无线公钥基础设施—WPKI设计与实现研究
摘要
无线传输的安全问题引起人们的重视。在2000年,WAP论坛公布了WPKI技术规范,作为一个开放的标准,该规范可用于解决无线环境下的安全问题。
本文介绍了无线传输的背景,对无线IP网络安全中的关键技术——WPKI进行了深入的分析和研究,重点分析了无线Internet的应用需求和目前的主要实现技术;介绍了系统中涉及的实现技术规范,详细讨论了用户证书管理;另外在论文中还详细介绍了PKI技术及其实现细节,涉及到一些对PKI服务产生影响的策略、标准及新兴应用。
本文提出了一套完整可行的适合宽带无线IP网络环境的WPKI方案,即基于WAP的WPKI体系结构。在对标准的X.509证书进行了优化和压缩后,给出了WPKI体系的证书格式。提出将现有的有线CA认证中心扩展到无线领域的方法来构建无线环境下的CA认证中心的建议。采用一种简便、实用的安全协议来实现WPKI证书的生成,即分布式生产方式下的证书管理协议—CMP(Certificate Management Protocol),并对此协议进行了形式化证明。针对移动设备获取证书难度大、时延长的特点,通过借鉴哈希链的思想,设计了一种安全性比较高,可以抵抗现有大部份攻击,且适用于无线环境的证书状态查询方案——用户端部分缓存的OCSP(CPC-OCSP)方案。该方案可以有效减少客户端及服务器端的计算量以及减轻带宽负荷。最后在论文中还引入了CA信任路径构建的新思路。
Security brings our aware and concern on wireless transaction. In 2000, WAP forum published a series of WPKI technical specifications, which are open standards, to solve the wireless security issues.
The background of wireless transaction is introduced in this paper and a detailed analysis and study on WPKI-the key point of wireless security, is made, with emphases on the requirements of wireless Internet and the mainly relative technologies. In addition, user certificate management is mainly focused.
General PKI technology and concepts are also detailedly explained. For the sake of orientation, policies and standards and some of the new and exciting applications that will consume PKI services are also touched on.
An integrated and feasible WPKI architecture based on WAP (wireless application protocol), which suits the broadband wireless IP environment, is introduced in this paper. Optimized and compressed from the traditional X.509 certificate, the format of WPKI certificate is also proposed. The way of building a certificate authority is proposed as extending the existing CA of wired to the field of wireless. To implement the creation of WPKI certificate, a simple but efficient protocol, CMP (Certificate Management Protocol) is adopted and analyzed with formalized way to prove its validity. Making reference to the thought of HASH chain, a modification over traditional OCSP, client partially cached-OCSP, is proposed which can efficiently reduce not only the computation at the client and server side but also the band load. Finally a new way of building belief path of CA is introdued.
本文介绍了无线传输的背景,对无线IP网络安全中的关键技术——WPKI进行了深入的分析和研究,重点分析了无线Internet的应用需求和目前的主要实现技术;介绍了系统中涉及的实现技术规范,详细讨论了用户证书管理;另外在论文中还详细介绍了PKI技术及其实现细节,涉及到一些对PKI服务产生影响的策略、标准及新兴应用。
本文提出了一套完整可行的适合宽带无线IP网络环境的WPKI方案,即基于WAP的WPKI体系结构。在对标准的X.509证书进行了优化和压缩后,给出了WPKI体系的证书格式。提出将现有的有线CA认证中心扩展到无线领域的方法来构建无线环境下的CA认证中心的建议。采用一种简便、实用的安全协议来实现WPKI证书的生成,即分布式生产方式下的证书管理协议—CMP(Certificate Management Protocol),并对此协议进行了形式化证明。针对移动设备获取证书难度大、时延长的特点,通过借鉴哈希链的思想,设计了一种安全性比较高,可以抵抗现有大部份攻击,且适用于无线环境的证书状态查询方案——用户端部分缓存的OCSP(CPC-OCSP)方案。该方案可以有效减少客户端及服务器端的计算量以及减轻带宽负荷。最后在论文中还引入了CA信任路径构建的新思路。
Security brings our aware and concern on wireless transaction. In 2000, WAP forum published a series of WPKI technical specifications, which are open standards, to solve the wireless security issues.
The background of wireless transaction is introduced in this paper and a detailed analysis and study on WPKI-the key point of wireless security, is made, with emphases on the requirements of wireless Internet and the mainly relative technologies. In addition, user certificate management is mainly focused.
General PKI technology and concepts are also detailedly explained. For the sake of orientation, policies and standards and some of the new and exciting applications that will consume PKI services are also touched on.
An integrated and feasible WPKI architecture based on WAP (wireless application protocol), which suits the broadband wireless IP environment, is introduced in this paper. Optimized and compressed from the traditional X.509 certificate, the format of WPKI certificate is also proposed. The way of building a certificate authority is proposed as extending the existing CA of wired to the field of wireless. To implement the creation of WPKI certificate, a simple but efficient protocol, CMP (Certificate Management Protocol) is adopted and analyzed with formalized way to prove its validity. Making reference to the thought of HASH chain, a modification over traditional OCSP, client partially cached-OCSP, is proposed which can efficiently reduce not only the computation at the client and server side but also the band load. Finally a new way of building belief path of CA is introdued.
引文
[1]. ITU-T Recommendation X.509 (1997)|ISO/IEC 9594-8:1997, "Information Technology-Open Systems Interconnection-The Directory: Authentication Framework."
[2]. USECA D09 Intermediate report on a PKI architecture for UMTS
[3]. M. Naor and K. Nissim. Certificate revocation and certificate update. In 7th USENIX Security Symposium, 1998.
[4]. M. Myers, R. Ankney, A. Malpani, S. Galperin, and C. Adams. X.509 Internet Public Key Infrastructure Online Certificate Status Protocol-OCSP, 1999. RFC 2560.
[5].刘杰,王春萌,范春晓.移动电子商务及WPKI技术.北京邮电大学学报,Vol.25,No.2 Jun.2002
[6]. WAP Forum, "Wireless Transport Layer Security Specification,"WAP-199-WTLS-20000218-a. URL: http://www.wapforum.org/.
[7]. WAP Forum "Wireless Application Protocol Architecture Specification," WAP-100-WAPAreh-19980430-a. URL: http://www.wapforum.org/.
[8]. WAP Forum, "Wireless Identity Module Specification," WAP-198-WIM-20000218-a. URL: http://www.wapforum.org/.
[9]. B. Michael, A Martin, N Reger. A Logic of Authentication[R]. SRC research report 39, 1989-02
[10]. Jose L. Muoz, Jordi Forné. Certificate revocation polices for wireless communications. UPGRADE, pages 21-24, Vol, Ⅲ, No. 6, December 2002 directory: Public-Key and Attribute Certificate Frameworks, February 2001
[11].吴世忠,祝世雄,张文政.应用密码学 协议、算法与C源程序.机械工业出版社,2000,37
[12]. J. Linn and M. Nystrm: Attribute Certification: An Enabling Technology for Delegation and Role-Based Controls in Distributed Environments, Proc. of the 4th ACM Workshop on RBAC, pp. 121-130, Fairfax, USA, 1999
[13]. I. Gassko, P.S. Gemmell and P. MacKenzie: Efficient and Fresh Certification, Proceedings of the Conference Public Key Cryptography 2000, v. 1751 of LNCS, pp. 342-353, Springer, 2000
[14]. P. C. Kocher. On certificate revocation and validation. In Proc. International Conference on Financial Cryptography, volume 1465 of Lecture Notes in Computer Science, 1998.
[15]. R.C. Merkle, A Certified Digital Signature, Advances in Cryptology: CRYPTO'89, 0435 of LNCS, pp. 218-238, Springer, 1989
[16]. M. Naor, K. Nissim: Certificate Revocation and Certificate Update, Proceedings of the 7th USENIX Security Symposium, pp. 217-228, San Antonio, USA, 1998
[17]. ITU-T Recommendation X.509: Information Technology-Open Systems Interconnection-The directory: Public-Key and Attribute Certificate Frameworks, February 2001
[18]. M. Myers, R. Ankney, A. Malpani, S. Galperin and C. Adams: X.509 Internet Public Key Infrastructure On-line Certificate Status Protocol-OCSP, IETF Request for Comments 2560, June 1999
[19]. S. Micali: Efficient Certificate Revocation, Technical Report, Massachusetts Institute of Technology, 1996
[20]. A. Buldas, P. Laud, H. Lipmaa: Accountable Certificate Management using Undeniable Attestations, Proceedings of the 7th ACM Conference on Computer and Communication Security, pp. 9-17, Athens, Greece, November 2000
[21]. S. Osborn, R. and Q. Munawer: Configuring Role-Based Access Control to Enforce Mandatory and Discretionary Access Control Policies, ACM Transactions on Information and System Security, Vol. 3, No. 2, pp. 85-106, May 2000
[22]. J. Benaloh and M. de Mare. One-way accumulators: A decentralized alternative to digital signatures. In Advances in Cryptology-EUROCRYPT 93, volume 765 of Lecture Notes in Computer Science, pages 274-285, 1993.
[23]. M. T. Goodrich, A. Schwetin, and R. Tamassia. An efficient dynamic and distributed cryptographic accumulator. Technical Report, Johns Hopkins Information Security Institute, 2000. Computing, pages 278-285, 1993.
[24]. M. T. Goodrich and R. Tamassia. Data Structures and Algorithms in Java. John Wiley & Sons, New York, NY, 1998.
[25]. M. T. Goodrich and R. Tamassia. Efficient authenticated dictionaries with skip lists and commutative HASHing. Technical Report, Johns Hopkins Information Security Institute, 2000.
[26]. P. C. Kocher. On certificate revocation and validation. In Proc. International Conference on Financial Cryptography, volume 1465 of Lecture Notes in Computer Science, 1998.
[27]. M. Naor and K. Nissim. Certificate revocation and certificate update. In Proceedings of the 7th USENIX Security Symposium (SECURITY-98), pages 217-228, Berkeley, 1998.
[28]. W. Pugh. Skip lists: a probabilistic alternative to balanced trees. Commun. ACM, 33(6): 668-676, 1990.
[29]. B. Schneier. Applied cryptography: protocols, algorithms, and sourcecode in C. John Wiley and Sons, Inc., New York, 1994.
[30].冯登国,公开密钥基础设施.北京,人民邮电出版社,2001-01
[31].徐志大,南相浩,Internet X.509 PKI安全通信协议设计与证明,计算机工程与应用,2003.01
[32].卢震宇,戴英侠,胡艳,分布式认证系统互联的信任路径构建分析和实现,计算机工程与应用,2002.10
[33].李明柱,安全微支付性能分析,2002,http://www-900.ibm.com
[2]. USECA D09 Intermediate report on a PKI architecture for UMTS
[3]. M. Naor and K. Nissim. Certificate revocation and certificate update. In 7th USENIX Security Symposium, 1998.
[4]. M. Myers, R. Ankney, A. Malpani, S. Galperin, and C. Adams. X.509 Internet Public Key Infrastructure Online Certificate Status Protocol-OCSP, 1999. RFC 2560.
[5].刘杰,王春萌,范春晓.移动电子商务及WPKI技术.北京邮电大学学报,Vol.25,No.2 Jun.2002
[6]. WAP Forum, "Wireless Transport Layer Security Specification,"WAP-199-WTLS-20000218-a. URL: http://www.wapforum.org/.
[7]. WAP Forum "Wireless Application Protocol Architecture Specification," WAP-100-WAPAreh-19980430-a. URL: http://www.wapforum.org/.
[8]. WAP Forum, "Wireless Identity Module Specification," WAP-198-WIM-20000218-a. URL: http://www.wapforum.org/.
[9]. B. Michael, A Martin, N Reger. A Logic of Authentication[R]. SRC research report 39, 1989-02
[10]. Jose L. Muoz, Jordi Forné. Certificate revocation polices for wireless communications. UPGRADE, pages 21-24, Vol, Ⅲ, No. 6, December 2002 directory: Public-Key and Attribute Certificate Frameworks, February 2001
[11].吴世忠,祝世雄,张文政.应用密码学 协议、算法与C源程序.机械工业出版社,2000,37
[12]. J. Linn and M. Nystrm: Attribute Certification: An Enabling Technology for Delegation and Role-Based Controls in Distributed Environments, Proc. of the 4th ACM Workshop on RBAC, pp. 121-130, Fairfax, USA, 1999
[13]. I. Gassko, P.S. Gemmell and P. MacKenzie: Efficient and Fresh Certification, Proceedings of the Conference Public Key Cryptography 2000, v. 1751 of LNCS, pp. 342-353, Springer, 2000
[14]. P. C. Kocher. On certificate revocation and validation. In Proc. International Conference on Financial Cryptography, volume 1465 of Lecture Notes in Computer Science, 1998.
[15]. R.C. Merkle, A Certified Digital Signature, Advances in Cryptology: CRYPTO'89, 0435 of LNCS, pp. 218-238, Springer, 1989
[16]. M. Naor, K. Nissim: Certificate Revocation and Certificate Update, Proceedings of the 7th USENIX Security Symposium, pp. 217-228, San Antonio, USA, 1998
[17]. ITU-T Recommendation X.509: Information Technology-Open Systems Interconnection-The directory: Public-Key and Attribute Certificate Frameworks, February 2001
[18]. M. Myers, R. Ankney, A. Malpani, S. Galperin and C. Adams: X.509 Internet Public Key Infrastructure On-line Certificate Status Protocol-OCSP, IETF Request for Comments 2560, June 1999
[19]. S. Micali: Efficient Certificate Revocation, Technical Report, Massachusetts Institute of Technology, 1996
[20]. A. Buldas, P. Laud, H. Lipmaa: Accountable Certificate Management using Undeniable Attestations, Proceedings of the 7th ACM Conference on Computer and Communication Security, pp. 9-17, Athens, Greece, November 2000
[21]. S. Osborn, R. and Q. Munawer: Configuring Role-Based Access Control to Enforce Mandatory and Discretionary Access Control Policies, ACM Transactions on Information and System Security, Vol. 3, No. 2, pp. 85-106, May 2000
[22]. J. Benaloh and M. de Mare. One-way accumulators: A decentralized alternative to digital signatures. In Advances in Cryptology-EUROCRYPT 93, volume 765 of Lecture Notes in Computer Science, pages 274-285, 1993.
[23]. M. T. Goodrich, A. Schwetin, and R. Tamassia. An efficient dynamic and distributed cryptographic accumulator. Technical Report, Johns Hopkins Information Security Institute, 2000. Computing, pages 278-285, 1993.
[24]. M. T. Goodrich and R. Tamassia. Data Structures and Algorithms in Java. John Wiley & Sons, New York, NY, 1998.
[25]. M. T. Goodrich and R. Tamassia. Efficient authenticated dictionaries with skip lists and commutative HASHing. Technical Report, Johns Hopkins Information Security Institute, 2000.
[26]. P. C. Kocher. On certificate revocation and validation. In Proc. International Conference on Financial Cryptography, volume 1465 of Lecture Notes in Computer Science, 1998.
[27]. M. Naor and K. Nissim. Certificate revocation and certificate update. In Proceedings of the 7th USENIX Security Symposium (SECURITY-98), pages 217-228, Berkeley, 1998.
[28]. W. Pugh. Skip lists: a probabilistic alternative to balanced trees. Commun. ACM, 33(6): 668-676, 1990.
[29]. B. Schneier. Applied cryptography: protocols, algorithms, and sourcecode in C. John Wiley and Sons, Inc., New York, 1994.
[30].冯登国,公开密钥基础设施.北京,人民邮电出版社,2001-01
[31].徐志大,南相浩,Internet X.509 PKI安全通信协议设计与证明,计算机工程与应用,2003.01
[32].卢震宇,戴英侠,胡艳,分布式认证系统互联的信任路径构建分析和实现,计算机工程与应用,2002.10
[33].李明柱,安全微支付性能分析,2002,http://www-900.ibm.com