| PKI安全的关键:CA的私钥保护 |
| |
| 引用本文: | 曹来成. PKI安全的关键:CA的私钥保护[J]. 微计算机信息, 2005, 0(26) |
| |
| 作者姓名: | 曹来成 |
| |
| 作者单位: | 兰州理工大学计算机与通信学院 |
| |
| 基金项目: | 国家高技术研究发展规划(863)编号No.2002AA415270、No.2003AA4Z1070,兰州理工大学科研发展资助项目(NO.SB20200401) |
| |
| 摘 要: | 文章指出了PKI(PublicKeyInfrastructure)安全的关键是CA(CertificateAuthority)的私钥保护。由于ECC(EllipticCurveCryptography)比RSA等其他公钥密码系统能够提供更好的加密强度、更快的执行速度和更小的密钥长度,因此本文提出了一种基于椭圆曲线密码体制的组零知识证明方法和入侵容忍技术有机结合的私钥合成算法,通过影子服务器的影子安全地保护了私钥、无信息泄露地验证了私钥,而且在受攻击后仍能继续工作。通过可复原性和抗合谋性两方面的安全性分析得此策略有地解决了CA私钥的安全保护问题。
|
| 关 键 词: | CA 私钥 入侵容忍 椭圆曲线密码体制(ECC) 组零知识证明 |
The Linchpin upon PKI Security: Protecting Private Key of CA |
| |
| Cao,Laicheng. The Linchpin upon PKI Security: Protecting Private Key of CA[J]. Control & Automation, 2005, 0(26) |
| |
| Authors: | Cao Laicheng |
| |
| Affiliation: | (School of Computer and Communication,Lanzhou University of Technology,Lanzhou 730050,China)Cao,Laicheng |
| |
| Abstract: | This paper points out that linchpin upon PKI (Public Key Infrastructure) security is the protecting private key of CA (Certificate Authority). It is shown that ECC (Elliptic Curve Cryptography) can provide greater strength, higher speed and smaller keys than other systems, therefore putting forward the arithmetic of synthesized private key, which is based on the or- ganic combination between the group zero- knowledge proof of the ECC and the intrusion tolerance technology. Through the share of the share servers, the private key can be protected safely, and validated without leaking information, further more the system can work sequentially after it is attacked. And also reveals that this tactic effectively solves the problem of protect- ing safely the CA private key to depend on analysis of the secu- rity from resilience and withstanding conspiracy attack. |
| |
| Keywords: | CA private key intrusion tolerance Elliptic Curve Cryptography (ECC) Group zero- knowledge proof. |
| 本文献已被 CNKI 等数据库收录! |
