轻量级的网络自信任传输机制研究与实现

发布时间：2018-06-10 00:53

本文选题：身份基密码学 + 公共计算　；参考：《国防科学技术大学》2014年硕士论文

【摘要】：随着电子政务、商务的兴起和发展,人类全面进入了互联网时代。网络中传输的数据不再是简单的文本信息,更多的包括账户、支付信息等,因此数据安全性显得尤为突出。但传统的安全网络传输协议,存在密钥分发开销大、发起连接延迟长、交互状态转换多和协议格式定义杂等诸多缺点。而最近提出的基于自验证标识的可信安全网络通信协议,不兼容当前网络通信的基础,即TCP/IP网络体系结构,存在部署困难的缺点。本文针对所指出的问题,对可信安全的网络传输协议以及密钥协商算法展开了深入研究。本文主要的工作和贡献如下:一、一种有效且可扩展的身份基密钥协商算法设计作为安全网络传输的前提和基础,密钥协商算法具有重要作用。本文针对所采用的身份基密码学的技术特点,重点关注了身份基密钥协商算法的研究进展,将身份基密码学中跨域的类型进行划分,并提出了在这两种多域条件下均适用的密钥协商算法。另外,本文首次将公共计算的概念引入身份基密钥协商算法,使得本算法可以大幅降低终端设备的计算负载,明显优于其他同类算法。本文还从理论上证明了所设计的算法满足密钥协商算法所应满足的所有安全特性。二、一种可增量部署的自信任轻量级网络传输协议设计针对传统安全网络传输协议中,用户的身份与其公钥信息需要证书绑定的问题。本文通过采用身份基密码学技术,直接将用户的IP地址作为公钥,无需依赖可信第三方颁发证书来认证,使得协议具有自信任的优点。也正是无需证书,减少了互相传递和认证证书的通信和计算开销。本文还结合具体应用场景,通过采用双线性对等数学工具,使得通信双方甚至无需任何交互,直接计算出可信的会话密钥,达到了接近IP协议的轻量级优点。另外,本文依然采用传统的IP地址作为通信地址,因此兼容现有的TCP/IP网络体系结构。特别地,本文还将最近又得到关注的机会加密思想引入协议设计中,使得协议具备可增量部署特性。该特性有利于协议的推广和使用,是目前多数其他同类安全协议所不具备的。三、自信任轻量级网络传输协议的实现与测试本文首先阐述了协议实现时可以采用的两种技术路线,并分别分析了两种技术路线各自存在的优缺点。在根据当前的研究阶段以及综合考量开发难度而选择了技术路线之后,本文进一步介绍了协议实现中所涉及的关键技术和具体实现。最后,本文通过功能和性能测试,说明所实现的协议达到了设计目标。
[Abstract]:With the rise and development of e-commerce and commerce, human beings have entered the age of the Internet. The data transmitted in the network are no longer simple text information, more including accounts and payment information. Therefore, the security of data is particularly prominent. However, the traditional security network transmission protocol has large key distribution overhead and initiation of connection delay. Many shortcomings such as long, interactive state conversion and protocol format definition, and the recent proposed self verifying identification based trusted security network communication protocol is incompatible with the base of current network communication, that is, TCP/IP network architecture, and there is a shortcoming of deployment difficulties. The main work and contributions of this paper are as follows: first, an efficient and extensible identity based key negotiation algorithm is the premise and foundation of secure network transmission. The key negotiation algorithm plays an important role. This paper focuses on the technical characteristics of the identity based cryptography. The research progress of the identity based key agreement algorithm is made, the types of cross domain in the identity based cryptography are divided, and the key negotiation algorithm is proposed under these two multi domain conditions. In addition, this paper introduces the concept of public computing to the identity based key agreement algorithm for the first time, so that this algorithm can greatly reduce the computing of terminal devices. The load is obviously better than the other similar algorithms. This paper also theoretically proves that the proposed algorithm satisfies all the security characteristics that the key agreement algorithm should meet. Two, a lightweight network transmission protocol designed for incremental deployment is designed for the traditional secure network transmission protocol, and the identity of the user and the public key information need a certificate. By using the technology of identity based cryptography, this paper directly uses the IP address of the user as a public key without relying on the credentials of trusted third parties to authenticate the protocol, which makes the protocol have the advantage of self confidence. It also reduces the communication and computing overhead of mutual transfer and authentication certificate without a certificate. This paper also combines the specific application field. In view, by using a bilinear peer to peer mathematical tool, the two parties can directly calculate a trusted session key without any interaction, and achieve a lightweight advantage near the IP protocol. In addition, this paper still uses the traditional IP address as a communication address, so it is compatible with the existing TCP/IP network architecture. In particular, this article will also be the most important. The opportunity encryption idea is introduced into the protocol design, which makes the protocol have an incremental deployment feature. This feature is beneficial to the promotion and use of the protocol, which is not available to most other similar security protocols. Three, the implementation and testing of the lightweight network transmission protocol with confidence, first of all, the protocol implementation can be described. Two technical routes are adopted and the advantages and disadvantages of each of the two technical routes are analyzed respectively. After selecting the technical route according to the current research stage and the difficulty of the comprehensive consideration of the development, this paper further introduces the key technologies and implements involved in the implementation of the protocol. Finally, this paper is tested through functional and performance testing. It shows that the protocol achieved has reached the design goal.
【学位授予单位】：国防科学技术大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08

【参考文献】