【作者】 李洪伟；

【导师】 孙世新；

【作者基本信息】 电子科技大学 ， 计算机软件与理论， 2008， 博士

【摘要】 公钥密码系统面临的挑战不仅包括寻找和实现安全算法,还包括建立支持公钥认证的基础设施。在传统的公钥基础设施PKI中,证书用来保证公钥和身份之间的联系,实现公钥的认证。但是,PKI在实践中面临很多挑战,例如可扩展性和证书的管理。为了解决PKI的这些问题,Shamir在1985年提出了基于身份的密码体制(IBC)。在IBC中,公钥直接从用户唯一可标识的身份信息中获得,例如用户的姓名或者email地址等,公钥的认证不再需要证书。IBC是解决公钥认证的另外一种有效方法,和传统PKI相比,IBC在密钥管理上有很大的优势。Shamir在提出IBC概念的同时构造了第一个基于身份的签名方案,但是在基于身份加密方面的研究工作一直都没有多大的进展,直到2001年,Boneh与Franklin首次利用Weil对提出了一个实用安全的基于身份加密方案,使基于身份的公钥密码重新成为一个研究热点,许多基于身份的密码系统相继提出。然而,在IBC中还存在一些有待解决的公开问题,如密钥托管、密钥撤销、密钥进化、安全模型等问题。研究和解决这些问题对IBC无论在理论上还是实践中都具有重要的意义。本文针对IBC中存在的问题进行了深入的研究,提出了一些有效的解决方案,得到了一些研究成果。本论文的主要研究工作如下:1.研究了基于身份的认证协议。提出了一种基于身份的无线局域网认证协议,并阐述了协议实现的硬件环境和流程。2.提出了一个改进的基于身份的加密算法IIBE。该算法的设计思想介于传统公钥加密和基于身份的公钥加密之间。与传统的公钥加密相比,该算法不需要公钥证书,免去了对证书的管理;与基于身份的公钥加密相比,该算法解决了密钥托管和密钥撤销问题。IIBE用椭圆曲线上的双线性映射构造,其安全性基于BilinearDiffie-Hellman问题的计算困难性假设。在Random Oracle下,该算法具有自适应选择密文的语义安全性。3.研究了基于身份的密钥进化算法。首先提出了基于身份的前向安全加密算法IBE-FS,该算法中,第t时间周期的密钥泄漏,第t′(t′＜t)时间周期的密钥依然安全,并证明了算法的安全性,在仿真实验中分析了算法的性能。进一步提出了一个基于身份的抗入侵加密算法IBE-IR,该算法在前向安全的基础上,增加一个帮助设备,密钥的进化由帮助设备和用户共同完成,实现了密钥的前向安全性和后向安全性,在帮助设备密钥泄漏的前提下,依然保证密钥的前向安全性。与Dodis方案比较,在取得相同密钥安全性的情况下,部分算法计算复杂度却降低到O(1)。仿真实验表明,IBE-IR比Dodis方案更高效。4.在网格环境中研究基于身份的密码算法。首先提出了基于身份的网格体系结构IBAG,该结构不需要数字证书。接着给出了IBAG中基于身份的加密算法IBE和签名算法IBS,证明了IBE的安全性,通过仿真实验分析了IBE和IBS的性能。然后提出了IBAG中基于身份的认证协议IBAP,该协议以基于身份的网格体系结构为基础,嵌入了IBE与IBS。仿真实验表明,IBAP比SAP更轻量、更高效,特别是用户端的负担大大减轻,有助于网格规模的扩大。最后提出了一种GSI的改进方案,该方案对GSI的3组协议进行了改进。仿真实验表明,改进方案比GSI更高效。更多还原

【Abstract】 The challenge today in developing secure systems based on public key cryptography is not only choosing appropriately secure algorithms and implementing, but also developing an infrastructure to support the authenticity of a user’s public key. In the traditional public key infrastructure (PKI), certificates are used to provide an assurance of the relationship between public keys and the identities that hold the corresponding private keys. However, PKI faces many challenges in practice, such as the scalability of the infrastructure and certificate management. To address the shortcomings of PKI, Shamir proposed the notion of identity-based cryptography (IBC) in 1985. In IBC, the public keys are derived from the users’identities, such as a username or an e-mail address. The certificate is not required to authenticate the public keys of users. IBC is another valid way to authenticate the user’s public key. Compared with PKI, IBC has advantages in key management. Shamir proposed the first identity-based signature scheme when he introduced the notion of IBC. But the research on identity-based encryption has less progress. Until 2001, Boneh and Franklin proposed a practical and secure identity-based encryption using Weil pairing, which makes the IBC become a research hot point again. Since then, many identity-based cryptosystems have been proposed. However, IBC still has some open problems such as key escrow, key revocation, key evolving, security model and so on. It is important to research and solve these problems not only on theory but also on practice. This paper focuses on these problems, proposes some valid schemes and gets some research results. The main researches in the paper are as follows:1. Developing identity-based authentication protocols. An identity-based authentication protocol for Wireless local area network (WLAN) is proposed. And the hardware environment and process for protocol are described.2. Proposing an improved identity-based encryption (IIBE). This algorithm integrates traditional public key encryption and identity-based encryption. Compared with the former, it needn’t certificates and certificates management. And compared with the latter, it solves the problems of key escrow and revocation. IIBE is constructed by bilinear pairing on elliptic cures and its security can be reduced to the computational Bilinear Diffie-Hellman assumption. IIBE has adaptively chosen ciphertext security in the random oracle model.3. Developing identity-based key evolving algorithms. On one hand, identity-based encryption with forward security (IBE-FS) is proposed. Any prior time period keys are still secure even if current time period key is exposed. In the random oracle model, IBE-FS is proved to be secure. Simulation results show that IBE-FS is efficient. On the other hand, identity-based encryption with intrusion resilient (IBE-IR) is presented. Key updating being implemented by base and user, IBE-IR achieves key forward and backward security. Furthermore, key forward security is achieved even though base is exposed. As compared with Dodis’s scheme, IBE-IR can achieve the same key security, but the algorithm complexity is obviously reduced. Through simulation testing, it is shown that the proposed scheme is more efficient than Dodis’s scheme.4. Developing identity-based cryptography in grid. First of all, without certificates, identity-based architecture for grid (IBAG) is proposed. Secondly, identity-based encryption (IBE) and identity-based signature (IBS) are presented. IBE is proved to be secure. IBE and IBS is analyzed in simulation testing. Thirdly, Based on IBAG, IBE and IBS, an identity-based authentication protocol (IBAP) is proposed. Through simulation testing, it is shown that the authentication protocol is more lightweight and efficient than SSL authentication protocol SAP, specially the more lightweight user side. This contributes to the larger grid scalability. In the end, an improved scheme is proposed with regard to grid security infrastructure (GSI). The scheme improves the three protocols of GSI. Through simulation experiment, it is shown that the improved scheme is more efficient than GSI.更多还原