Abstract: The Wireless Transport Layer Security (WTLS) handshake protocol was built based on digital certificate mechanism. However, there exist several flaws in WTLS. For example, both the communication and computation overload are high. Moreover, it does not verify the server certificate on-line. In order to solve these issues, an improved WTLS handshake protocol based on Identity-based Cryptosystem (IBC) was proposed. It is constructed based on ID, and IDs are exchanged between server and client instead of certificates. Identity-based Encryption (IBE), Identity-based Signature (IBS) and Identity-based Authenticated Key Agreement (IBAKA) were adopted to implement security functions of encryption, signature and key agreement respectively. Sender's ID information was embedded into encryption key computation, which can be used to authenticate the source of message. The analysis on security and efficiency shows that the efficiency of wireless communication is improved without security loss.

Key words: Wireless Transport Layer Security (WTLS), Identity-Based Cryptosystem (IBC), identity authentication, key agreement, handshake protocol

摘要： 现有无线传输层安全(WTLS)协议主要基于数字证书构建，存在通信与计算开销较大、未对服务器证书的有效性进行在线验证等不足。以基于身份的密码体制思想，综合运用基于身份的加密(IBE)、基于身份的签名(IBS)及基于身份的密钥协商(IBAKA)等机制，提出了一种基于身份的密码系统(IBC)的WTLS改进协议。改进协议以身份标识为核心，以传递身份标识代替传递证书，使用IBE、IBS及IBAKA分别完成加密、签名及密钥协商等操作，并在密钥计算中融入了加密者的身份信息，使得密文具有消息源的可认证性。对改进协议的安全性及效率的分析表明，改进协议在确保安全的前提下降低了通信开销。

关键词: 无线传输层安全, 基于身份的密码系统, 身份认证, 密钥协商, 握手协议