|
|
基于传统公钥基础设施的密钥协商性能优化研究
|
Abstract:
传统基于公钥基础设施的密钥协商算法在支持完美前向保密时,需要频繁的密钥协商,且协商步骤复杂,还使用了耗时的非对称密钥算法,性能消耗严重,不适用于资源有限的嵌入式设备中。针对以上问题,本文优化了传统公钥基础设施密钥协商方案,密钥信息不需要频繁通过网络交换,而是双方在本地动态生成密钥,保证了每次加密密钥不同,支持了完美前向保密的特性。实验结果表明,优化后的密钥协商方案性能相比于基于传统公钥基础设施的密钥协商方案显著提升。
When the traditional key agreement algorithm based on public key infrastructure supports perfect forward secrecy, frequent key agreement is required, and the negotiation steps are complicated. It also uses a time-consuming asymmetric key algorithm, which consumes a lot of performance and is not suitable for embedded devices with limited resources. In response to the above problems, this paper optimizes the traditional public key infrastructure key agreement scheme. The key infor-mation does not need to be frequently exchanged through the network, but the two parties dynamically generate the key locally, which ensures that the encryption key is different each time, and supports perfect forwarding characteristic of secrecy. The experimental results show that the performance of the optimized key agreement scheme is significantly improved compared with the key agreement scheme based on traditional public key infrastructure.
| [1] | Kerckhoffs, A. (1883) La Cryptographie Militaire. Journal des Sciences Militaries, 9, 5. |
| [2] | Bellare, M. and Miner, S.K. (1999) A Forward-Secure Digital Signature Scheme. In: Wiener, M., Ed., Advances in Cryptology—CRYPTO’ 99. Springer, Berlin, Heidelberg, 431-448. https://doi.org/10.1007/3-540-48405-1_28 |
| [3] | Li, P., Su, J. and Wang, X. (2020) iTLS: Lightweight Transport-Layer Security Protocol for IoT with Minimal Latency and Perfect Forward Secrecy. IEEE Internet of Things Journal, 7, 6828-6841.
https://doi.org/10.1109/JIOT.2020.2988126 |
| [4] | 杨鹏飞. 工业物联网下认证密钥协商方案研究[D]: [硕士学位论文]. 西安: 长安大学, 2022. |
| [5] | 龚成, 牛宪华, 熊玲, 等. 车载自组网中基于密钥协商的条件隐私保护认证方案[J]. 西华大学学报(自然科学版), 2022, 41(5): 73-83. |
| [6] | 夏涛, 何俊, 刘林, 等. 无人机轻量级认证密钥协商技术研究[C]//中国指挥与控制学会. 第十届中国指挥控制大会论文集. 北京: 兵器工业出版社, 2022: 300-305. |
| [7] | 黄晓晖, 李俊峰, 何云. 一种基于群签名密钥协商算法的多方参与完整性验证方案[J]. 信息技术与信息化, 2022(7): 102-105. |
| [8] | 王华华, 郑明杰, 陈峰, 等. 基于LDPC和椭圆曲线加密算法的密钥协商方案[J]. 南京邮电大学学报(自然科学版), 2022, 42(3): 30-35. |
| [9] | 张萌楠. 面向物联网的轻量级安全无证书密钥管理方案研究[D]: [硕士学位论文]. 太原: 太原理工大学, 2022. |
| [10] | 李贵勇, 张航, 韩才君, 等. 面向无线传感器网络的认证密钥协商机制[J/OL]. 小型微型计算机系统: 1-7. http://kns.cnki.net/kcms/detail/21.1106.TP.20230222.1106.014.html, 2023-03-23. |
| [11] | Yang, Z., He, J., Tian, Y., et al. (2019) Faster Authenticated Key Agreement with Perfect Forward Secrecy for Industrial Internet-of-Things. IEEE Transactions on Industrial Informatics, 16, 6584-6596.
https://doi.org/10.1109/TII.2019.2963328 |
| [12] | Pirzada, S.J.H., Memon, Z.W., Xu, T., et al. (2020) Randomized Key Exchange Protocol Implementation for Internet of Things Application. 2020 IEEE 14th International Conference on Open Source Systems and Technologies (ICOSST), Lahore, 16-17 December 2020, 1-5. |
| [13] | Avoine, G., Canard, S. and Ferreira, L. (2020) Symmetric-Key Authenticated Key Exchange (SAKE) with Perfect Forward Secrecy. Topics in Cryptology—CT-RSA 2020: The Cryptographers’ Track at the RSA Conference 2020, San Francisco, 24-28 February 2020, 199-224. https://doi.org/10.1007/978-3-030-40186-3_10 |
| [14] | Chaeikar, S.S., Ahmadi, A., Karamizadeh, S., et al. (2022) SIKM—A Smart Cryptographic Key Management Framework. Open Computer Science, 12, 17-26. https://doi.org/10.1515/comp-2020-0167 |
| [15] | Fan, Q., Chen, J., Shojafar, M., et al. (2022) SAKE*: A Symmetric Authenticated Key Exchange Protocol with Perfect Forward Secrecy for Industrial Internet of Things. IEEE Transactions on Industrial Informatics, 18, 6424-6434.
https://doi.org/10.1109/TII.2022.3145584 |
