基于无证书公钥密码的安全套接层协议及其实现

发布时间：2018-05-01 11:33

本文选题：基于身份加密 + 安全套接层　；参考：《南京理工大学》2017年硕士论文

【摘要】：信息化和广泛的互联网作为这个时代的重要特点越来越深刻地影响着人们的生产和生活。互联网的广泛使用也伴随着此起彼伏的网络安全事件。SSL协议作为保障互联网通信安全的及其重要的基础,在过去的二十年里已经发挥了重要的作用。众所周知,现行的SSL协议采用的基于证书的公钥密码系统存在证书管理繁难的缺点。基于无证书公钥密码体制,可以在使用方面具有很大的便利性,这为保障非典型互联网环境的移动自组织网络或车联网中的通信安全尤为重要。本文研究了将基于无证书的公钥密码方法用于SSL协议的扩展、实现和应用方面的问题,具体开展了以下工作:(1)对基于双线性对的身份的密码体制IBE以及无证书密码体制CL-PKC的原理进行了阐述,在此基础上详细陈述了基于PBC密码函数库实现CL-PKC相关计算的实现细节,并对实现的密码算法进行了详细的性能测试和分析比较;(2)利用CL-PKC对SSL协议进行扩展的主要任务是对SSL的握手过程进行修改,使得扩展后的SSL协议能够支持CL-PKC的密码体制,并在其他的方面兼容原有的SSL的协议。论文在实现了对SSL握手协议的扩展的基础上,详细阐述了在广泛使用的开源项目OpenSSL上实现上述协议的过程,并对相关实现后的测试及其结果进行了介绍。相关结果表明了增加了 CL-PKC公钥密码功能的SSL协议运行的正确性。(3)为了验证本文提出的CL-PKC-SSL协议及其基于OpenSSL的软件实现的正确性和有效性,也为解决自组织网络中安全文件传输应用需要,采用FTP文件传输作为示例应用,设计开发了支持CL-PKC-SSL协议的FTP服务器和客户端软件,并对软件运行的情况和结果进行了分析。相关结果表明所设计与开发的CL-PKC-SSL协议的正确性和有效性。论文最后对全文进行了总结,并对下一步以及进一步研究的问题进行了展望。
[Abstract]:As an important characteristic of this era, information technology and extensive Internet are more and more deeply affecting people's production and life. The widespread use of the Internet has been accompanied by successive network security incidents. SSL protocol as an important basis to ensure the security of Internet communications has played an important role in the past two decades. It is well known that the certificate-based public key cryptosystem used in the current SSL protocol is difficult to manage. Based on the certificate-free public key cryptosystem, it is very convenient to use it, which is very important for the security of mobile ad hoc network or vehicle network in atypical Internet environment. In this paper, we study the extension, implementation and application of SSL protocol based on certificate-free public key cryptography. The following work is carried out: (1) the principle of IBE based on bilinear pair identity and CL-PKC without certificate is expounded. On this basis, the details of the implementation of CL-PKC related calculation based on PBC cryptosystem library are described in detail. The main task of extending the SSL protocol with CL-PKC is to modify the handshake process of SSL, so that the extended SSL protocol can support the cryptosystem of CL-PKC. And in other ways compatible with the original SSL protocol. On the basis of the extension of SSL handshake protocol, this paper expatiates the process of implementing the above protocol on the widely used open source project OpenSSL, and introduces the test and results of the related implementation. The related results show that the SSL protocol, which adds the function of CL-PKC public key cryptography, is correct. In order to verify the correctness and validity of the proposed CL-PKC-SSL protocol and its software implementation based on OpenSSL. In order to solve the need of secure file transfer application in ad hoc network, FTP server and client software supporting CL-PKC-SSL protocol are designed and developed by using FTP file transfer as an example application, and the running situation and result of the software are analyzed. The results show that the CL-PKC-SSL protocol designed and developed is correct and effective. Finally, the paper summarizes the full text, and prospects for the next step and further research.
【学位授予单位】：南京理工大学
【学位级别】：硕士
【学位授予年份】：2017
【分类号】：TP393.08

【相似文献】