Design And Implementation Of Low-latency Network Security Transmission Protocol Based On Identity-based Cryptography

With the continuous development of the Internet,human life has been closely related to the Internet.The security of private data has attracted more and more people’s attention,and how to transmit data securely in the network is particularly important.The traditional network security transmission protocols based on the PKI mechanism mainly include IPSec,TLS and QUIC.However,these protocols have the following problems: the overhead brought by the certificate mechanism is relatively large(IPSec and TLS),the first secure connection cannot implement the 0-RTT mechanism(TLS1.3 and QUIC),cannot support multiple upper layer protocols(TLS and DTLS).The network security transmission protocol based on self-verified identification is difficult to be compatible with the TCP/IP architecture because it modifies the semantics of the current network address,and it is difficult to deploy in the actual network environment.Aiming at the above problems,this paper conducts an in-depth study on the network security transmission protocol.The main work of this paper is as follows:1)In this paper,we first proposes a one-pass key agreement secure transport protocol SAE(Self Authenticated Encryption Protocol)based on identity-based cryptography.In order to get rid of the complicated binding and updating of third-party certificates,this protocol adopts the integrated security idea that network identification is the public key,and distributes identification keys for users through the KGC(Key Generator Center).It implements the self-authentication mechanism of the source address.In order to take into account the protocol security and transmission delay overhead,SAE combines the provable security one-pass key agreement scheme based on identity-based cryptography,and embeds the temporary security session public key into the data message to complete the key agreement without additional message exchange.The key agreement scheme implements the 0-RTT in-band secure session establishment mechanism,which eliminates the overhead of certificate interaction and chain verification,and greatly reduces the handshake delay for establishing a secure connection.2)We designs the prototype of a software system for secure transmission of identitybased cryptography based on SAE protocol.The system adopts the encryption tunnel establishment mechanism based on virtual network card,and realizes the NAT traversable security communication subsystem.Adopting the kernel security policy retrieval and update mechanism based on hash map,we realizes an efficient policy management subsystem.Compling the Miracl cipher library into a dynamic kernel module,we implements an efficient and compatible secure transmission software system prototype in Linux kernel.3)Finally,we implements and tests the prototype of the SAE secure transmission protocol software system.The system prototype can be deployed rapidly by means of dynamic kernel module.The protocol runs at the network layer and can provide unified secure communication services for TCP/UDP/ICMP.In an ideal network environment,the handshake delay of the SAE protocol is about 1/11 of that of IPSec,which is comparable to that of Wire Guard.Compared with IPSec,the throughput is improved by 65.2%.