【作者】 张宏；

【导师】 刘晓霞；

【作者基本信息】 西北大学 ， 计算机软件与理论， 2008， 硕士

【摘要】 网络安全是信息系统的一个重要研究方向,而身份认证技术是保护网络信息资源安全的第一道大门,在安全系统中的地位极其重要。公钥基础设施PKI作为一种认证技术的安全设施,能够在开放网络环境下提供身份认证与鉴别,并能保证信息的机密性、完整性及抗否认性,目前已经成为网络信息安全认证领域中的主流技术。本文围绕一个PKI认证中心的设计和开发,对实现安全、可靠、可扩展的系统所涉及的关键理论—公钥密码体制和数字证书进行了研究,主要的工作有:(1)阐述了PKI的相关技术。对PKI的组成和标准、PKI的核心组成部分—CA的结构以及PKl的基本元素数字证书进行了详细分析。(2)研究了公钥密码体制的算法。在对密码技术分析的基础上,从对称密钥体制和公钥密码体制入手,对公钥密码体制中基于不同难题的RSA算法、DSA算法和ECC算法进行了深入地剖析和比较研究。(3)实现了3个非对称密码算法。RSA算法中给出了一种安全大素数生成的方法,并采用了Montgomery算法提高模密运算速度的方法,DSA算法中采用了在验证过程消除逆元运算的方法,在此基础上,实现了改进的RSA算法、改进的DSA算法和ECC算法。(4)设计实现了数字认证中心系统。该系统将上述算法(RSA算法、DSA算法和ECC算法)应用在认证的加密和签名过程中,并可为用户签发两种类型的证书,完整的实现了证书颁发、证书撤销、证书查询和证书更新等主要功能。本课题来源于陕西省自然科学基金(2006F50)和航空科学基金项目(06ZC31001)。更多还原

【Abstract】 Network security is an important field of study in information systems, while identity authentication technique, as the gateway to network information resources, dominates a significant position in the protection of network information resources. As an identity authentication technique, PKI can authenticate the identity in the open network environment, and at the same while protect the confidentiality, integrity, and non-repudiation of information. At present, PKI has already become the mainstream technique in net information security protection.Based on the design and development of a PKI certificate authority, this paper attentively focuses on the related key theoretical issues, namely public key cryptosystem and digital certificate, which of a safe, reliable and scalable system. The main work is as follows:(1) Expounding the related techniques of PKI——PKI’s components and standards as well as its core CA structure and digital certificate.(2) Studying the algorithm of the public key cryptosystem. Based on the analysis of cryptography, this paper offers an in depth analysis and comparative study on the algorithms of RSA, DSA and ECC from the perspective of symmetric cryptosystem and public key cryptosystem.(3) Implementing three asymmetrical crypto-algorithms. In the algorithm, RSA offers a method to generate the great prime number and a method to improve the modular multiplication speed by employing the algorithm of Montgomery. In DSA, the method of offsetting seeking inversion in validation is employed, based on which improvement in RSA, DSA and ECC algorithms during programming.(4) Designing and implementing the digital certificate authority. The system uses the above algorithms (RSA algorithm, DSA algorithm and ECC algorithm) in encryption and signature and meanwhile issues two certificates for the users, perfectly making it feasible to issue, revoke, inquire and upgrade certificates etc.This paper is supported by Shaanxi Narural Science Funds (2006F50) and Aviation Science Funds (06ZC31001).更多还原