中国科学院软件研究所机构知识库
Advanced  
ISCAS OpenIR  > 中科院软件所  > 中科院软件所
题名:
PKI理论与应用技术研究
作者: 周永彬
答辩日期: 2004
专业: 计算机应用技术
授予单位: 中国科学院软件研究所
授予地点: 中国科学院软件研究所
学位: 博士
关键词: 公钥基础设施 ; 可信密钥管理中心 ; 证书状态验证 ; 公平交换协议 ; 密码学
其他题名: Research on PKI Theories and Application Technologies
摘要: 电子商务、电子政务等基于Internet的网络增值应用日新月异,这些应用对信息安全的需求也随之提升,诸如公平性、可追踪性等安全特性就是除了传统的保密性、完整性、非否认性、身份认证等基本安全要求之外的新需求。基于公钥密码技术构建的公钥基础设施(PKI)是目前公认的解决大型开放网络环境下信息安全问题最可行、最有效的办法。本文围绕着一个实际的企业级PKI系统的设计和开发,从理论和实践两个方面研究了实现安全、可靠、可扩展的PKI系统所涉及到的一些关键理论和技术问题。公平性是电子商务交易的基本要求之一,论文最后对一类重要的公平交换协议进行了深入的研究。论文取得了以下六个力一面的主要成果:第一,设计并实现了一个高度模块化、可扩展的企业级PKI系统—ErcistPKI系统。在系统设计和实现的过程中,考虑到PKI作为普适性安全基础平台的特点,特别强调PKI系统自身的安全性;第二,首次在PKI系统的设计中提出了“可信密钥管理中心(TKMC)”的概念,这一独特设计大大地强化了密钥管理功能的实施,为PKI向密钥管理基础设施(KMI)的平滑过渡提供了良好的技术准备:第三,对证书状态验证机制进行了深入研究,设计了证书状态模拟系统,以指导PKI系统和应用的部署和实施;在此基础上,基于时间约束首次给出了认证字典的一种新的分类方法;第四,对OCSP协议进行了形式化分析,设计和实现了一种高效、可扩展的 OCSP系统:第五,分析了WPKI工作环境对设计安全基础平台提出的特殊要求,结合无线移动设备的具体特点,基于可交换杂凑函数和动态Merkle杂凑树设计出了一种适用于WPKI环境的高效证书状态查询机制;第六,对一类公平交换协议进行了深入的研究,从设计公平交换协议的密码基础结构出发,提出了一种新型的基于RSA密码体制的高效CEMBS;在此工作的基础上,设计了一种基于RSA密码体制的最优化公平交换协议。
英文摘要: Internet-based networking value-added applications (for instance, e-commerce and e-government) develop quickly with each passing day. These applications pose new requirements to information security. Such new requirements, like fairness and accountability, are beyond of the traditionally basic security requirements such as confidentiality, integrity, non-repudiation and authentication. Public Key Infrastructure (PKI) technology based on public-key cryptography theory is considered to be the most feasible and most effective method to solve information security problems in large and open networking environment. With design and development of an enterprise PKI system, some key technologies on implementing a secure, reliable and scalable PKI system are both theoretically and practically conducted in this thesis. Fairness is one of the basic information security requirements of e-commerce; and one important kind of fair exchange protocols is thoroughly examined at the end of the thesis. As a result, six principal achievements have been obtained. First, a highly modular and scalable PKI system (which we call ErcistPKI) is designed and implemented. The security of PKI system itself is especially emphasized during the system design and implementation process, which is in accordance with the pervasive characteristic of PKI. Second, the concept of a Trusted Key Management Center (TKMC) is introduced for the first time. This technology greatly strengthens key management practices and allows for smooth transition from PKI to Key Management Infrastructure (KMI). Third, certificate status mechanisms are investigated in depth, and a certificate revocation performance simulation system is devised. All these work will provide guides to practice and employment of PKI applications. Based on time constraints, a new taxonomy for authenticated dictionaries is proposed. Fourth, formal analysis of OCSP protocol is carried out; then an efficient and scalable OCSP system is developed. Fifth, the special requirements caused by the working environments of Wireless PKI (WPKI) are analyzed. Based on communicative hashing and dynamic Merkle hash tree, an efficient certificate status validation method suitable for WPKI is presented. Sixth, one important kind of fair exchange protocols is studied, and a new CEMBS based on RSA cryptosystem is proposed. Afterwards, a novel fair exchange protocol totally based on RSA signature scheme is devised.
语种: 中文
内容类型: 学位论文
URI标识: http://ir.iscas.ac.cn/handle/311060/7272
Appears in Collections:中科院软件所

Files in This Item:
File Name/ File Size Content Type Version Access License
LW013923.pdf(1565KB)----限制开放-- 联系获取全文

Recommended Citation:
周永彬. PKI理论与应用技术研究[D]. 中国科学院软件研究所. 中国科学院软件研究所. 2004-01-01.
Service
Recommend this item
Sava as my favorate item
Show this item's statistics
Export Endnote File
Google Scholar
Similar articles in Google Scholar
[周永彬]'s Articles
CSDL cross search
Similar articles in CSDL Cross Search
[周永彬]‘s Articles
Related Copyright Policies
Null
Social Bookmarking
Add to CiteULike Add to Connotea Add to Del.icio.us Add to Digg Add to Reddit
所有评论 (0)
暂无评论
 
评注功能仅针对注册用户开放,请您登录
您对该条目有什么异议,请填写以下表单,管理员会尽快联系您。
内 容:
Email:  *
单位:
验证码:   刷新
您在IR的使用过程中有什么好的想法或者建议可以反馈给我们。
标 题:
 *
内 容:
Email:  *
验证码:   刷新

Items in IR are protected by copyright, with all rights reserved, unless otherwise indicated.

 

 

Valid XHTML 1.0!
Copyright © 2007-2017  中国科学院软件研究所 - Feedback
Powered by CSpace