| The traditional X.509 public key infrastructure(PKI)has been widely used in various aspects of computer networks.As a security enhancement scheme for PKI,Certificate Transparency Technology Scheme(CT)was proposed by Google’s technical team in 2013 and has been successfully deployed in real network environments.This thesis focuses on the extended applications of CT,proposing new solutions for the problems existing in the certificate revocation,one of the important technical links in PKI applications,and the performance overhead of client public key calculation in elliptic curve cryptography(ECC),which is widely used in certificates.When using a certificate revocation list(CRL)for certificate revocation,the revocation of a certificate issued by a Certificate Authority(CA)may cause a large number of terminal certificates that have been issued and have no security issues to fail the verification.When verifying a certificate using a PKI client(such as a browser),the SCT(Signed Certificate Timestamp)field of CT can be used to compare with the time node when the CA certificate is suspected of security issues,to judge whether the terminal certificate also has security issues and to accept the terminal certificate that has no security issues.This thesis proposes an improved CRL certificate revocation scheme,which uses the components in certificate transparency to skillfully solve the problem,making terminal certificates that previously had no security issues but could not be verified become verifiable through PKI clients;When using ECC public key for signature verification and key agreement,the public key calculation involves complex scalar multiplication,which requires the use of algorithms such as w-NAF to improve the performance of elliptic curve public key operations.The prerequisite for using the w-NAF algorithm is to calculate the corresponding pre calculation table for the base point.For unknown point multiplication of ECC public key operations,it is necessary for the client to generate a pre calculation table online,which is difficult for some client devices with limited computing resources to bear.This thesis proposes a new efficient certificate scheme,PEPEC(Pre Computed ECC Point Embedding Certificate),which integrates w-NAF into CT and utilizes a CT log server to ensure the correctness of the pre computed table.By using PEPEC certificates,clients can improve the performance of public key operations by more than 10%,and PEPEC certificates are compatible with existing standardized PKI systems.Clients can choose the optimal window size of the w-NAF algorithm based on the current status of computing resources to improve the performance of public key operations. |
PDF Full Text Request