移动互联网中身份认证与信任传递机制的研究

发布时间：2018-01-24 14:38

本文关键词： 身份认证信任传递数字签名 PKI 移动通信　出处：《山东大学》2014年硕士论文　论文类型：学位论文

【摘要】：近年来,移动互联网发展迅速,手机终端已经不仅仅是人们通信的工具,它已经成为电子商务甚至是办公的不可或缺的工具。移动终端与PC端相比,其特点在于：移动性强、应用广泛、人们生活中随身携带,但其运算能力较差,使用人员能力水平差异较大。由于移动终端规模的迅速扩大,其面临的信息安全问题也日益突出。身份认证在互联网中越来越重要,目前在以PC端为主的传统互联网上,PKI技术已经广泛应用,但在移动互联网中,由于其移动终端的独特特点,PKI应用技术还很不成熟。本人参与了导师为某通信公司开发的“加密VoIP系统”项目,在其中负责身份认证系统的开发,在研发过程中,对移动互联网的身份认证技术和跨域的信任传递机制进行了研究,并将研究成果在该系统中实现应用。本论文的主要内容如下： 1)本文首先分析了目前主流的身份认证技术及其优缺点,包括静态口令认证、动态口令认证、生物识别认证和基于PKI技术体系的认证。并重点分析了PKI技术的特点及其在身份认证中的应用。 2)其次,本文分析研究了移动终端的应用特点,并研究了移动互联网PKI技术体系的实现特点,分析了RSA、ECC和SM2公钥算法的数字证书使用效率的不同、移动终端软件接口和PC端中的不同、移动终端对不同硬件数字证书载体的使用特点,并将上述内容在VoIP系统中给出了实现验证。 3)针对移动互联网终端数量巨大,地理分散,管理困难的特点,本文重点研究了在不同信任域的终端之间的跨域信任传递问题。通用的PKI跨域认证不适合在大范围的移动互联网环境下实施,我国提出了自主知识产权的TePA技术,本文重点研究了TePA技术和PKI体系的结合,给出了一个大型多域环境下的信任模型。 4)结合具体的“加密VoIP系统”的开发,本文给出了上述研究成果的实现,并对不同技术路线的效率进行了分析比较。最后,对本文工作进行了总结,分析了工作中的不足并指出了进一步工作的方向。
[Abstract]:In recent years, with the rapid development of mobile Internet, mobile terminal is not only a communication tool, it has become an indispensable tool for electronic commerce and even office. Its characteristics are: strong mobility, widely used, people carry with them in life, but their computing ability is poor, the level of personnel ability is different, because of the rapid expansion of mobile terminal scale. Identity authentication is becoming more and more important in the Internet. At present, PKI technology has been widely used in the traditional Internet based on PC, but in the mobile Internet. Because of the unique characteristics of its mobile terminal, PKI application technology is still immature. I participated in a communication company for the development of a "cryptographic VoIP system" project, which is responsible for the development of identity authentication system, in the process of research and development. In this paper, the authentication technology of mobile Internet and the trust transfer mechanism across domains are studied, and the research results are applied in the system. The main contents of this thesis are as follows: 1) this paper first analyzes the current mainstream identity authentication technology and its advantages and disadvantages, including static password authentication, dynamic password authentication. Biometric authentication and authentication based on PKI technology system are analyzed, and the characteristics of PKI technology and its application in identity authentication are analyzed. 2) secondly, this paper analyzes the application characteristics of mobile terminals, and studies the implementation characteristics of mobile Internet PKI technology system, and analyzes the RSA. The efficiency of ECC and SM2 public key algorithms is different, the software interface of mobile terminal is different from that of PC, and the characteristics of different hardware digital certificate carriers are also discussed. The above contents are verified in VoIP system. 3) aiming at the large number of mobile Internet terminals, geographical dispersion and difficult management. This paper focuses on the cross-domain trust transfer between terminals in different trust domains. General PKI cross-domain authentication is not suitable for implementation in a wide range of mobile Internet environments. In this paper, we focus on the combination of TePA technology and PKI system, and give a trust model in large multi-domain environment. 4) combined with the development of "encryption VoIP system", this paper gives the realization of the above research results, and analyzes and compares the efficiency of different technical routes. Finally, the work of this paper is summarized, the shortcomings of the work are analyzed and the direction of further work is pointed out.
【学位授予单位】：山东大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP309

【参考文献】