利用階層化基於身份公開金鑰密碼系統保護隨意自組網安全資料交換

Abstract

基於身份公開金鑰基礎建設(IDPKI)系統技術簡化了對存放公鑰憑證之目錄服務主機的依賴所造成之不便與龐大的憑證管理成本，而階層化基於身份公開金鑰基礎建設(HIDPKI)系統技術則可進一步適用在複雜可彈性成長網路中分攤單一私鑰產生中心(PKG)之負載瓶頸，也符合人類社會之運作架構。但若想要應用HIDPKI系統技術，則昔日之安全服務與協定就需做些修改，本論文即利用HIDPKI系統技術中階層化基於身份密碼系統(HIBC)技術進行雙向身分鑑別認證(Mutual Authentication)、雙方密鑰協商(Key Agreement)、安全資料交換(Secure Data Transaction)方案之研究；並將此技術使用在SSL╱TLS協定與IEEE 802.1X、802.11i協定上，並嘗試對協定弱點提出強化之想法。

ID-based PKI Technology can reduce the huge cost of certificate management and reduce the dependence of directory server for public key & certificate search. Hierarchical ID-based PKI Technology can not only share the heavy load bottleneck of single PKG in a scalable network environment but also compatible with hierarchical structure of human organization. When we want use HIDPKI technology, the previous security services & protocols must be modified. In this thesis we propose the HIBC technology in HIDPKI System at the Mutual Authentication, Key Agreement, Secure Data Transaction Mechanisms; application for SSL/TLS, IEEE 802.1X, 802.11i Protocols, and try to improve the weakness of protocol.