计算机科学 ›› 2018, Vol. 45 ›› Issue (9): 177-182.doi: 10.11896/j.issn.1002-137X.2018.09.029
谢艳容, 马文平, 罗维
XIE Yan-rong, MA Wen-ping, LUO Wei
摘要: 为解决基于身份的信息服务多信任域认证系统不能实现身份即时撤销的问题,提出了一种可撤销的身份签名方案。在SM9(国产标识密码)签名算法的基础上,引进一个安全仲裁来保管实体的部分私钥,通过终止安全仲裁给实体发送签名信令来撤销实体的签名能力,从而实现身份的即时撤销。在该方案的基础上,利用基于证书的公钥基础设施(PKI)与基于身份的密码体制(IBC)的组合应用优点,提出了一种新的信息服务实体跨域认证模型。该模型不仅具有灵活高效的认证特点,而且适合构建大规模信息服务实体的应用环境。同时,设计了一种跨域认证协议,实现了跨信任域的双向实体认证和密钥协商。分析结果表明,该协议具有较高的安全性及较少的通信量和计算量。
中图分类号:
[1]CASTIGLIONE A,PALMIERI F,CHEN C L,et al.A blind signature-based approach for cross-domain authentication in the cloud environment[J].International Journal of Data Warehousing and Mining,2016,12(1):34-48. [2]PENG H X.An identity-based authentication model for multi- domain[J].Chinese Journal of Computers,2006,29(8):1271-1281.(in Chinese) 彭华熹.一种基于身份的多信任域认证模型[J].计算机学报,2006,29(8):1271-1281. [3]LU X M,FENG D G.An identity-based multi-trust domain grid authentication model [J].Journal of Electronics,2006,34(4):577-582.(in Chinese) 路晓明,冯登国.一种基于身份的多信任域网格认证模型[J].电子学报,2006,34(4):577-582. [4]ZHANG W B,ZHANG H Q,ZHANG B,et al.An identity-based authentication model for multi-domain in grid environment[C]∥2008 International Conference on Computer Science and Software Engineering.Piscataway,NJ:IEEE Press,2008:165-169. [5]HE D,ZEADALLY S,KUMAR N,et al.Anonymous authentication for wireless body area networks with provable security[J].IEEE Systems Journal,2016(99):1-12. [6]CHOU C H,TSAI K Y,LU C F.Two ID-based authenticated schemes with key agreement for mobile environments[J].The Journal of Supercomputing,2013,66(2):973-988. [7]FARASH M S,ATTARI M A.A secure and efficient identity-based authenticated key exchange protocol for mobile client-server networks[J].The Journal of Supercomputing,2014,69(1):395-411. [8]NI L,CHEN G L,LI J H,et al.Strongly secure identity-based authenticated key agreement protocols without bilinear pairings[J].Information Sciences,2016,367:176-193. [9]YUAN C,ZHANG W F,WANG X M.EIMAKP:Heteroge-neous cross-domain authenticated key agreement protocols in the EIM system [J/OL].Arabian Journal for Science and Enginee-ring(2017-02-23)[2017-08-02].https://link.springer.com/article/10.1007/s13369-017-2447-9. [10]BONEH D,FRANKLIN M.Identity-based encryption from the weil pairing[C]∥Annual International Cryptology Conference.Berlin:Springer-Verlag,2001:213-229. [11]CHENG X G,GUO L F,WANG X M.An identity-based mediated signature scheme from bilinear pairing[J].International Journal of Network Security,2006,2(1):29-33. [12]MARTINS P,SOUSA L,CHAWAN P.Featuring immediate revocation in Mikey-Sakke(FIRM) [C]∥2015 IEEE International Symposium on Multimedia(ISM).Piscataway,NJ:IEEE,2015:501-506. [13]CHEN Y,JIANG Z L,YIU S M,et al.Fully secure ciphertext-policy attribute based encryption with security mediator[C]∥International Conference on Information and Communications Security.Cham:Springer-Verlag,2014:274-289. [14]YUAN F,CHENG Z H.Overview on SM9 identity-based cryptographic algorithm[J].Information Security Research,2016,2(11):1008-1027.(in Chinese) 袁峰,程朝辉.SM9标识密码算法综述[J].信息安全研究,2016,2(11):1008-1027. [15]POINTCHEVAL D,STERN J.Security arguments for digital signatures and blind signatures[J].Journal of cryptology,2000,13(3):361-396. |
[1] | 邵子灏, 杨世宇, 马国杰. 室内信息服务的基础——低成本定位技术研究综述 Foundation of Indoor Information Services:A Survey of Low-cost Localization Techniques 计算机科学, 2022, 49(9): 228-235. https://doi.org/10.11896/jsjkx.210900260 |
[2] | 蹇奇芮, 陈泽茂, 武晓康. 面向无人机通信的认证和密钥协商协议 Authentication and Key Agreement Protocol for UAV Communication 计算机科学, 2022, 49(8): 306-313. https://doi.org/10.11896/jsjkx.220200098 |
[3] | 陈彦冰, 钟超然, 周超然, 薛凌妍, 黄海平. 基于医疗联盟链的跨域认证方案设计 Design of Cross-domain Authentication Scheme Based on Medical Consortium Chain 计算机科学, 2022, 49(6A): 537-543. https://doi.org/10.11896/jsjkx.220200139 |
[4] | 梁珍珍, 徐明. 基于海洋水声信道的密钥协商方案 Key Agreement Scheme Based on Ocean Acoustic Channel 计算机科学, 2022, 49(6): 356-362. https://doi.org/10.11896/jsjkx.210400097 |
[5] | 宋涛, 李秀华, 李辉, 文俊浩, 熊庆宇, 陈杰. 大数据时代下车联网安全加密认证技术研究综述 Overview of Research on Security Encryption Authentication Technology of IoV in Big Data Era 计算机科学, 2022, 49(4): 340-353. https://doi.org/10.11896/jsjkx.210400112 |
[6] | 王向宇, 杨挺. 智能合约定义路由目录服务器 Routing Directory Server Defined by Smart Contract 计算机科学, 2021, 48(6A): 504-508. https://doi.org/10.11896/jsjkx.200700210 |
[7] | 吴少乾, 李西明. 对抗网络上的可认证加密安全通信 Authenticable Encrypted Secure Communication Based on Adversarial Network 计算机科学, 2021, 48(5): 328-333. https://doi.org/10.11896/jsjkx.200300177 |
[8] | 曹萌, 于洋, 梁英, 史红周. 基于区块链的大数据交易关键技术与发展趋势 Key Technologies and Development Trends of Big Data Trade Based on Blockchain 计算机科学, 2021, 48(11A): 184-190. https://doi.org/10.11896/jsjkx.210100163 |
[9] | 廉文娟, 赵朵朵, 范修斌, 耿玉年, 范新桐. 基于认证及区块链的CFL_BLP_BC模型 CFL_BLP_BC Model Based on Authentication and Blockchain 计算机科学, 2021, 48(11): 36-45. https://doi.org/10.11896/jsjkx.201000002 |
[10] | 倪亮, 王念平, 谷威力, 张茜, 刘伎昭, 单芳芳. 基于格的抗量子认证密钥协商协议研究综述 Research on Lattice-based Quantum-resistant Authenticated Key Agreement Protocols:A Survey 计算机科学, 2020, 47(9): 293-303. https://doi.org/10.11896/jsjkx.200400138 |
[11] | 伍育红, 胡向东. 工业互联网网络传输安全问题研究 Study on Security of Industrial Internet Network Transmission 计算机科学, 2020, 47(6A): 360-363. https://doi.org/10.11896/JsJkx.191000114 |
[12] | 莫天庆, 何咏梅. 一种基于无证书的SIP认证密钥协商协议 SIP Authentication Key Agreement of Protocol Based on Certificateless 计算机科学, 2020, 47(6A): 413-419. https://doi.org/10.11896/JsJkx.191100216 |
[13] | 陈孟东, 郭东升, 谢向辉, 吴东. 基于异构计算平台的规则处理器的设计与实现 Design and Implementation of Rule Processor Based on Heterogeneous Computing Platform 计算机科学, 2020, 47(4): 312-317. https://doi.org/10.11896/jsjkx.190300104 |
[14] | 赵楠,章国安. VANET中基于无证书环签密的可认证隐私保护方案 Authenticated Privacy Protection Scheme Based on Certificateless Ring Signcryption in VANET 计算机科学, 2020, 47(3): 312-319. https://doi.org/10.11896/jsjkx.190100115 |
[15] | 李兆斌, 崔钊, 魏占祯, 赵洪, 郭超. 基于物理层信道特征的无线网络认证机制 Wireless Network Authentication Method Based on Physical Layer Channel Characteristics 计算机科学, 2020, 47(12): 267-272. https://doi.org/10.11896/jsjkx.190900095 |
|