密钥哈希消息认证码椭圆曲线数字签名
|
摘要
随着信息数字化的快速发展以及计算机的广泛应用,人们越来越重视网络传输信息的安全问题。黑客利用主机系统的漏洞进入系统有多种目的,无论是获得系统控制权限、实施攻击活动,还是隐藏行踪、开辟后门等,改变目标主机上的文件是最便捷也是最有效的方法,如:放置自己的监听程序、替代某些关键文件、修改编辑可信文件等。
文件完整性检查是保护目标主机上的文件安全的最有效方法之一。文件完整性检查最常用的方法是比较利用哈希算法计算出的哈希值,判断出文件的内容或属性是否被改动。目前采用的哈希算法主要有MD5、SHA-1等。但随着MD5、SHA-1等算法相继被破解,迫切需要寻找一种新的更为安全的算法来进行文件完整性检查。
椭圆曲线数字签名算法常用于身份认证,但可以利用其进行文件完整性的检查。该算法中用于计算消息哈希值的是SHA-1算法,但是SHA-1算法已经被破解,其安全强度已受到质疑。密钥哈希算法HMAC相对于SHA-1算法增加了密钥,由于篡改者无法知道密钥,所以一定程度上HMAC算法较SHA-1算法要安全。
本文用HMAC算法替代SHA-1算法,作为椭圆曲线数字签名算法中的计算消息哈希值的算法,并将改进后的算法称为密钥哈希消息认证码椭圆曲线数字签名算法(HMAC-ECDSA),然后将其应用到文件的完整性检查中。主要完成了以下几个工作:
1)对椭圆曲线密码体制的研究现状及发展趋势进行了研究和分析。在对椭圆曲线密码体制和椭圆曲线离散对数问题的安全性分析基础上,重点研究了椭圆曲线数字签名算法的安全性。
2)提出了HMAC-ECDSA算法,并对该算法的实现流程进行了详细阐述。然后,本文利用有较强数学功能、可设计友好界面且有很好兼容性的VC++6.0作为该算法的开发工具,设计密钥对的生成、签名文件、验证文件签名和计算HMAC等功能模块,来实现一个对文件签名并验证签名的软件。该软件不仅可以通过验证文件的签名来验证文件的完整性,而且还可以通过HMAC算法来验证文件的完整性。
3)分别从密码学理论、程序设计和对攻击高抵抗性的分析证明三个方面,验证了HMAC-ECDSA算法比椭圆曲线数字签名算法的安全强度更高。从密码学理论分析,HMAC可以使用密钥且HMAC算法的验证只在当时有效;在程序设计中实现HMAC时,可以将嵌入的哈希算法作为一个独立的模块,根据安全强度的需求替换哈希算法模块;在对攻击高抵抗性的证明中,利用模运算对HMAC-ECDSA算法的安全强度进行了验证。
总之,本文采用的HMAC-ECDSA算法具有更高的安全性,可以抵抗否认、伪造和生日攻击等。本文设计的功能模块的实现采用了VC++6.0,这使得功能模块有很好的可扩展性、可重用性、独立性等特点。所设计的基于HMC-ECDSA算法的文件签名和验证软件具有安全性高、操作简单等特点。
With the rapid development of digital information and extensive application of computer, people pay more attention to the security of the information in networks. Hackers intrude a computer system by exploiting some security vulnerability. They can do some activities without authorization such as acquiring the control authority of the system, attacking the system, hiding their tracks, opening back door. The most efficient method is tampering with files such as putting their monitoring program into the system, replacing the key file, compiling trusted file.
File integrity checking is one of the most efficient means of protecting the files of the objective computer. The common method of file integrity checking is comparing the later hash value of the file with the original of the file by using a hash function, which make sure whether the contents or attributes of a file has changed. At present, there are some hash algorithms such as MD5, SHA-1. It becomes urgent to produce a new securer algorithm because of the explanation ofMD5 and SHA-1.
Although ECDSA has been used to implement identity authentication, this thesis adopts it as a kind of resolution to check file integrity. SHA-1 is the hash function of ECDSA. For SHA-1 has been explained, the security of SHA-1 isn't trusted. Because guessing the key is very difficult, HMAC is securer than SHA-1 to a certain extent.
The improved ECDSA which is called HMAC-ECDSA adopts HMAC to compute the hash value rather than SHA-1. Then it is applied to file integrity checking. The contents of the thesis are as follows:
1) The current situations and the development trend of the elliptic curve cryptography are introduced. The security of ECDSA is analyzed in detail based on ECC and the security of ECDLP.
2) HMAC-ECDSA is put forward and the implementation of the algorithm is described in detail. The thesis uses VC++6.0 to implement HMAC-ECDSA, since VC++6.0 has several advantages such as performing an important computing function, designing a better interface and compatibility. A file signature-verification system which based on HMAC-ECDSA is designed and realized. The file signature-verification system has four function blocks such as the production of key pairs, signing a file, verifying the signature and HMAC. The file integrity is not only checked by verifying the signature but also by computing the HMAC value of the file.
3) HMAC-ECDSA is proved to be effective in implementing file's security by the theory of cryptography, program design and the high resistibility prove to attacks. HMAC compute the hash value of a file using a given key and the usability of this verification is instantaneous. Because the implanted hash function of HMAC is implemented as an individual function block, this block could be replaced easily according to the security request. The high capability of withstanding attacks of HMAC-ECDSA algorithm is proved by using modular arithmetic.
In a word, HMAC-ECDSA in this thesis has high security, it is capable to withstand several attacks such as negational attack, forgery attack and birthday attack. The function blocks adopt VC++6.0 in the thesis so that function blocks have some characteristics such as expandability, reusability, independence. The file signature-verification system is characterized by high security and easy operation.
文件完整性检查是保护目标主机上的文件安全的最有效方法之一。文件完整性检查最常用的方法是比较利用哈希算法计算出的哈希值,判断出文件的内容或属性是否被改动。目前采用的哈希算法主要有MD5、SHA-1等。但随着MD5、SHA-1等算法相继被破解,迫切需要寻找一种新的更为安全的算法来进行文件完整性检查。
椭圆曲线数字签名算法常用于身份认证,但可以利用其进行文件完整性的检查。该算法中用于计算消息哈希值的是SHA-1算法,但是SHA-1算法已经被破解,其安全强度已受到质疑。密钥哈希算法HMAC相对于SHA-1算法增加了密钥,由于篡改者无法知道密钥,所以一定程度上HMAC算法较SHA-1算法要安全。
本文用HMAC算法替代SHA-1算法,作为椭圆曲线数字签名算法中的计算消息哈希值的算法,并将改进后的算法称为密钥哈希消息认证码椭圆曲线数字签名算法(HMAC-ECDSA),然后将其应用到文件的完整性检查中。主要完成了以下几个工作:
1)对椭圆曲线密码体制的研究现状及发展趋势进行了研究和分析。在对椭圆曲线密码体制和椭圆曲线离散对数问题的安全性分析基础上,重点研究了椭圆曲线数字签名算法的安全性。
2)提出了HMAC-ECDSA算法,并对该算法的实现流程进行了详细阐述。然后,本文利用有较强数学功能、可设计友好界面且有很好兼容性的VC++6.0作为该算法的开发工具,设计密钥对的生成、签名文件、验证文件签名和计算HMAC等功能模块,来实现一个对文件签名并验证签名的软件。该软件不仅可以通过验证文件的签名来验证文件的完整性,而且还可以通过HMAC算法来验证文件的完整性。
3)分别从密码学理论、程序设计和对攻击高抵抗性的分析证明三个方面,验证了HMAC-ECDSA算法比椭圆曲线数字签名算法的安全强度更高。从密码学理论分析,HMAC可以使用密钥且HMAC算法的验证只在当时有效;在程序设计中实现HMAC时,可以将嵌入的哈希算法作为一个独立的模块,根据安全强度的需求替换哈希算法模块;在对攻击高抵抗性的证明中,利用模运算对HMAC-ECDSA算法的安全强度进行了验证。
总之,本文采用的HMAC-ECDSA算法具有更高的安全性,可以抵抗否认、伪造和生日攻击等。本文设计的功能模块的实现采用了VC++6.0,这使得功能模块有很好的可扩展性、可重用性、独立性等特点。所设计的基于HMC-ECDSA算法的文件签名和验证软件具有安全性高、操作简单等特点。
With the rapid development of digital information and extensive application of computer, people pay more attention to the security of the information in networks. Hackers intrude a computer system by exploiting some security vulnerability. They can do some activities without authorization such as acquiring the control authority of the system, attacking the system, hiding their tracks, opening back door. The most efficient method is tampering with files such as putting their monitoring program into the system, replacing the key file, compiling trusted file.
File integrity checking is one of the most efficient means of protecting the files of the objective computer. The common method of file integrity checking is comparing the later hash value of the file with the original of the file by using a hash function, which make sure whether the contents or attributes of a file has changed. At present, there are some hash algorithms such as MD5, SHA-1. It becomes urgent to produce a new securer algorithm because of the explanation ofMD5 and SHA-1.
Although ECDSA has been used to implement identity authentication, this thesis adopts it as a kind of resolution to check file integrity. SHA-1 is the hash function of ECDSA. For SHA-1 has been explained, the security of SHA-1 isn't trusted. Because guessing the key is very difficult, HMAC is securer than SHA-1 to a certain extent.
The improved ECDSA which is called HMAC-ECDSA adopts HMAC to compute the hash value rather than SHA-1. Then it is applied to file integrity checking. The contents of the thesis are as follows:
1) The current situations and the development trend of the elliptic curve cryptography are introduced. The security of ECDSA is analyzed in detail based on ECC and the security of ECDLP.
2) HMAC-ECDSA is put forward and the implementation of the algorithm is described in detail. The thesis uses VC++6.0 to implement HMAC-ECDSA, since VC++6.0 has several advantages such as performing an important computing function, designing a better interface and compatibility. A file signature-verification system which based on HMAC-ECDSA is designed and realized. The file signature-verification system has four function blocks such as the production of key pairs, signing a file, verifying the signature and HMAC. The file integrity is not only checked by verifying the signature but also by computing the HMAC value of the file.
3) HMAC-ECDSA is proved to be effective in implementing file's security by the theory of cryptography, program design and the high resistibility prove to attacks. HMAC compute the hash value of a file using a given key and the usability of this verification is instantaneous. Because the implanted hash function of HMAC is implemented as an individual function block, this block could be replaced easily according to the security request. The high capability of withstanding attacks of HMAC-ECDSA algorithm is proved by using modular arithmetic.
In a word, HMAC-ECDSA in this thesis has high security, it is capable to withstand several attacks such as negational attack, forgery attack and birthday attack. The function blocks adopt VC++6.0 in the thesis so that function blocks have some characteristics such as expandability, reusability, independence. The file signature-verification system is characterized by high security and easy operation.
引文
[1] 张鹏,椭圆曲线数字签名的研究与应用,[学位论文],大连,大连理工大学,2005
[2] N Koblitz, Elliptic curve cryptosystems, Mathematics of Computation, 1987, 48(177), pp. 203-209
[3] V. S. Miller, Use of elliptic curves in cryptography, Advanced in Cryptography, CRYPTO'85, Lecture Notes in Computer Science, 1985, 218, pp. 417-426
[4] 赵小林,彭祖林,王亚彬著,网络安全技术教程,北京,国防工业出版社,2002, pp.3-7
[5] 张千里,陈光英著,网络安全新技术,北京,人民邮电出版社,2003,pp.10
[6] Douglas R. Slinson, Cryptography Theory and Practice, Beijing, Publishing house of electronics industry, 2002, pp. 20
[7] 肖磊,林惠强,刘才兴,基于SHA-1和Java的电子邮件安全传输,现代计算机,2005, 20(4),pp.89-92
[8] 林雅榕,侯整风,对哈希算法SHA-1的分析和改进,计算机技术与发展,2006,16(3),PP.124-126
[9] NIST, FIPS Pub 198, FIPS Pub 198-2002, The Keyed-Hash Message Authentication Code(HMAC), U. S., Federal Information Processing Standards Publication, 2002
[10] 王红霞,陆塞群,基于HMAC-SHA1算法的消息认证机制,山西师范大学学报(自然科学版),2005,19(1),pp.30-33
[11] 邓江华,胡志华,牛冀平,AES加密算法的研究与实现,微型电脑应用,2005,21(7),PP.15-19
[12] 夏新军,俞能海,陆铭,针对RC4算法的无线局域网攻击,计算机工程与应用,2004,40(29),PP.191-194
[13] 宋维平,流密码与RC4算法,吉林师范大学学报 (自然科学版),2005,5(20),pp.71-72
[14] Fluhrer S, McGrew D, Statistical Analysis of the Alleged RC4 Key Stream Generator, Proceedings, Fast Software Encryption 2000, 2000
[15] I Mantin, A Shamir, A Practical Attack on Broadcast RC4, Proceedings, Fast Software Encryption, 2001
[16] 王宇晓,利用RSA算法实现数字签名,潍坊学院学报,2005,5(2),PP.18-20
[17] Ronald L, Rivest, Adi Shamir, Leonard Adleman, A method for obtaining digital signatures and public key cryptosystems, Communications of the ACM , 1978, 21(2), pp. 120-126
[18] 赵小明,章美仁,DSA数字签名技术在公文交换中的应用与设计,计算机应用与软件,2005,22(6),PP.14-16
[19] 汤卫东,李为民,周永权,利用ElGamal算法改进Kerberos协议,计算机工程与应用,2006,6(11),pp.2063-2065
[20] 林华,彭代渊,椭圆曲线代理数字签名体制,计算机应用,2004,24(6),pp.216-217
[21] 曹珍富,薛庆水,密码学的发展方向与最新进展,计算机教育,2005,1(1),pp.19-21
[22] 胡磊,王鹏等译,应用密码学手册,北京,电子工业出版社,2005,pp.65-66
[23] 裴定一,祝跃飞,算法数论,北京,科学出版社,2002,pp.95-98
[24] 蒋臻,基于ECC的密码系统研究与设计,[学位论文],苏州,苏州大学,2003
[25] 刘志猛,彭代渊,基于椭圆曲线加密体制的实现,信息安全与通信保密,2006,(4),pp.94-96
[26] 郝林,罗平,彭小宁,一种改进的椭圆曲线离散对数快速冗余算法,计算机研究与发展,2004,41(1),pp.79-82
[27] 赵云辉,椭圆曲线密码系统的实现及安全性分析,[学位论文],长沙,中南大学,2005
[28] 李俊芳,崔建双,抗MOV规约法攻击的一类安全椭圆曲线,计算机工程与应用,2004,(36),pp.67-69
[29] Prey G, Muller M, Ruck H, The hate pairing and discrete logarithm applied to elliptic curve cryptosystems, IEEE Trans. Theory, 1999, (45), pp. 1717-1719
[30] Smart N P, The Discrete Logarithm Problem on Elliptic Curves ofTrace One, Journal of Cryptology, 1999, 12(3), pp. 193-196
[31] T Satoh, K Araki, Feirnat Quotients and the Polynomial Time Discrete Log Algorithm for Anomalous Elliptic Curves, Comm Math Pauli, 1998, 47(1), pp. 81-92
[32] Richard M. Nunno, Electronic signatures: technology developments and legislative issues, Government Informatian Quarterly, 2000, 17(4), pp. 395-401
[33] 谭晓荣,特殊数字签名在校园网办公系统中的应用研究,[学位论文],重庆,西南大学,2006
[34] Pointcheval D., Stem J., Security arguments for digital signatures and blind signatures, Journal of Cryptology, 2000, 13(3), pp. 361-396
[35] ANSI, ANSI X9.62, ANSI X9.62-1998, Public Key Cryptography for the Financial Services Industry: the Elliptic Curve Digital Signature Algorithm(ECDSA), U. S., 1998
[36] NIST, FIPS 186-2, FIPS 186-2-2000, Digital Signature Standard (DSS), U. S., NIST, 2000
[37] IEEE, IEEE 1363/D13, IEEE 1363/D13-1999, Standard Specifications for Public Key Cryptography, U. S., IEEE, 1999
[38] SEC, SEC1, SEC1-2000, Elliptic Curve Cryptography, U. S., SEC, 2000
[39] 王德力,ECDSA在移动电子商务中的应用,[学位论文],沈阳,东北大学,2005
[40] Chandra Pravir, Messier Matt, Viega John, Network Security with Openssl, U. S., O'Reilly, 2002, pp. 5
[2] N Koblitz, Elliptic curve cryptosystems, Mathematics of Computation, 1987, 48(177), pp. 203-209
[3] V. S. Miller, Use of elliptic curves in cryptography, Advanced in Cryptography, CRYPTO'85, Lecture Notes in Computer Science, 1985, 218, pp. 417-426
[4] 赵小林,彭祖林,王亚彬著,网络安全技术教程,北京,国防工业出版社,2002, pp.3-7
[5] 张千里,陈光英著,网络安全新技术,北京,人民邮电出版社,2003,pp.10
[6] Douglas R. Slinson, Cryptography Theory and Practice, Beijing, Publishing house of electronics industry, 2002, pp. 20
[7] 肖磊,林惠强,刘才兴,基于SHA-1和Java的电子邮件安全传输,现代计算机,2005, 20(4),pp.89-92
[8] 林雅榕,侯整风,对哈希算法SHA-1的分析和改进,计算机技术与发展,2006,16(3),PP.124-126
[9] NIST, FIPS Pub 198, FIPS Pub 198-2002, The Keyed-Hash Message Authentication Code(HMAC), U. S., Federal Information Processing Standards Publication, 2002
[10] 王红霞,陆塞群,基于HMAC-SHA1算法的消息认证机制,山西师范大学学报(自然科学版),2005,19(1),pp.30-33
[11] 邓江华,胡志华,牛冀平,AES加密算法的研究与实现,微型电脑应用,2005,21(7),PP.15-19
[12] 夏新军,俞能海,陆铭,针对RC4算法的无线局域网攻击,计算机工程与应用,2004,40(29),PP.191-194
[13] 宋维平,流密码与RC4算法,吉林师范大学学报 (自然科学版),2005,5(20),pp.71-72
[14] Fluhrer S, McGrew D, Statistical Analysis of the Alleged RC4 Key Stream Generator, Proceedings, Fast Software Encryption 2000, 2000
[15] I Mantin, A Shamir, A Practical Attack on Broadcast RC4, Proceedings, Fast Software Encryption, 2001
[16] 王宇晓,利用RSA算法实现数字签名,潍坊学院学报,2005,5(2),PP.18-20
[17] Ronald L, Rivest, Adi Shamir, Leonard Adleman, A method for obtaining digital signatures and public key cryptosystems, Communications of the ACM , 1978, 21(2), pp. 120-126
[18] 赵小明,章美仁,DSA数字签名技术在公文交换中的应用与设计,计算机应用与软件,2005,22(6),PP.14-16
[19] 汤卫东,李为民,周永权,利用ElGamal算法改进Kerberos协议,计算机工程与应用,2006,6(11),pp.2063-2065
[20] 林华,彭代渊,椭圆曲线代理数字签名体制,计算机应用,2004,24(6),pp.216-217
[21] 曹珍富,薛庆水,密码学的发展方向与最新进展,计算机教育,2005,1(1),pp.19-21
[22] 胡磊,王鹏等译,应用密码学手册,北京,电子工业出版社,2005,pp.65-66
[23] 裴定一,祝跃飞,算法数论,北京,科学出版社,2002,pp.95-98
[24] 蒋臻,基于ECC的密码系统研究与设计,[学位论文],苏州,苏州大学,2003
[25] 刘志猛,彭代渊,基于椭圆曲线加密体制的实现,信息安全与通信保密,2006,(4),pp.94-96
[26] 郝林,罗平,彭小宁,一种改进的椭圆曲线离散对数快速冗余算法,计算机研究与发展,2004,41(1),pp.79-82
[27] 赵云辉,椭圆曲线密码系统的实现及安全性分析,[学位论文],长沙,中南大学,2005
[28] 李俊芳,崔建双,抗MOV规约法攻击的一类安全椭圆曲线,计算机工程与应用,2004,(36),pp.67-69
[29] Prey G, Muller M, Ruck H, The hate pairing and discrete logarithm applied to elliptic curve cryptosystems, IEEE Trans. Theory, 1999, (45), pp. 1717-1719
[30] Smart N P, The Discrete Logarithm Problem on Elliptic Curves ofTrace One, Journal of Cryptology, 1999, 12(3), pp. 193-196
[31] T Satoh, K Araki, Feirnat Quotients and the Polynomial Time Discrete Log Algorithm for Anomalous Elliptic Curves, Comm Math Pauli, 1998, 47(1), pp. 81-92
[32] Richard M. Nunno, Electronic signatures: technology developments and legislative issues, Government Informatian Quarterly, 2000, 17(4), pp. 395-401
[33] 谭晓荣,特殊数字签名在校园网办公系统中的应用研究,[学位论文],重庆,西南大学,2006
[34] Pointcheval D., Stem J., Security arguments for digital signatures and blind signatures, Journal of Cryptology, 2000, 13(3), pp. 361-396
[35] ANSI, ANSI X9.62, ANSI X9.62-1998, Public Key Cryptography for the Financial Services Industry: the Elliptic Curve Digital Signature Algorithm(ECDSA), U. S., 1998
[36] NIST, FIPS 186-2, FIPS 186-2-2000, Digital Signature Standard (DSS), U. S., NIST, 2000
[37] IEEE, IEEE 1363/D13, IEEE 1363/D13-1999, Standard Specifications for Public Key Cryptography, U. S., IEEE, 1999
[38] SEC, SEC1, SEC1-2000, Elliptic Curve Cryptography, U. S., SEC, 2000
[39] 王德力,ECDSA在移动电子商务中的应用,[学位论文],沈阳,东北大学,2005
[40] Chandra Pravir, Messier Matt, Viega John, Network Security with Openssl, U. S., O'Reilly, 2002, pp. 5