基于加密卡的数字签名技术的研究
|
摘要
网络通信的安全与认证问题现在已经成为限制电子商务进一步发展的亟待解决的问题。安全问题的研究在国内尚处于起步阶段。结合我国电子商务发展与应用的实际情况,本课题设计出一种集信息保密、身份认证与数字签名于一体的,基于软、硬件结合实现的有效的电子商务安全认证解决方案。
传统的方法中数据的加密和信息的认证都是分开实现的。如美国的数据加密标准(DES)只对数据的安全性进行保护,数据签名标准(DSS)只对信息发送与接收进行确认。随着计算机硬件技术的不断发展,计算速度与解密技术的不断提高,现有算法已不能够提供足够的安全性。
本课题对美国国家标准技术研究所(NIST)推出的用于下一世纪数据加密标准的高级数据加密标准(AES)进行了跟踪研究,深入研究了AES的数学原理、加密/解密的算法实现过程,并用C语言完整地实现了AES算法。
在本课题中还对RSA公钥密码体制及数字签名技术进行了深入的研究,对目前网上安全协议中应用较多的Diifie—Heliman密钥交换协议进行了深入研究,并对此协议提出一种基于RSA签名认证的改进方案,此种方法可以有效抵抗中间插入攻击。
最后,基于以上理论研究,提出一种基于灵巧卡实现的、兼数据加密、身份认证与数字签名于一体的二次认证加密系统。此系统充分利用了AES和RSA算法的安全性和TMS320C64X数字信号处理芯片的计算速度快的优点,能够广泛应用于金融、电信、医疗、保险等诸多行业。随着网络发展的不断深入,本系统将有很好的市场前景。
Now the problem of security and authentication has become urgent and has to be solved in order to avoid its restriction to the development of e-Business. Today the research on net security is in its initial stage at home. Based on the solution scheme of software as well as hardware, this paper put forward an effective system which integrated information security, identification and digital signature in one smart card.
Data encryption and information authentication are separated conventionally, such as the Data Encryption Standard of America which encrypts the data only and the Digital Signature Standard which authenticates the information only. The steady improving of calculating speed and decryption technology makes it not enough to provide security for the existing algorithms with the continuing development of computer hardware.
This paper makes a tracing research on the AES which was present by the NIST for the next centenary's data encryption. Based on the deeply investigation to the mathematical theory and principle and specification of AES, an effective implementation of AES block cipher is completed and the encryption and decryption are also completed by using C language.
In this paper, the RSA public-key cryptosystem and digital signature are also discussed deeply. We studied in detail the Diffie-Hellman share secret protocol and present an improved scheme of this protocol which could resist middle -insert-attack effectively.
At last, based on the theory discussed above, we present a quadratic authentication ancl encryption system which could complete encryption/decyption, identify authentication and signature functions and integrated these functions in one smart card.
This system makes full use of the security of the AES and the RSA algorithms and the fast speed of TMS320C64X DSP chip. It could be widely used in finance, telecommunication, medical and insurance etc. With the development of Internet and e-Business, this card will has a prosperous market in the future.
传统的方法中数据的加密和信息的认证都是分开实现的。如美国的数据加密标准(DES)只对数据的安全性进行保护,数据签名标准(DSS)只对信息发送与接收进行确认。随着计算机硬件技术的不断发展,计算速度与解密技术的不断提高,现有算法已不能够提供足够的安全性。
本课题对美国国家标准技术研究所(NIST)推出的用于下一世纪数据加密标准的高级数据加密标准(AES)进行了跟踪研究,深入研究了AES的数学原理、加密/解密的算法实现过程,并用C语言完整地实现了AES算法。
在本课题中还对RSA公钥密码体制及数字签名技术进行了深入的研究,对目前网上安全协议中应用较多的Diifie—Heliman密钥交换协议进行了深入研究,并对此协议提出一种基于RSA签名认证的改进方案,此种方法可以有效抵抗中间插入攻击。
最后,基于以上理论研究,提出一种基于灵巧卡实现的、兼数据加密、身份认证与数字签名于一体的二次认证加密系统。此系统充分利用了AES和RSA算法的安全性和TMS320C64X数字信号处理芯片的计算速度快的优点,能够广泛应用于金融、电信、医疗、保险等诸多行业。随着网络发展的不断深入,本系统将有很好的市场前景。
Now the problem of security and authentication has become urgent and has to be solved in order to avoid its restriction to the development of e-Business. Today the research on net security is in its initial stage at home. Based on the solution scheme of software as well as hardware, this paper put forward an effective system which integrated information security, identification and digital signature in one smart card.
Data encryption and information authentication are separated conventionally, such as the Data Encryption Standard of America which encrypts the data only and the Digital Signature Standard which authenticates the information only. The steady improving of calculating speed and decryption technology makes it not enough to provide security for the existing algorithms with the continuing development of computer hardware.
This paper makes a tracing research on the AES which was present by the NIST for the next centenary's data encryption. Based on the deeply investigation to the mathematical theory and principle and specification of AES, an effective implementation of AES block cipher is completed and the encryption and decryption are also completed by using C language.
In this paper, the RSA public-key cryptosystem and digital signature are also discussed deeply. We studied in detail the Diffie-Hellman share secret protocol and present an improved scheme of this protocol which could resist middle -insert-attack effectively.
At last, based on the theory discussed above, we present a quadratic authentication ancl encryption system which could complete encryption/decyption, identify authentication and signature functions and integrated these functions in one smart card.
This system makes full use of the security of the AES and the RSA algorithms and the fast speed of TMS320C64X DSP chip. It could be widely used in finance, telecommunication, medical and insurance etc. With the development of Internet and e-Business, this card will has a prosperous market in the future.
引文
1 Simmons G.J. The Science of Information Integrity. IEEE Press, New York, 1992:318-325
2 Massey J.L. Fast Software Encryption. Spinger-Verlag, 1995:212-241
3 Banerjee S.K. High Speed Implementation of DES. Computers and Security, 1982,1:261-267
4 Schneier B. Applied Cryptography:Protocols, Algorithms, and Source Code in C. John Wiley & Sons, New York, 1993
5 张泽增.NPC理论导引.贵州人民出版社,1989
6 ShannonC. E. AMathematicalTheoryofCommunication. BSTJ. 1948,27:379-423
7 Diffie W, Hellman M.E. New Direction in Cryptography. IEEE Trans. on Informat. Theory, 1976,22(11):644-654
8 Simmons G.J. Symmetric and Asymmetric Encryption Computing Surverys IEEE Computer Science, 1979,11(4):305-330
9 NBS. Data Encryption Standard. FIPS PUB 46. National Bureau Of Standards Washington. D.C. Jan. 1977
10 Rivest R. Shamir A, Adleman L.M. A Method for Obtaining Digital Signature and Public-key Cryptosystems. CACM. 1978,21(2):120-126
11 J.Dcemon, V. Rijmen. AES Proposal:Rijndael.2.1999
12 http://csrc.nist.gov/encryption/aes/
13 杨义先,孙伟,钮心析.现代密码新理论.科学出版社,2002:3~75
14 ElGamal L. A Public-key Cryptosystem and a Signature Scheme Based on Discrete Logarithm. IEEE Trans. on Information Theory. 1985, 31:469-472
15 McEliece R. A Public-key Cryptosystem Based on Algebraic CodingTheory. DSN Progress Report 1978:114-116
16 Menezes A.J. Elliptic Curve Cryptosystem and Their Implementation. Cryptology. 1993,6:209-224
17 Koblitz N. Elliptic Curve Cryptosystem. Mathematics of Compution 1987,48:203-209
18 李中献,詹榜华,杨义先.认证理论与技术发展.电子学报.1999,27(1):98-102
19 Simmons G.J. Authentication theory/ coding theory, Advances in Cry
Ptoloty. In: Proc. -Crypt'84. Berlin;Springer-Verlag, 1984. 411-431.
20 Simmons. G.J. Authentication codes that permit arbitration, Congressus Numerantium. 1987. (57):257-290.
21 FIPS PUB XX. Digital Signature Standard. 1993(2)
22 王新梅,马文平,武传坤.纠错密码理论.人民邮电出版社.2001:159~166
23 祁明,毛玲梅.无阈下信道签名方案及其应用.计算机应用研究.2002(1):53~55
24 祁明,张凌.有向签名方案[J].电子学报,1998,26(4):146~148
25 Lai X. Higher order derivations and differential cryptanalysis. Proc Symp on Communication, Coding and Cryptography. Switzerland, 1994(2): 10~13.
26 Matsaui M, Tokita T. Cryptanalysis of a reduced version of block cipher E2. Fast Software Encryption Workshop, 1999(3):24~26, 70~79.
27 Wu W,Li B, Feng D G, Qing Q. Cryptanalysis of some AES candidate algorithms. Information and Communication Security'99. Berlin, 1999.
28 Lucks S. On the security of the 128-bit block cipher DEAL. Fast: software Encryption Workshop, 1999(3):24~26, 70~79.
29 Texas Instruments. TMS320C6000 CPU and Instrction Set Reference Guid. 2001
30 Matsui M. New Block Encryption Algorithm MISTY. Fast Software Encryption, 1997:54~68
31 Kwan M. The Design of the ICE Encryption Algorithm. Fast Software Encryption, 1997:69~82
32 Blaze M, Schneier B. The MacGuffin Block Cipher Algorithm. Fast Software Encryption, 1994:95~110
33 Nyberg K. Linear approximation of block ciphers. Advances in Cryptology-Eurocrypt'94, Spinger-Verlag, 1995 439-444
34 胡豫濮.分组密码的设计与安全性分析.西安电子科技大学博士论文,1999:5~76
35 NBS. Data Encryption Standard[M].FIPS PUB 46,1977
36 Adams C, Tavares S. The structured design of cryptographically good S-boxes. Journal of Cryptology, 1990,3(1):27-41
37 Nyberg K. Perfect nonlinear S-boxes. Advance in Cryptography
-Eurocrypt'91 Proc Springer-Verlag, 1991:378-386
38 冯登国,裴定一.密码学导引.科学出版社,1999:124~136
39 何明星,范平志.新一代私钥加密标准AES进展与评述[J].计算机应用研究,2001,18(10):4~6
40 NIST. Advanced Encryption Standard (AES) [M]. Federal Information Processing Standards Publication, 2001
41 S Murphy, M Robshaw. Further Comments on the Structure of Rijndael [EB/OL].http://www.cs.rbbnc.ac.uk/~sean/AES Forum Comment, 2000/8
42 S Murphy, M Robshaw. New Observation on Rijndael[EB/OL]. http://www.cs.rbbnc.ac.uk/~sean/AES Forum Comment,2000/8/7
43 Simmons. G.J. Authentication codes that permit arbitration, Congressus Numerantium. 1987. (57): 257-290.
44 Simmons G.J. Authentication theory/coding theory, Advances in Cry-Ptoloty. In: Proc. -Crypt'84. Berlin, Springer-Verlag, 1984: 411-431.
45 李中献,詹榜华,杨义先.认证理论与技术发展.电子学报.1999,27(1):98-102
46 Diffie W., Hellman, M. E. New Direction in Cryptography, IEEE Tran. Informat. Theory, 1976(IT-22): 644~654
2 Massey J.L. Fast Software Encryption. Spinger-Verlag, 1995:212-241
3 Banerjee S.K. High Speed Implementation of DES. Computers and Security, 1982,1:261-267
4 Schneier B. Applied Cryptography:Protocols, Algorithms, and Source Code in C. John Wiley & Sons, New York, 1993
5 张泽增.NPC理论导引.贵州人民出版社,1989
6 ShannonC. E. AMathematicalTheoryofCommunication. BSTJ. 1948,27:379-423
7 Diffie W, Hellman M.E. New Direction in Cryptography. IEEE Trans. on Informat. Theory, 1976,22(11):644-654
8 Simmons G.J. Symmetric and Asymmetric Encryption Computing Surverys IEEE Computer Science, 1979,11(4):305-330
9 NBS. Data Encryption Standard. FIPS PUB 46. National Bureau Of Standards Washington. D.C. Jan. 1977
10 Rivest R. Shamir A, Adleman L.M. A Method for Obtaining Digital Signature and Public-key Cryptosystems. CACM. 1978,21(2):120-126
11 J.Dcemon, V. Rijmen. AES Proposal:Rijndael.2.1999
12 http://csrc.nist.gov/encryption/aes/
13 杨义先,孙伟,钮心析.现代密码新理论.科学出版社,2002:3~75
14 ElGamal L. A Public-key Cryptosystem and a Signature Scheme Based on Discrete Logarithm. IEEE Trans. on Information Theory. 1985, 31:469-472
15 McEliece R. A Public-key Cryptosystem Based on Algebraic CodingTheory. DSN Progress Report 1978:114-116
16 Menezes A.J. Elliptic Curve Cryptosystem and Their Implementation. Cryptology. 1993,6:209-224
17 Koblitz N. Elliptic Curve Cryptosystem. Mathematics of Compution 1987,48:203-209
18 李中献,詹榜华,杨义先.认证理论与技术发展.电子学报.1999,27(1):98-102
19 Simmons G.J. Authentication theory/ coding theory, Advances in Cry
Ptoloty. In: Proc. -Crypt'84. Berlin;Springer-Verlag, 1984. 411-431.
20 Simmons. G.J. Authentication codes that permit arbitration, Congressus Numerantium. 1987. (57):257-290.
21 FIPS PUB XX. Digital Signature Standard. 1993(2)
22 王新梅,马文平,武传坤.纠错密码理论.人民邮电出版社.2001:159~166
23 祁明,毛玲梅.无阈下信道签名方案及其应用.计算机应用研究.2002(1):53~55
24 祁明,张凌.有向签名方案[J].电子学报,1998,26(4):146~148
25 Lai X. Higher order derivations and differential cryptanalysis. Proc Symp on Communication, Coding and Cryptography. Switzerland, 1994(2): 10~13.
26 Matsaui M, Tokita T. Cryptanalysis of a reduced version of block cipher E2. Fast Software Encryption Workshop, 1999(3):24~26, 70~79.
27 Wu W,Li B, Feng D G, Qing Q. Cryptanalysis of some AES candidate algorithms. Information and Communication Security'99. Berlin, 1999.
28 Lucks S. On the security of the 128-bit block cipher DEAL. Fast: software Encryption Workshop, 1999(3):24~26, 70~79.
29 Texas Instruments. TMS320C6000 CPU and Instrction Set Reference Guid. 2001
30 Matsui M. New Block Encryption Algorithm MISTY. Fast Software Encryption, 1997:54~68
31 Kwan M. The Design of the ICE Encryption Algorithm. Fast Software Encryption, 1997:69~82
32 Blaze M, Schneier B. The MacGuffin Block Cipher Algorithm. Fast Software Encryption, 1994:95~110
33 Nyberg K. Linear approximation of block ciphers. Advances in Cryptology-Eurocrypt'94, Spinger-Verlag, 1995 439-444
34 胡豫濮.分组密码的设计与安全性分析.西安电子科技大学博士论文,1999:5~76
35 NBS. Data Encryption Standard[M].FIPS PUB 46,1977
36 Adams C, Tavares S. The structured design of cryptographically good S-boxes. Journal of Cryptology, 1990,3(1):27-41
37 Nyberg K. Perfect nonlinear S-boxes. Advance in Cryptography
-Eurocrypt'91 Proc Springer-Verlag, 1991:378-386
38 冯登国,裴定一.密码学导引.科学出版社,1999:124~136
39 何明星,范平志.新一代私钥加密标准AES进展与评述[J].计算机应用研究,2001,18(10):4~6
40 NIST. Advanced Encryption Standard (AES) [M]. Federal Information Processing Standards Publication, 2001
41 S Murphy, M Robshaw. Further Comments on the Structure of Rijndael [EB/OL].http://www.cs.rbbnc.ac.uk/~sean/AES Forum Comment, 2000/8
42 S Murphy, M Robshaw. New Observation on Rijndael[EB/OL]. http://www.cs.rbbnc.ac.uk/~sean/AES Forum Comment,2000/8/7
43 Simmons. G.J. Authentication codes that permit arbitration, Congressus Numerantium. 1987. (57): 257-290.
44 Simmons G.J. Authentication theory/coding theory, Advances in Cry-Ptoloty. In: Proc. -Crypt'84. Berlin, Springer-Verlag, 1984: 411-431.
45 李中献,詹榜华,杨义先.认证理论与技术发展.电子学报.1999,27(1):98-102
46 Diffie W., Hellman, M. E. New Direction in Cryptography, IEEE Tran. Informat. Theory, 1976(IT-22): 644~654