摘要
基于新的(t,n)秘密共享机制将CA私钥进行分存,使用其身份作为私钥份额的标识,提供私钥保护的容侵性。该协议不是从保护系统或检测入侵出发来保证CA的安全,而是确保当少数部件被攻击或占领后,CA系统的机密信息并没有暴露;能根据攻击的类型,动态调节密码协议的运行,以容忍、阻止一部分攻击行为,更好地保护密码协议的运行安全。协议采用系统整体安全策略,综合多种安全措施,实现了系统关键功能的安全性和健壮性。
CA private key is shared based on the new (t, n) secret sharing mechanism. It uses its identification as a share of the private key. Rather than prevent intrusions or detect them after the fact, the project ensures that the compromise of a few system components does not compromise the private key of the CA. These policies of intrusion tolerance, by adjusting the use of crypto- graphic protocol, and tolerating or preventing part of attacks, protect the safety of cryptographic protocol performance. The approach has realized the security and robustness for the key functions of a database system by using the integration security strategy and multiple security measures.
出处
《计算机工程与应用》
CSCD
2013年第1期82-85,共4页
Computer Engineering and Applications
基金
国家自然科学基金(No.31270577)
陕西省教育厅科学研究计划(自然科学项目)(No.2010JK829)
徐州工程学院校科研项目(No.XKY2011101
No.XKY2011203)
关键词
认证机构(CA)
容忍入侵
秘密分享
密码协议
网络安全
Certificate Authority(CA)
intrusion-tolerance
secret sharing
cryptographic protocol
network security
