【正文】 使 用這種三層結(jié)構(gòu)方法的依據(jù)如下 : ? 性能：許多應(yīng)用，特別是面向交易的應(yīng)用，需要頻繁地交換會話密鑰。 請注意，本方法的前三步與圖 中的后三步相同，但是它們在傳統(tǒng)密碼體制密鑰交換過程中，既可保證保密性又可保證真實(shí)性。 3. A 用 B 的公鑰對 N2加密，并返回給 B，這樣可使 B確信其通信伙伴是 A。假定 A和 B已通過本節(jié)前面所講到的某種方法交換了公鑰，并執(zhí)行下列操作： 1. A 用 B 的公鑰對含有其標(biāo)識 IDA和臨時交互號 (N1)的消息加密，并發(fā)送給B。 結(jié)果是 A 和 B 均已知 KA，但他們不知道 E 也己知道 KA。 2. E 截獲該消息，產(chǎn)生其公 /私鑰對 [PUa,PRa],并將 PUa||IDA發(fā)送給 B。所 以密鑰泄密的可能性最小，同時這種通信還可抗抗竊聽攻擊。 這樣 ,A和 B就可利用傳統(tǒng)密碼和會話密鑰 KA安全地通信。 2. B 產(chǎn)生秘密鑰 KA，并用 A 的公鑰對 KA,加密后發(fā)送給 A。或者同時抗竊聽和篡改攻擊。 在這種情形下，私鑰的泄密就如同信用卡丟失一樣，卡的持有者會注銷信用卡號，但只有在所有可能的通信方均已知舊信用卡已過時的時候，才能保證卡的持有者的安全。 A 將該證書發(fā)送給其他通信各方，他們讀取并如下驗(yàn)證證書 : DPUauth[CA]=DPUauth[EPRauth[T,IDA,PUa]]= (T,IDA,PUa) 接收方用管理員的公鑰 PRauth,對證書解密。 圖 舉例說明了證書方法。 2. 任何通信方可以驗(yàn)證該證書出自證書管理員，而不是偽造的。在某種意義上，這種方案與直接從公鑰管理員處獲得密鑰的可靠性相同。因?yàn)橹灰脩襞c其他用戶通信 .就必須向目 錄管理員申請對方的公鑰，因此公鑰管理員就會成為系統(tǒng)的瓶頸。 6. A 用 B 的公鑰對 N2加密并發(fā)送給 B，以使 B 相信其通信伙伴是 A。 4. 與 A檢索 B 的公鑰一樣， B以同樣的方法從管理員處檢索出 A 的公鑰。 ? 原始時間戳。這條消息包括下列內(nèi)容： ? B 的公鑰 PUb。圖 舉例說明了一個典型的公鑰分配方案，它基于 [POPE79]中給出的圖示。這可能是因?yàn)楣€已用于大量的數(shù)據(jù)，因而用戶更希望更換公鑰，也可能是 因?yàn)橄鄳?yīng)的私鑰已經(jīng)泄密。某可信的實(shí)體或組織負(fù)責(zé)這個公開目錄的維護(hù)和分配，這種方法包含下面幾方面的內(nèi)容： 1. 管理員通過對每一通信方建立一個目錄項(xiàng) |姓名，公鑰 |來維護(hù)該目錄。例如，越來越為人們廣泛使用的 PGP（ pretty good privacy，該方法將在第 15章討論）中使用了 RSA 算法，所以許多 PGP 用戶在給諸如 USENET新聞組和 Inter 郵件列表這樣的一些公開論壇發(fā)送消息時，都將其公鑰附加在要發(fā)送的消息之后。 = a39。 YA = 40。s private key ensures that only A could have sent it. 5. B putes D(PUa, D(PRb, M)) to recover the secret key. Figure . PublicKey Distribution of Secret Keys Notice that the first three steps of this scheme are the same as the last three steps of Figure . The result is that this scheme ensures both confidentiality and authentication in the exchange of a secret key. A Hybrid Scheme Yet another way to use publickey encryption to distribute secret keys is a hybrid approach in use on IBM mainframes [LE93]. This scheme retains the use of a key distribution center (KDC) that shares a secret master key with each user and distributes secret session keys encrypted with the master key. A public key scheme is used to distribute the master keys. The following rationale is provided for using this threelevel approach: ? Performance: There are many applications, especially transactionoriented applications, in which the session keys change frequently. Distribution of session keys by publickey encryption could degrade overall system performance because of the relatively high putational load of publickey encryption and decryption. With a threelevel hierarchy, publickey encryption is used only occasionally to update the master key between a user and the KDC. ? Backward patibility: The hybrid scheme is easily overlaid on an existing KDC scheme, with minimal disruption or software changes. The addition of a publickey layer provides a secure, efficient means of distributing master keys. This is an advantage in a configuration in which a single KDC serves a widely distributed set of users. . DiffieHellman Key Exchange The first published publickey algorithm appeared in the seminal paper by Diffie and Hellman that defined publickey cryptography [DIFF76b] and is generally referred to as DiffieHellman key exchange.[1] A number of mercial products employ this key exchange technique. [1] Williamson of Britain39。s nonce (N1) as well as a new nonce generated by B (N2) Because only B could have decrypted message (1), the presence of N1 in message (2) assures A that the correspondent is B. 3. A returns N2 encrypted using B39。s holder. The timestamp T validates the currency of the certificate. The timestamp counters the following scenario. A39。s public key can obtain the certificate and verify that it is valid by way of the attached trusted signature. A participant can also convey its key information to another by transmitting its certificate. Other participants can verify that the certificate was created by the authority. We can place the following requirements on this scheme: 1. Any participant can read a certificate to determine the name and public key of the certificate39。s public key. At this point, public keys have been securely delivered to A and B, and they may begin their protected exchange. However, two additional steps are desirable: 5. B sends a message to A encrypted with PUa and containing A39。s public key, PUb which A can use to encrypt messages destined for B ? The original request, to enable A to match this response with the corresponding earlier request and to verify that the original request was not altered before reception by the authority ? The original timestamp, so A can determine that this is not an old message from the authority containing a key other than B39。 大學(xué) 畢業(yè)設(shè)計(jì) (論文 )外文資料翻譯 學(xué)院 (系 )： 計(jì)算機(jī)學(xué)院 專 業(yè)： 信息安全 學(xué)生姓名： 班級學(xué)號： 外文出處： William Stallings. Cryptography and Network Security, Fourth Edition. Prentice Hall. November 16, 2020 附件： ； 指導(dǎo)教師評語： 指導(dǎo)教師簽名： 年 月 日 外文資料翻譯 —— 原文 . Key Management In Chapter 7, we examined the problem of the distribution of secret keys. One of the major roles of publickey encryption has been to address the problem of key distribution. There are actually two distinct aspects to the use of publickey cryptography in this regard: ? The distribution of public keys ? The use of publickey encryption to distribute secret keys We examine each of these areas in turn. Distribution of Public Keys Several techniques have been proposed for the distribution of public keys. Virtually all these proposals can be grouped into the following general schemes: ? Public announcement ? Publicly available directory ? Publickey authority ? Publickey certificates Public Announcement of Public Keys On the face of it, the point of publickey encryption is that the public key is public. Thus, if t