Research On Identity Authentication System Based On PKI

With the large-scale application of e-commerce, e-government and other informationsystems, the top security issue of information systems is how to effectively identify theuser’s identity. In the open network and application systems, PKI (Public KeyInfrastructure) can provide authentication, and can ensure the authenticity, integrity,confidentiality and non-repudiation of the data. Then PKI has been paid more and moreattention, and has become a hot topic in the field of network and information security.Starting with the basis theory of the PKI and authentication, the paper explains thePKI architecture and related algorithms in detail, and combines many other technologies,such as digital certificate, digital signature and access control etc. Then it designs anidentity authentication system based on MCRSA which can provide security identityauthentication and CA management.In the paper, the main work and specific research include:First, the theories of identity authentication and PKI are expounded. Compared withthe popular authentication technology, the paper chooses PKI-based authenticationtechnique as direction. It expounds the public key cryptography, digital signature andX.509digital certificate standard, and describes the architecture of PKI, especially the corepart CA and PKI standards.Second, the main algorithms are researched and analysised. The paper improves themodular exponentiation by using modified algorithm Montgomery, combines it with theChinese remainder theorem, and proposes a modified RSA algorithm MCRSA which canaccelerate the computation speed during the big prime generator phase and theencryption/decryption phase. The analysis of validity and security shows that its security ishigher than traditional RSA, and the experimental results show that its whole operationalspeed is about2.1times faster than traditional RSA. On this basis, the paper constructs theidentity authentication experiment based on PKI by using MCRSA and digital certificatewhich is generated by Keytool.Third, an identity authentication system based on MCRSA is implemented. Thesystem integrates MCRSA algorithms and PKI policy, and ensures secure and efficientidentity authentication in the authentication procedure. Moreover, it provides the CAmanagement function, and conducts a variety of digital certificates and keys managementseffectively, such as, audit and issue digital certificates, update and query CRL, manager key pair etc. Through making a security analysis of this system, the system can provideinformation security assurance in the complex environment.