基于椭圆曲线密码体制的密钥管理方法研究
|
摘要
信息经济时代网络与信息安全的重要性日趋增强,因此,保护信息的安全就成了信息时代的迫切要求。密码学的原则要求密码系统的保密性不依赖加密体制或算法的保密,而依赖于密钥的保密。密钥管理是密码技术的重要组成部分,它要求密码系统应具有良好的密钥分配和管理措施。密钥管理不仅影响密码系统的安全性,而且涉及到应用密码的系统的可靠性、有效性和安全性。密码学发展至今,密钥管理始终是一个不断出现新问题和挑战的复杂课题。
本文首先总结了分级系统结构上密钥管理方案的发展现状,.给出了经典的分级密钥管理方案的描述,并对其进行了安全性分析,给出了该方案的优点和存在的缺点,并针对Jeng-Wang(2006)方案和Chung-Lee(2008)方案提出可能存在的一种在多项式时间内求根攻击状况。本文基于椭圆曲线密码体制和单向散列函数提出一种新的密钥管理方法,更好的解决动态访问控制下的密钥管理问题。本文提出的密钥管理方法中,基于用户等级权限,构造了一个函数,使得当系统中等级关系结构发生临时变更时,代理职责人能够既保证原有应用系统的安全性,又能够很好的处理职责所在。
In the information economy of society, network and information security becomes increasingly important, so it is an urgent requirement that information security is protected for the information age. The principle of cryptography requires that the security of cryptographic system does not rely on the confidentiality of cryptosystem or algorithm, but relies on secret keys. Key management which is an important part of cryptography requires that the cryptographic system contain good measures about key distribution and key management. Not only key management system affects the security of the cryptographic system, but also affects the reliability, effectiveness and safety of the application system. So far, key management remains a continuous emergence of new problems and challenges of complex issues.
This paper summarizes the development status of key management system in the hierarchical system structure, and describes the classic hierarchical key management scheme and analyzes its security, and gives its advantages and shortcomings, and proposes a possible Roots Attack in the polynomial time for Jeng-Wang's scheme and Chung-Lee's scheme. Based on the Elliptic Curve Cryptography and One-way Hash Function, a new key management method which better handle key management issues under the dynamic access control is proposed, which construct a function using user level permission, in which once the hierarchical relationship structure in the hierarchical system structure to be changed, agent user can guarantee the security of applications system, and deal well responsibilities.
本文首先总结了分级系统结构上密钥管理方案的发展现状,.给出了经典的分级密钥管理方案的描述,并对其进行了安全性分析,给出了该方案的优点和存在的缺点,并针对Jeng-Wang(2006)方案和Chung-Lee(2008)方案提出可能存在的一种在多项式时间内求根攻击状况。本文基于椭圆曲线密码体制和单向散列函数提出一种新的密钥管理方法,更好的解决动态访问控制下的密钥管理问题。本文提出的密钥管理方法中,基于用户等级权限,构造了一个函数,使得当系统中等级关系结构发生临时变更时,代理职责人能够既保证原有应用系统的安全性,又能够很好的处理职责所在。
In the information economy of society, network and information security becomes increasingly important, so it is an urgent requirement that information security is protected for the information age. The principle of cryptography requires that the security of cryptographic system does not rely on the confidentiality of cryptosystem or algorithm, but relies on secret keys. Key management which is an important part of cryptography requires that the cryptographic system contain good measures about key distribution and key management. Not only key management system affects the security of the cryptographic system, but also affects the reliability, effectiveness and safety of the application system. So far, key management remains a continuous emergence of new problems and challenges of complex issues.
This paper summarizes the development status of key management system in the hierarchical system structure, and describes the classic hierarchical key management scheme and analyzes its security, and gives its advantages and shortcomings, and proposes a possible Roots Attack in the polynomial time for Jeng-Wang's scheme and Chung-Lee's scheme. Based on the Elliptic Curve Cryptography and One-way Hash Function, a new key management method which better handle key management issues under the dynamic access control is proposed, which construct a function using user level permission, in which once the hierarchical relationship structure in the hierarchical system structure to be changed, agent user can guarantee the security of applications system, and deal well responsibilities.
引文
[1]Stinson D.R.,冯登国译.密码学原理与实践[M],北京:电子工业出版社,2003
[2]章照止.现代密码学基础[M],北京:北京邮电大学出版社,2004
[3]Akl S.G., Taylor P.D.. Cryptographic solution to a problem of access control in a hierarchy ACM TRANS, Computer Systems,1983,1 (3),239-248
[4]MacKinnon S.T., Taylor P.D., Meijer H. etc.. An optimal algorithm for assigning cryptographic keys to control access in a hierarchy, IEEE Transactions on Computers,1985, 100(34),797-802
[5]Harn L., Lin H.Y.. A cryptographic key generation scheme for multilevel data security, Computer Security,1990,9(6),539-546
[6]Lia H.T., Wang S.J.,Lei C.L.. A dynamic cryptographic key assignment scheme in a tree structure, Computers &Mathematics with Applications,1993,25(6),109-114
[7]Shen R.L., Chen T.S.. A novel key management scheme based on discrete logarithms and polynomial interpolations, Computers and Security,2002,21(2),164-171
[8]Hsu C.L., Wu C.M., Cryptanalysis and improvements of two cryptographic key assignment schemes for dynamic access control in a user hierarchy, Computers and Security,2003,22(5), 453-456
[9]Yang C., Li C.. Access control in a hierarchy using one-way hash functions, Computers and Security,2004,23 (8),659-664
[10]Hsu C.L., Tsai P:L., Chou Y. C.. Robust dynamic access control scheme in a user hierarchy based on one-way hash function, International Computer Symposium,2008,
[11]Jeng F.G., Wang C.M..An efficient key-management scheme for hierarchical access control based on elliptic curve cryptosystem, The Journal of Systems and Software,2006,79(8), 1161-1167
[12]Chung Y.F., Lee H. H., Lai F. etc.. Access control in user hierarchy based on elliptic curve cryptosystem, Information Sciences,2008,178(1),230-243
[13]卢开澄.计算机密码学[M],第二版,北京:清华大学出版社,1998
[14]Hankersonetal D.,张焕国等译.椭圆曲线密码学导论[M],北京:电子工业出版社,2005
[15]Merkle R.. Secrecy, authentication, and public key systems, UMI Research Press,1979
[16]Diffie W., Hellman M. E.. New directions in cryptography, IEEE Transaction on Information Theory,1976,22 (6),644-654
[17]ElGamal T.. A public key cryptosystem and a signature scheme based on discrete logarithms, In:Advances in.Cryptology-CRYPTO'84, LNCS 196, Springer-Verlag,1985,10-18
[18]Ham L., Xu Y.. Design of generalized E. L. Gamal type digital signature scheme based on disease logarithm, Electronics Letters,1994,30 (24),2025-2026
[19]He W.H.. Digital signature scheme based on factoring and discrete logarithms, Electronic Letters,2001,37(4),220-222
[20]Laih C.S., Hma L., Lee J.Y. On the design of a single-key-lock mechanism based on Newton' interpolating polynomial, IEEE Transactions on Software Engineering,1989,15,1135-1137
[21]Rivest R. L., Shamir A., Adelman L. A method for obtaining digital signatures and public key cryptosystem, Communications of the ACM,1978,21 (2),120-126
[22]卢开澄.椭圆曲线密码算法引论[M],北京:清华大学出版社,2008
[23]Koblitz N. Elliptic curve cryptosystems, Mathematics of Computation,1987,48 (177), 203-209
[24]Miller V.. Use of elliptic curves in cryptography. In:Advances in Cryptology-CRYPTO'85, LNCS 218, Springer-Verlag,1986,417-426.
[25]徐秋亮,李大兴.椭圆曲线密码体制,计算机研究与发展,1999
[26]Hankerson D., Menezes A., Vanstone S.. Guide to elliptic curve cryptography, Springer-Verlag, New York,2004,76-86
[27]王学理,裴定一.椭圆与超椭圆曲线公钥的理论与实现[M],北京:科学出版社,2006
[28]Ben O.M.. Probabilistic algorithms in finite fields, In:22 Annual Symposium on Foundations of Computer Science (IEEE FOCS),1981,394-398
[29]Cohen H.. A course in computational algebraic number theory, Springer-Verlag,1991
[30]Santis A.D., Ferrara A.L., Masucci B.. A new key assignment scheme for access control in a complete tree hierarchy, proceeding of the International Workshop on Coding and Cryptography—WCC 2005,2006,202-217
[31]Santis A.D., Ferrara A.L., Masucci B.. Cryptographic key assignment schemes for any access control policy, Information Processing Letters,2004,92 (4),99-205
[32]Santis A.D., Ferrara A.L., Masucci B.. Enforcing the security of a time-bound hierarchical key assignment scheme, Information Sciences,2006,176 (12),1684-1694
[33]蒙杨,卿斯汉,刘克龙.等级加密体制中的密钥管理研究[J],软件学报,2001,12(08),1147-115
[34]卢建朱,陈火炎.分布式环境中的安全有效的分级密钥管理[J],计算机工程,2006,32(12),154-156
[35]拾以娟.基于身份的公钥密码学关键问题研究,上海交通大学硕士论文,2006
[36]戢伟.双线性对在密钥管理中的应用,西北大学硕士论文,2008
[37]董贝贝.层次结构密钥分配及动态存储控制的研究,山东大学硕士论文,2005
[38]顾海华.椭圆曲线密码的快速算法及安全基础研究,上海交通大学博士论文,2010
[2]章照止.现代密码学基础[M],北京:北京邮电大学出版社,2004
[3]Akl S.G., Taylor P.D.. Cryptographic solution to a problem of access control in a hierarchy ACM TRANS, Computer Systems,1983,1 (3),239-248
[4]MacKinnon S.T., Taylor P.D., Meijer H. etc.. An optimal algorithm for assigning cryptographic keys to control access in a hierarchy, IEEE Transactions on Computers,1985, 100(34),797-802
[5]Harn L., Lin H.Y.. A cryptographic key generation scheme for multilevel data security, Computer Security,1990,9(6),539-546
[6]Lia H.T., Wang S.J.,Lei C.L.. A dynamic cryptographic key assignment scheme in a tree structure, Computers &Mathematics with Applications,1993,25(6),109-114
[7]Shen R.L., Chen T.S.. A novel key management scheme based on discrete logarithms and polynomial interpolations, Computers and Security,2002,21(2),164-171
[8]Hsu C.L., Wu C.M., Cryptanalysis and improvements of two cryptographic key assignment schemes for dynamic access control in a user hierarchy, Computers and Security,2003,22(5), 453-456
[9]Yang C., Li C.. Access control in a hierarchy using one-way hash functions, Computers and Security,2004,23 (8),659-664
[10]Hsu C.L., Tsai P:L., Chou Y. C.. Robust dynamic access control scheme in a user hierarchy based on one-way hash function, International Computer Symposium,2008,
[11]Jeng F.G., Wang C.M..An efficient key-management scheme for hierarchical access control based on elliptic curve cryptosystem, The Journal of Systems and Software,2006,79(8), 1161-1167
[12]Chung Y.F., Lee H. H., Lai F. etc.. Access control in user hierarchy based on elliptic curve cryptosystem, Information Sciences,2008,178(1),230-243
[13]卢开澄.计算机密码学[M],第二版,北京:清华大学出版社,1998
[14]Hankersonetal D.,张焕国等译.椭圆曲线密码学导论[M],北京:电子工业出版社,2005
[15]Merkle R.. Secrecy, authentication, and public key systems, UMI Research Press,1979
[16]Diffie W., Hellman M. E.. New directions in cryptography, IEEE Transaction on Information Theory,1976,22 (6),644-654
[17]ElGamal T.. A public key cryptosystem and a signature scheme based on discrete logarithms, In:Advances in.Cryptology-CRYPTO'84, LNCS 196, Springer-Verlag,1985,10-18
[18]Ham L., Xu Y.. Design of generalized E. L. Gamal type digital signature scheme based on disease logarithm, Electronics Letters,1994,30 (24),2025-2026
[19]He W.H.. Digital signature scheme based on factoring and discrete logarithms, Electronic Letters,2001,37(4),220-222
[20]Laih C.S., Hma L., Lee J.Y. On the design of a single-key-lock mechanism based on Newton' interpolating polynomial, IEEE Transactions on Software Engineering,1989,15,1135-1137
[21]Rivest R. L., Shamir A., Adelman L. A method for obtaining digital signatures and public key cryptosystem, Communications of the ACM,1978,21 (2),120-126
[22]卢开澄.椭圆曲线密码算法引论[M],北京:清华大学出版社,2008
[23]Koblitz N. Elliptic curve cryptosystems, Mathematics of Computation,1987,48 (177), 203-209
[24]Miller V.. Use of elliptic curves in cryptography. In:Advances in Cryptology-CRYPTO'85, LNCS 218, Springer-Verlag,1986,417-426.
[25]徐秋亮,李大兴.椭圆曲线密码体制,计算机研究与发展,1999
[26]Hankerson D., Menezes A., Vanstone S.. Guide to elliptic curve cryptography, Springer-Verlag, New York,2004,76-86
[27]王学理,裴定一.椭圆与超椭圆曲线公钥的理论与实现[M],北京:科学出版社,2006
[28]Ben O.M.. Probabilistic algorithms in finite fields, In:22 Annual Symposium on Foundations of Computer Science (IEEE FOCS),1981,394-398
[29]Cohen H.. A course in computational algebraic number theory, Springer-Verlag,1991
[30]Santis A.D., Ferrara A.L., Masucci B.. A new key assignment scheme for access control in a complete tree hierarchy, proceeding of the International Workshop on Coding and Cryptography—WCC 2005,2006,202-217
[31]Santis A.D., Ferrara A.L., Masucci B.. Cryptographic key assignment schemes for any access control policy, Information Processing Letters,2004,92 (4),99-205
[32]Santis A.D., Ferrara A.L., Masucci B.. Enforcing the security of a time-bound hierarchical key assignment scheme, Information Sciences,2006,176 (12),1684-1694
[33]蒙杨,卿斯汉,刘克龙.等级加密体制中的密钥管理研究[J],软件学报,2001,12(08),1147-115
[34]卢建朱,陈火炎.分布式环境中的安全有效的分级密钥管理[J],计算机工程,2006,32(12),154-156
[35]拾以娟.基于身份的公钥密码学关键问题研究,上海交通大学硕士论文,2006
[36]戢伟.双线性对在密钥管理中的应用,西北大学硕士论文,2008
[37]董贝贝.层次结构密钥分配及动态存储控制的研究,山东大学硕士论文,2005
[38]顾海华.椭圆曲线密码的快速算法及安全基础研究,上海交通大学博士论文,2010