| 容忍入侵的CA方案设计与实现 |
| |
| 引用本文: | 钱晓捷,赵亚涛,宋兵.容忍入侵的CA方案设计与实现[J].计算机工程与设计,2011,32(10):3262-3265. |
| |
| 作者姓名: | 钱晓捷 赵亚涛 宋兵 |
| |
| 作者单位: | 郑州大学信息工程学院,河南郑州,450001 |
| |
| 基金项目: | 国家科技重大基金项目(2009ZX03001-018) |
| |
| 摘 要: | 为了提高联网(certificate authority,CA)的安全性,基于(t,n)秘密共享思想,引入安全芯片及RSA分步签名方法,提出了一种具有容忍入侵能力的CA方案。新提出的CA方案从算法理论和系统架构两方面着手,克服传统CA的安全缺陷,保证CA私钥在产生、拆分和分步签名时的安全性,有效地解决了CA抵抗内外部攻击问题,确保了联网CA系统具有一定的入侵容忍能力。最后通过C++和OpenSSL实现了CA系统,验证了该CA方案的可行性。
|
| 关 键 词: | 认证中心(CA) 数字签名 秘密共享 安全芯片 入侵容忍 |
Design and implementation of intrusion tolerant CA scheme |
| |
| QIAN Xiao-jie,ZHAO Ya-tao,SONG Bing.Design and implementation of intrusion tolerant CA scheme[J].Computer Engineering and Design,2011,32(10):3262-3265. |
| |
| Authors: | QIAN Xiao-jie ZHAO Ya-tao SONG Bing |
| |
| Affiliation: | QIAN Xiao-jie,ZHAO Ya-tao,SONG Bing(School of Information Engineering,Zhengzhou University,Zhengzhou 450001,China) |
| |
| Abstract: | In order to improve the safety of online CA,security chip,step-by-step signature method and(t,n) secret sharing theory are imported,a scheme is presented which could put up with attacks for CA.The new scheme started by the algorithm theory and the system architecture,overcome the shortcomings of traditional CA.The new one effectively solves the problem of resistance to internal and external attacks,to ensure that online CA system has an intrusion tolerance.Finally,the CA system is implemented by C++ and Ope... |
| |
| Keywords: | certificate authority(CA) digital signature secret sharing security chip intrusion tolerant |
| 本文献已被 CNKI 万方数据 等数据库收录! |
|
