摘要
本文研究对等通信(Peer to Peer Communication)中信息安全的关键技术:密钥自动生成策略。
当前信息安全涉及很多方面,其中密码算法的安全性是一个重要环节,但是如果要完全保证密码算法不被泄漏是不可能的,所以当前信息安全领域一般公开密码算法,而通过其用来加密的密钥的保密性来确保信息的安全,所以密钥的管理和交换也是信息安全的一个关键技术。
本文通过分析当前流行的密钥管理和交换协议(如 Diffie-Hellman 密钥交换协议和 PKI 技术),针对其固有的缺点,提出一种可调密钥自动生成的策略。此方法主要分为四个阶段:建立原始密钥、从原始密钥中提取信息、使用纠错码技术纠错密钥、密钥可控性。通过此策略,我们可以生成任意长度的密钥供用户在对称加密算法中使用。
生成密钥后,为了验证其结果确实满足密钥的基本要求——随机性,我们还将使用一套测试工具(NIST),测试密钥的随机性质。通过测试,说明它具有良好随机性,可用于各种对称加密算法。
此策略生成的密钥用于对等通信中的信息加密,与现有的密钥交换协议和PKI 技术相比,技术更简单、更安全、更易于使用和管理,且密钥长度可调、可随时间更换。
A crucial technique of information secure for peer to peercommunication—adjustable secure key automatic establishment method is discussedin this paper.
Currently, the technique of information secure include many factors. Amongthem, the secure of cryptographical method is a important part. But it is impossible forus to ensure the cryptographical method not to be leaked. So people used to make themethod open and ensure the security of information by the security of securepassword. The management and exchange of the secure password is also a keytechnique of the information secure.
By analyzing the popular protocol of key management and exchange(such asDiffie-Hellman----the key exchange agreement and the PKI technique), aiming atadvantages and disadvantages of these protocols, we put forword a kind of newtechnique for peer to peer communication. This method mainly is divided into fourstage:the raw key generation, the key distillation, the key rectification and the keycontrolment. By the strategy, we can establish the key with arbitary length to use insymmetrily encryption.
After the key generation, in order to verify its result to really satisfy the basicrequest of the key- randomicity, we will use a set of test tool(NIST) to test the randomproperty of the key. Passing the test, the key has a well randomicity and can used forvarious symmetry encryption.
Using this technique, we can build a secure key for information encryption. It ismore simple and secure than PKI technique. It is easy to use and manage. Meanwhilethe key built by this way is adjustable in length and existence period.
引文
[1] 杨义先,纽心析. 网络安全理论与技术. 北京:人民邮电出版社,2000
[2] Bruce Schneier. Applied Cryptography. Second Edition. Protocols. Algorthms, and Source Code in C.Wiley Computer,1996
[3] Joan Daemen,Vincent Rijmen(著).谷大武,徐胜波(译).高级加密标准(AES)算法—Rijndael 的设计. 北京:清华大学出版社,2002
[4] Dr. Andreas, U.Schmidt. Cryptography in the Age of Quantum Computers. 2003. 5~10
[5] J.Liu.密码学简介及与密码学有关的数学基础. 2002. 12~30
[6] Ninghui, Li. Key Establishment Protocols. 2004. 30~55
[7] Ralf Brunner, Christian Cachin, Ueli Maurer, Christian Von?sch. Secure Key Agreement by Public Discussion.1997. 11~30
[8] Michael Welschenbach.. Cryptography in C and C++. Apress, 2001
[9] Ueli Maurer. Information Theoretic Security in Cryptography. 1997. 30~35
[10] Ueli Maurer, Stefan Wolf. The Diffie-Hellman Protocol. 1999. 3~10
[11] 胡新祥,褚映红,胡予濮. 基于 NTRU 公钥体制的密钥交换协议.
[12] 杨献春. Diffie-Hellman 密钥交换算法及其优化. 2001. 3~12
[13] Charles H.Bennett, Gills Brassard. Generalized Privacy Amplification. 1995, 13~29
[14] 王昭.网络与信息安全. 1998, 10~36
[15] Niels Ferguson, Doug Whiting, Bruce Schneier, John Kelsey, Stefan Lucks, Tadayoshi Kohno. Fast Encryption and Authentication in a Single Cryptographic Primitive. 1999. 10~25
[16] Anna Lysyanskaya, Ronald L.Rivest, Amit Sahai, Stefan Wolf. Pseudonym System.16-25
[17] Patricio Parada-Salgado. Information Measures in Cryptography.1996
[18] Christian Cachin. Smooth Entropy and Renyi Entropy. 2001.
[19] Bit Commitment Protocol Over a Noisy Channel. 1999. 12~30
[20] G.Gibert, M.Hamrick, F.J.Thayer. Privacy Amplification in Quantum Key Distribution:Pointwise Bound versus Average Bound. 1998. 90~102
[21] Jean Monnerat, Serge Vaudenay. On some Weak Extensions of AES and BES. 1998. 30~70
[22] Antonio Acyn, Lluis Masanes, Nicolas Gisin. Equivalence between Two-Qubit Entanglement and Secure Key Distribution. 1995. 50~70
[23] Thomas Baignμeres, Pascal Junod, Serge Vaudenay. How Far Can We Go Beyond Linear Cryptanalysis. 1994. 30~50
[24] 罗平宇. Hash 函数的攻击方法. 2000. 10~18