可证安全的密钥隔离密码体制研究
发布时间:2018-10-12 11:55
【摘要】:伴随着信息技术的高速发展,信息安全日益成为阻碍信息技术被广泛应用于各个领域的核心问题。作为信息安全技术的重要组成部分,公钥密码学技术受到了前所未有的关注。当公钥密码系统被部署到不安全的环境如无线传感器网络或移动终端时,由于木马、病毒以及操作系统漏洞带来的密钥泄露问题也变得不可避免。由于公钥密码系统的安全性都依赖于密钥自身的安全,当密钥被泄露时,整个公钥密码系统的安全性也将被彻底破坏。在传统公钥密码体制中,可以通过撤销公钥的手段来缓解用户密钥泄露带来的损失。但在基于身份的公钥密码体制中,由于用户的公钥都是由用户的公开身份信息推导而来,难以采用撤销公钥的方法来解决密钥泄露问题。因此,如何有效解决基于身份的公钥密码系统中的密钥泄露问题成为了目前的研究热点。基于密钥进化思想提出的密钥隔离密码体制将密钥生存周期划分为多个不同的时间片,当其中某些时间片内的密钥泄露以后,其余时间片内的密钥仍然能保证安全,因而极大地降低了密钥泄露可能带来的危害。本文研究以可证安全为主线,对基于身份的密钥隔离密码体制设计与安全性分析进行了探讨,主要的创新点包括以下三个方面:1)本文提出了一个高效可证安全的基于身份的密钥隔离签密方案。在分析Chen等提出的基于身份的密钥隔离签密方案的基础上,本文提出了一个新的签密方案,解决了对自适应选择密文攻击不能提供不可区分性(Indistinguishability against Adaptive Chosen Ciphertext Attacks,IND-CCA2)保护和对自适应选择消息攻击无法提供不可伪造性(Existential Unforgeability against Adaptive Chose Message Attacks,EUF-CMA)保护的安全问题,并在标准模型下证明了本文提出方案的安全性。分析结果显示本文提出的方案在计算效率和密文长度等方面,优于已有标准模型下基于身份的签密方案。2)本文提出了一个椭圆曲线密码体制下的基于身份的密钥隔离签名方案。鉴于目前基于身份的密钥隔离签名方案均采用计算开销昂贵的双线性对来构造,为了降低计算开销,本文提出了一个利用椭圆曲线密码体制构造基于身份的密钥隔离签名方案。首先给出了形式化定义和安全模型,然后在随机预言机模型下构造了一个可证安全的基于身份的密钥隔离签名方案,最后通过将方案的安全性归约到离散对数难题上证明了其安全性。分析结果显示,本文提出的方案在运算效率上优于已有的其他方案。3)本文提出了一个椭圆曲线密码体制下的基于身份的密钥隔离认证密钥协商协议。鉴于目前已有基于身份的认证密钥协商协议均未提供后向安全性,为增强协议的安全性,本文提出了一个采用椭圆曲线密码体制的基于身份的密钥隔离认证密钥协商协议。分析结果表明,本文提出的协议不仅满足目前已知针对认证密钥协商协议的安全性要求,而且还提供了后向安全性。在本文的研究工作中还对Guo等提出的非交互式基于身份的层次认证密钥协商协议进行了分析,指出了协议中存在无法抵御叶子节点或中间节点攻击的不足,即只要成功攻击一个内部节点,那么节点的会话密钥就会被破坏。
[Abstract]:With the rapid development of information technology, information security has become a core problem that hinders information technology to be widely used in various fields. As an important part of information security technology, public-key cryptography has been paid more attention. when the public key cryptographic system is deployed to an unsafe environment such as a wireless sensor network or mobile terminal, the problem of key disclosure due to trojans, viruses, and operating system vulnerabilities also becomes inevitable. Since the security of the public key cryptographic system relies on the security of the key itself, the security of the entire public key cryptographic system will also be completely compromised when the key is compromised. In the traditional public key cryptosystem, the loss caused by the leakage of the user key can be relieved by the means of withdrawing the public key. However, in the identity-based public key cryptosystem, because the public key of the user is derived from the user's public identity information, it is difficult to solve the key leakage problem by adopting a method of revoking the public key. Therefore, how to effectively solve the key leakage problem in the identity-based public key cryptosystem has become the current research hotspot. according to the key isolation password system proposed by the key evolution thought, the key life cycle is divided into a plurality of different time slices, and when the key in certain time slices is leaked, the key in the remaining time slices can still guarantee the security, thereby greatly reducing the possible damage to the key leakage. This paper discusses the design and security analysis of identity-based key isolation password system based on the main line of certificate safety. The main innovation points include the following three aspects: 1) This paper puts forward a highly efficient and safe identity-based key isolation signature scheme. Based on the analysis of the identity-based key isolation scheme proposed by Chen et al., a new signcryption scheme is proposed in this paper. IND-CCA2 (IND-CCA2) protection and adaptive selection message attacks fail to provide security issues for the protection of non-forgery (EUF-CMA), and demonstrate the security of the proposed scheme under the standard model. The results show that the scheme proposed in this paper is superior to the identity-based signature scheme under the existing standard model in terms of computational efficiency and cipher text length. The paper proposes an identity-based key isolation signature scheme under an elliptic curve cryptosystem. In view of the current identity-based key isolation signature scheme, this paper constructs an identity-based key isolation signature scheme using elliptic curve cryptosystem in order to reduce computational overhead. First, a formal definition and security model is given, and then an identity-based key isolation signature scheme is constructed under the random oracle model. Finally, the security of the scheme is proved by reducing the security of the scheme to the discrete logarithm problem. The results show that the scheme proposed in this paper is superior to other schemes in the operation efficiency. 3) This paper presents an identity-based key isolation authentication key agreement protocol under an elliptic curve cryptosystem. In view of the fact that the existing identity-based authentication key negotiation protocol has not been provided with backward security, this paper proposes an identity-based key isolation authentication key agreement protocol based on the elliptic curve cryptosystem. The analysis results show that the protocol proposed in this paper not only meets the security requirements currently known for the authentication key agreement protocol, but also provides the backward security. In the work of this paper, we also analyze the non-interactive identity-based authentication key agreement protocol proposed by Guo et al. It points out that there are disadvantages in the protocol that can not resist attack of leaf nodes or intermediate nodes, that is, if only one internal node is attacked successfully, then the session key of the node will be corrupted.
【学位授予单位】:电子科技大学
【学位级别】:博士
【学位授予年份】:2014
【分类号】:TN918.4
本文编号:2266015
[Abstract]:With the rapid development of information technology, information security has become a core problem that hinders information technology to be widely used in various fields. As an important part of information security technology, public-key cryptography has been paid more attention. when the public key cryptographic system is deployed to an unsafe environment such as a wireless sensor network or mobile terminal, the problem of key disclosure due to trojans, viruses, and operating system vulnerabilities also becomes inevitable. Since the security of the public key cryptographic system relies on the security of the key itself, the security of the entire public key cryptographic system will also be completely compromised when the key is compromised. In the traditional public key cryptosystem, the loss caused by the leakage of the user key can be relieved by the means of withdrawing the public key. However, in the identity-based public key cryptosystem, because the public key of the user is derived from the user's public identity information, it is difficult to solve the key leakage problem by adopting a method of revoking the public key. Therefore, how to effectively solve the key leakage problem in the identity-based public key cryptosystem has become the current research hotspot. according to the key isolation password system proposed by the key evolution thought, the key life cycle is divided into a plurality of different time slices, and when the key in certain time slices is leaked, the key in the remaining time slices can still guarantee the security, thereby greatly reducing the possible damage to the key leakage. This paper discusses the design and security analysis of identity-based key isolation password system based on the main line of certificate safety. The main innovation points include the following three aspects: 1) This paper puts forward a highly efficient and safe identity-based key isolation signature scheme. Based on the analysis of the identity-based key isolation scheme proposed by Chen et al., a new signcryption scheme is proposed in this paper. IND-CCA2 (IND-CCA2) protection and adaptive selection message attacks fail to provide security issues for the protection of non-forgery (EUF-CMA), and demonstrate the security of the proposed scheme under the standard model. The results show that the scheme proposed in this paper is superior to the identity-based signature scheme under the existing standard model in terms of computational efficiency and cipher text length. The paper proposes an identity-based key isolation signature scheme under an elliptic curve cryptosystem. In view of the current identity-based key isolation signature scheme, this paper constructs an identity-based key isolation signature scheme using elliptic curve cryptosystem in order to reduce computational overhead. First, a formal definition and security model is given, and then an identity-based key isolation signature scheme is constructed under the random oracle model. Finally, the security of the scheme is proved by reducing the security of the scheme to the discrete logarithm problem. The results show that the scheme proposed in this paper is superior to other schemes in the operation efficiency. 3) This paper presents an identity-based key isolation authentication key agreement protocol under an elliptic curve cryptosystem. In view of the fact that the existing identity-based authentication key negotiation protocol has not been provided with backward security, this paper proposes an identity-based key isolation authentication key agreement protocol based on the elliptic curve cryptosystem. The analysis results show that the protocol proposed in this paper not only meets the security requirements currently known for the authentication key agreement protocol, but also provides the backward security. In the work of this paper, we also analyze the non-interactive identity-based authentication key agreement protocol proposed by Guo et al. It points out that there are disadvantages in the protocol that can not resist attack of leaf nodes or intermediate nodes, that is, if only one internal node is attacked successfully, then the session key of the node will be corrupted.
【学位授予单位】:电子科技大学
【学位级别】:博士
【学位授予年份】:2014
【分类号】:TN918.4
【参考文献】
相关期刊论文 前1条
1 ;IDENTITY-BASED KEY-INSULATED PROXY SIGNATURE[J];Journal of Electronics(China);2009年06期
相关博士学位论文 前1条
1 李发根;基于双线性对的签密体制研究[D];西安电子科技大学;2007年
,本文编号:2266015
本文链接:https://www.wllwen.com/kejilunwen/wltx/2266015.html
