摘要
针对基于标识的密码体系存在密钥托管的固有缺陷,提出一种基于标识密码体系的改进型安全邮件系统设计架构.该系统以国密SM系列算法为核心密码算法,采用AL-P无证书公钥加密方案,增加用户选取秘密值参与私钥生成的过程,实现了可信第三方或密码生成中心无法完全获取用户私钥,解决了其可能以合法授权进行恶意行为的安全缺陷,有效增强了安全邮件系统的自身安全性.安全性分析表明该邮件系统在有效解决密钥托管缺陷的同时,能够保证邮件系统数据交互的机密性、完整性、真实性要求.
Aiming at the inherent defects of identity-based cryptography in key escrow,one improved secure email system design architecture based on identity-based cryptography is proposed.This system uses SM series algorithm as the core cipher algorithm,adopts AL-P certificateless public key encryption scheme,and increases the user’s selection of secret value to participate in the private key generation process.It achieves the purpose that the trusted third party or the key generation center can not completely obtain the user private key.And it solves the security defect that the trusted third party or the key generation center may obtain legitimate authorization for malicious behavior.It also effectively enhances the self security of the secure e-mail system.The security analysis shows that the system can not only solve the key escrow problem effectively,but also guarantee the confidentiality,integrity and authenticity of the data exchange.
作者
温圣军
韩春晓
杜琳
袁刚
Wen Shengjun;Han Chunxiao;Du Lin;Yuan Gang(Information Center of State Administration for Market Regulation,Beijing 100820)
出处
《信息安全研究》
2021年第11期1097-1102,共6页
Journal of Information Security Research
基金
国家市场监督管理总局技术保障专项项目(2020YJ037)。
