版權(quán)說明:本文檔由用戶提供并上傳,收益歸屬內(nèi)容提供方,若內(nèi)容存在侵權(quán),請(qǐng)進(jìn)行舉報(bào)或認(rèn)領(lǐng)
文檔簡(jiǎn)介
1、<p><b> 大學(xué)</b></p><p> 畢業(yè)設(shè)計(jì)(論文)外文資料翻譯</p><p> 學(xué)院(系): 計(jì)算機(jī)學(xué)院 </p><p> ?! I(yè): 信息安全 </p><p> 學(xué)生姓名: </p><p&
2、gt; 班級(jí)學(xué)號(hào): </p><p> 外文出處:William Stallings. Cryptography and Network Security, Fourth Edition. Prentice Hall. November 16, 2005</p><p> 附件:1.外文資料翻譯譯文;2.外文原文 </p><p>
3、; 外文資料翻譯——原文</p><p> 10.1. Key Management</p><p> In Chapter 7, we examined the problem of the distribution of secret keys. One of the major roles of public-key encryption has been to address
4、 the problem of key distribution. There are actually two distinct aspects to the use of public-key cryptography in this regard:</p><p> ?The distribution of public keys</p><p> ?The use of p
5、ublic-key encryption to distribute secret keys</p><p> We examine each of these areas in turn.</p><p> Distribution of Public Keys</p><p> Several techniques have been proposed f
6、or the distribution of public keys. Virtually all these proposals can be grouped into the following general schemes:</p><p> ?Public announcement</p><p> ?Publicly available directory</p&
7、gt;<p> ?Public-key authority</p><p> ?Public-key certificates</p><p> Public Announcement of Public Keys</p><p> On the face of it, the point of public-key encryption
8、is that the public key is public. Thus, if there is some broadly accepted public-key algorithm, such as RSA, any participant can send his or her public key to any other participant or broadcast the key to the community a
9、t large (Figure 10.1). For example, because of the growing popularity of PGP (pretty good privacy, discussed in Chapter 15), which makes use of RSA, many PGP users have adopted the practice of appending their public key
10、to mes</p><p> Although this approach is convenient, it has a major weakness. Anyone can forge such a public announcement. That is, some user could pretend to be user A and send a public key to another part
11、icipant or broadcast such a public key. Until such time as user A discovers the forgery and alerts other participants, the forger is able to read all encrypted messages intended for A and can use the forged keys for auth
12、entication (see Figure 9.3).</p><p> Publicly Available Directory</p><p> A greater degree of security can be achieved by maintaining a publicly available dynamic directory of public keys. Mai
13、ntenance and distribution of the public directory would have to be the responsibility of some trusted entity or organization (Figure 10.2). Such a scheme would include the following elements:</p><p> 1.The
14、 authority maintains a directory with a {name, public key} entry for each participant.</p><p> 2.Each participant registers a public key with the directory authority. Registration would have to be in perso
15、n or by some form of secure authenticated communication.</p><p> 3.A participant may replace the existing key with a new one at any time, either because of the desire to replace a public key that has alrea
16、dy been used for a large amount of data, or because the corresponding private key has been compromised in some way.</p><p> 4.Participants could also access the directory electronically. For this purpose,
17、secure, authenticated communication from the authority to the participant is mandatory.</p><p> This scheme is clearly more secure than individual public announcements but still has vulnerabilities. If an a
18、dversary succeeds in obtaining or computing the private key of the directory authority, the adversary could authoritatively pass out counterfeit public keys and subsequently impersonate any participant and eavesdrop on m
19、essages sent to any participant. Another way to achieve the same end is for the adversary to tamper with the records kept by the authority.</p><p> Public-Key Authority</p><p> Stronger securi
20、ty for public-key distribution can be achieved by providing tighter control over the distribution of public keys from the directory. A typical scenario is illustrated in Figure 10.3, which is based on a figure in [POPE79
21、]. As before, the scenario assumes that a central authority maintains a dynamic directory of public keys of all participants. In addition, each participant reliably knows a public key for the authority, with only the aut
22、hority knowing the corresponding private key.</p><p> 1. A sends a timestamped message to the public-key authority containing a request for the current public key of B.</p><p> 2. The author
23、ity responds with a message that is encrypted using the authority's private key, PRauth Thus, A is able to decrypt the message using the authority's public key. Therefore, A is assured that the message originated
24、 with the authority. The message includes the following:</p><p> ?B's public key, PUb which A can use to encrypt messages destined for B</p><p> ?The original request, to enable A to mat
25、ch this response with the corresponding earlier request and to verify that the original request was not altered before reception by the authority</p><p> ?The original timestamp, so A can determine that th
26、is is not an old message from the authority containing a key other than B's current public key</p><p> 3. A stores B's public key and also uses it to encrypt a message to B containing an identifier
27、 of A (IDA) and a nonce (N1), which is used to identify this transaction uniquely.</p><p> 4. B retrieves A's public key from the authority in the same manner as A retrieved B's public key.</p&g
28、t;<p> At this point, public keys have been securely delivered to A and B, and they may begin their protected exchange. However, two additional steps are desirable:</p><p> 5. B sends a message to
29、A encrypted with PUa and containing A's nonce (N1) as well as a new nonce generated by B (N2) Because only B could have decrypted message (3), the presence of N1 in message (6) assures A that the correspondent is B.&
30、lt;/p><p> 6. A returns N2, encrypted using B's public key, to assure B that its correspondent is A.</p><p> Thus, a total of seven messages are required. However, the initial four messages
31、need be used only infrequently because both A and B can save the other's public key for future use, a technique known as caching. Periodically, a user should request fresh copies of the public keys of its corresponde
32、nts to ensure currency.</p><p> Public-Key Certificates</p><p> The scenario of Figure 10.3 is attractive, yet it has some drawbacks. The public-key authority could be somewhat of a bottleneck
33、 in the system, for a user must appeal to the authority for a public key for every other user that it wishes to contact. As before, the directory of names and public keys maintained by the authority is vulnerable to tamp
34、ering.</p><p> An alternative approach, first suggested by Kohnfelder [KOHN78], is to use certificates that can be used by participants to exchange keys without contacting a public-key authority, in a way t
35、hat is as reliable as if the keys were obtained directly from a public-key authority. In essence, a certificate consists of a public key plus an identifier of the key owner, with the whole block signed by a trusted third
36、 party. Typically, the third party is a certificate authority, such as a government agenc</p><p> 1.Any participant can read a certificate to determine the name and public key of the certificate's owne
37、r.</p><p> 2.Any participant can verify that the certificate originated from the certificate authority and is not counterfeit.</p><p> 3.Only the certificate authority can create and update
38、certificates.</p><p> These requirements are satisfied by the original proposal in [KOHN78]. Denning [DENN83] added the following additional requirement:</p><p> 4.Any participant can verify
39、the currency of the certificate.</p><p> A certificate scheme is illustrated in Figure 10.4. Each participant applies to the certificate authority, supplying a public key and requesting a certificate.</p
40、><p> Figure 10.4. Exchange of Public-Key Certificates</p><p> Application must be in person or by some form of secure authenticated communication. For participant A, the authority provides a cer
41、tificate of the form</p><p> CA = E(PRauth, [T||IDA||PUa])</p><p> where PRauth is the private key used by the authority and T is a timestamp. A may then pass this certificate on to any other
42、participant, who reads and verifies the certificate as follows:</p><p> D(PUauth, CA) = D(PUauth, E(PRauth, [T||IDA||PUa])) = (T||IDA||PUa)</p><p> The recipient uses the authority's publi
43、c key, PUauth to decrypt the certificate. Because the certificate is readable only using the authority's public key, this verifies that the certificate came from the certificate authority. The elements IDA and PUa pr
44、ovide the recipient with the name and public key of the certificate's holder. The timestamp T validates the currency of the certificate. The timestamp counters the following scenario. A's private key is learned b
45、y an adversary. A generates a ne</p><p> In this context, the compromise of a private key is comparable to the loss of a credit card. The owner cancels the credit card number but is at risk until all possib
46、le communicants are aware that the old credit card is obsolete. Thus, the timestamp serves as something like an expiration date. If a certificate is sufficiently old, it is assumed to be expired.</p><p> On
47、e scheme has become universally accepted for formatting public-key certificates: the X.509 standard. X.509 certificates are used in most network security applications, including IP security, secure sockets layer (SSL), s
48、ecure electronic transactions (SET), and S/MIME, all of which are discussed in Part Two. X.509 is examined in detail in Chapter 14.</p><p> Distribution of Secret Keys Using Public-Key Cryptography</p>
49、;<p> Once public keys have been distributed or have become accessible, secure communication that thwarts eavesdropping (Figure 9.2), tampering (Figure 9.3), or both (Figure 9.4) is possible. However, few users w
50、ill wish to make exclusive use of public-key encryption for communication because of the relatively slow data rates that can be achieved. Accordingly, public-key encryption provides for the distribution of secret keys to
51、 be used for conventional encryption.</p><p> Simple Secret Key Distribution</p><p> An extremely simple scheme was put forward by Merkle [MERK79], as illustrated in Figure 10.5. If A wishes t
52、o communicate with B, the following procedure is employed:</p><p> 1. A generates a public/private key pair {PUa, PRa} and transmits a message to B consisting of PUa and an identifier of A, IDA.</p>
53、<p> 2. B generates a secret key, Ks, and transmits it to A, encrypted with A's public key.</p><p> 3. A computes D(PRa, E(PUa, Ks)) to recover the secret key. Because only A can decrypt the me
54、ssage, only A and B will know the identity of Ks.</p><p> 4. A discards PUa and PRa and B discards PUa.</p><p> Figure 10.5. Simple Use of Public-Key Encryption to Establish a Session Key<
55、/p><p> A and B can now securely communicate using conventional encryption and the session key Ks. At the completion of the exchange, both A and B discard Ks. Despite its simplicity, this is an attractive prot
56、ocol. No keys exist before the start of the communication and none exist after the completion of communication. Thus, the risk of compromise of the keys is minimal. At the same time, the communication is secure from eave
57、sdropping.</p><p> The protocol depicted in Figure 10.5 is insecure against an adversary who can intercept messages and then either relay the intercepted message or substitute another message (see Figure 1.
58、4c). Such an attack is known as a man-in-the-middle attack [RIVE84]. In this case, if an adversary, E, has control of the intervening communication channel, then E can compromise the communication in the following fashio
59、n without being detected:</p><p> 1.A generates a public/private key pair {PUa, PRa} and transmits a message intended for B consisting of PUa and an identifier of A, IDA.</p><p> 2.E interce
60、pts the message, creates its own public/private key pair {PUe, PRe} and transmits PUe||IDA to B.</p><p> 3.B generates a secret key, Ks, and transmits E(PUe, Ks).</p><p> 4.E intercepts the
61、message, and learns Ks by computing D(PRe, E(PUe, Ks)).</p><p> 5.E transmits E(PUa, Ks) to A.</p><p> The result is that both A and B know Ks and are unaware that Ks has also been revealed t
62、o E. A and B can now exchange messages using Ks E no longer actively interferes with the communications channel but simply eavesdrops. Knowing Ks E can decrypt all messages, and both A and B are unaware of the problem. T
63、hus, this simple protocol is only useful in an environment where the only threat is eavesdropping.</p><p> Secret Key Distribution with Confidentiality and Authentication</p><p> Figure 10.6,
64、based on an approach suggested in [NEED78], provides protection against both active and passive attacks. We begin at a point when it is assumed that A and B have exchanged public keys by one of the schemes described earl
65、ier in this section. Then the following steps occur:</p><p> 1. A uses B's public key to encrypt a message to B containing an identifier of A (IDA) and a nonce (N1), which is used to identify this tran
66、saction uniquely.</p><p> 2. B sends a message to A encrypted with PUa and containing A's nonce (N1) as well as a new nonce generated by B (N2) Because only B could have decrypted message (1), the pres
67、ence of N1 in message (2) assures A that the correspondent is B.</p><p> 3. A returns N2 encrypted using B's public key, to assure B that its correspondent is A.</p><p> 4. A selects a s
68、ecret key Ks and sends M = E(PUb, E(PRa, Ks)) to B. Encryption of this message with B's public key ensures that only B can read it; encryption with A's private key ensures that only A could have sent it.</p>
69、;<p> 5. B computes D(PUa, D(PRb, M)) to recover the secret key.</p><p> Figure 10.6. Public-Key Distribution of Secret Keys</p><p> Notice that the first three steps of this scheme a
70、re the same as the last three steps of Figure 10.3. The result is that this scheme ensures both confidentiality and authentication in the exchange of a secret key.</p><p> A Hybrid Scheme</p><p&g
71、t; Yet another way to use public-key encryption to distribute secret keys is a hybrid approach in use on IBM mainframes [LE93]. This scheme retains the use of a key distribution center (KDC) that shares a secret master
72、key with each user and distributes secret session keys encrypted with the master key. A public key scheme is used to distribute the master keys. The following rationale is provided for using this three-level approach:<
73、;/p><p> ?Performance: There are many applications, especially transaction-oriented applications, in which the session keys change frequently. Distribution of session keys by public-key encryption could degra
74、de overall system performance because of the relatively high computational load of public-key encryption and decryption. With a three-level hierarchy, public-key encryption is used only occasionally to update the master
75、key between a user and the KDC.</p><p> ?Backward compatibility: The hybrid scheme is easily overlaid on an existing KDC scheme, with minimal disruption or software changes.</p><p> The addit
76、ion of a public-key layer provides a secure, efficient means of distributing master keys. This is an advantage in a configuration in which a single KDC serves a widely distributed set of users.</p><p> 10.2
77、. Diffie-Hellman Key Exchange</p><p> The first published public-key algorithm appeared in the seminal paper by Diffie and Hellman that defined public-key cryptography [DIFF76b] and is generally referred to
78、 as Diffie-Hellman key exchange.[1] A number of commercial products employ this key exchange technique.</p><p> [1] Williamson of Britain's CESG published the identical scheme a few months earlier in a
79、classified document [WILL76] and claims to have discovered it several years prior to that; see [ELLI99] for a discussion.</p><p> The purpose of the algorithm is to enable two users to securely exchange a k
80、ey that can then be used for subsequent encryption of messages. The algorithm itself is limited to the exchange of secret values.</p><p> The Diffie-Hellman algorithm depends for its effectiveness on the di
81、fficulty of computing discrete logarithms. Briefly, we can define the discrete logarithm in the following way. First, we define a primitive root of a prime number p as one whose powers modulo p generate all the integers
82、from 1 to p 1. That is, if a is a primitive root of the prime number p, then the numbers</p><p> a mod p, a2 mod p,..., ap1 mod p</p><p> are distinct and consist of the integers from 1 throug
83、h p 1 in some permutation.</p><p> For any integer b and a primitive root a of prime number p, we can find a unique exponent i such that</p><p> b ≡ai (mod p) where 0 ≤ i ≤ (p -1)</p>&
84、lt;p> The exponent i is referred to as the discrete logarithm of b for the base a, mod p. We express this value as dloga,p (b). See Chapter 8 for an extended discussion of discrete logarithms.</p><p> T
85、he Algorithm</p><p> Figure 10.7 summarizes the Diffie-Hellman key exchange algorithm. For this scheme, there are two publicly known numbers: a prime number q and an integer that is a primitive root of q. S
86、uppose the users A and B wish to exchange a key. User A selects a random integer XA < q and computes YA = aXA mod q. Similarly, user B independently selects a random integer XA < q and computes YB = aXB mod q. Each
87、 side keeps the X value private and makes the Y value available publicly to the other side. User A co</p><p> K= (YB)XA mod q </p><p> = (aXB mod q)XA mod q </p><p> = (aXB)XA
88、 mod qby the rules of modular arithmetic</p><p> = (aXB XA mod q </p><p> = (aXA)XB mod q </p><p> = (aXA mod q) </p><p> = (aXA mod q)XB mod q </p><
89、;p> = (YA)XB mod q</p><p> Figure 10.7. The Diffie-Hellman Key Exchange Algorithm</p><p> The result is that the two sides have exchanged a secret value. Furthermore, because XA and XB ar
90、e private, an adversary only has the following ingredients to work with: q, a, YA, and YB. Thus, the adversary is forced to take a discrete logarithm to determine the key. For example, to determine the private key of use
91、r B, an adversary must compute</p><p> XB = dloga,q (YB)</p><p> The adversary can then calculate the key K in the same manner as user B calculates it.</p><p> The security of th
92、e Diffie-Hellman key exchange lies in the fact that, while it is relatively easy to calculate exponentials modulo a prime, it is very difficult to calculate discrete logarithms. For large primes, the latter task is consi
93、dered infeasible.</p><p> Here is an example. Key exchange is based on the use of the prime number q = 353 and a primitive root of 353, in this case a = 3. A and B select secret keys XA = 97 and XB = 233,
94、respectively. Each computes its public key:</p><p> A computes YA= 397 mod 353= 40.</p><p> B computes YB= 3233 mod 353= 248.</p><p> After they exchange public keys, each ca
95、n compute the common secret key:</p><p> A computes K= (YB)XA mod 353= 24897 mod 353=160.</p><p> B computes K= (YA)XE mod 353= 40233 mod 353= 160.</p><p> We assume an att
96、acker would have available the following information:</p><p> q = 353; a = 3; YA = 40; YB = 248</p><p> In this simple example, it would be possible by brute force to determine the secret key
97、160. In particular, an attacker E can determine the common key by discovering a solution to the equation 3a mod 353 = 40 or the equation 3b mod 353 = 248. The brute-force approach is to calculate powers of 3 modulo 353,
98、stopping when the result equals either 40 or 248. The desired answer is reached with the exponent value of 97, which provides 397 mod 353 = 40.</p><p> With larger numbers, the problem becomes impractical.&
99、lt;/p><p> Key Exchange Protocols</p><p> Figure 10.8 shows a simple protocol that makes use of the Diffie-Hellman calculation. Suppose that user A wishes to set up a connection with user B and u
100、se a secret key to encrypt messages on that connection. User A can generate a one-time private key XA, calculate YA, and send that to user B. User B responds by generating a private value XB calculating YB, and sending Y
溫馨提示
- 1. 本站所有資源如無(wú)特殊說明,都需要本地電腦安裝OFFICE2007和PDF閱讀器。圖紙軟件為CAD,CAXA,PROE,UG,SolidWorks等.壓縮文件請(qǐng)下載最新的WinRAR軟件解壓。
- 2. 本站的文檔不包含任何第三方提供的附件圖紙等,如果需要附件,請(qǐng)聯(lián)系上傳者。文件的所有權(quán)益歸上傳用戶所有。
- 3. 本站RAR壓縮包中若帶圖紙,網(wǎng)頁(yè)內(nèi)容里面會(huì)有圖紙預(yù)覽,若沒有圖紙預(yù)覽就沒有圖紙。
- 4. 未經(jīng)權(quán)益所有人同意不得將文件中的內(nèi)容挪作商業(yè)或盈利用途。
- 5. 眾賞文庫(kù)僅提供信息存儲(chǔ)空間,僅對(duì)用戶上傳內(nèi)容的表現(xiàn)方式做保護(hù)處理,對(duì)用戶上傳分享的文檔內(nèi)容本身不做任何修改或編輯,并不能對(duì)任何下載內(nèi)容負(fù)責(zé)。
- 6. 下載文件中如有侵權(quán)或不適當(dāng)內(nèi)容,請(qǐng)與我們聯(lián)系,我們立即糾正。
- 7. 本站不保證下載資源的準(zhǔn)確性、安全性和完整性, 同時(shí)也不承擔(dān)用戶因使用這些下載資源對(duì)自己和他人造成任何形式的傷害或損失。
最新文檔
- 密鑰分散管理系統(tǒng)—密鑰生成算法實(shí)現(xiàn).pdf
- 密鑰管理系統(tǒng)
- 密鑰分配與密鑰管理
- 基于DLKM算法的密鑰管理系統(tǒng)設(shè)計(jì)與實(shí)現(xiàn).pdf
- 組播密鑰管理算法的研究和實(shí)現(xiàn).pdf
- XML密鑰管理系統(tǒng)的研究和實(shí)現(xiàn).pdf
- 密鑰管理系統(tǒng)的前臺(tái)設(shè)計(jì)與實(shí)現(xiàn).pdf
- XML密鑰管理系統(tǒng)研究及實(shí)現(xiàn).pdf
- 組播密鑰管理算法研究.pdf
- 密鑰管理基礎(chǔ)設(shè)施中的非對(duì)稱密鑰管理系統(tǒng)設(shè)計(jì).pdf
- 武漢ETC密鑰管理系統(tǒng)的研究與實(shí)現(xiàn).pdf
- 銀行密鑰安全管理系統(tǒng)的設(shè)計(jì)與實(shí)現(xiàn).pdf
- 指紋密鑰算法研究.pdf
- 密鑰恢復(fù)系統(tǒng)的研究與實(shí)現(xiàn).pdf
- 金融IC卡密鑰管理系統(tǒng)的設(shè)計(jì)與實(shí)現(xiàn).pdf
- 硬盤加密卡密鑰管理系統(tǒng)的設(shè)計(jì)與實(shí)現(xiàn).pdf
- 移動(dòng)自組網(wǎng)密鑰管理算法研究.pdf
- 基于Agent的密鑰管理系統(tǒng)研究與實(shí)現(xiàn).pdf
- 基于PKI的密鑰管理系統(tǒng).pdf
- VoIP系統(tǒng)密鑰管理方案研究.pdf
評(píng)論
0/150
提交評(píng)論