three points:(1)In order to solve the problem of key distribution and key management in the original version of Kerberos,a new certificateless encryption scheme is proposed in this thesis.The scheme is based on the elliptic curve cryptosystem and the certificateless cryptography.As compared with the symmetric cryptography system,the algorithm does not need to share keys in the establishment stage.In addition,we assume that KGC is not trusted.Thus the KGC can not get any information about entities' private keys.Therefore,the key distribution and key escrow problems are solved.Meanwhile,the protocol does not transmit any information about the entities' private keys,which avoids the attack on the key.(2)Aiming at the problem of user identity authentication and authorization in the existing unified authority platform,the thesis proposes a new certificateless Kerberos protocol,which separates the user's authorization from the authentication.Users get the identity authentication on the authentication server and the ticket granting server,get the authorization in the application server.As a result,it is reduced the computing burden and storage burden of the application server.The scheme also has scalability and is very friendly to systems that need to add new entities frequently.(3)In order to verify the feasibility of our protocol,the thesis applies the above certificateless Kerberos protocol in the unified authority platform experiment.Based on the security of the certificateless cryptographic system and the idea of Kerberos protocol,the scheme improves the transmission security and key security.It also realizes the functions of unified identity authentication and authorization,single point of login and access control. |
PDF Full Text Request