计算机科学

计算机科学 ›› 2018, Vol. 45 ›› Issue (9): 177-182.doi: 10.11896/j.issn.1002-137X.2018.09.029

• 信息安全 • 上一篇    下一篇

一种新的信息服务实体跨域认证模型

谢艳容, 马文平, 罗维   

  1. 西安电子科技大学综合业务网国家重点实验室 西安710071
  • 收稿日期:2017-08-05 出版日期:2018-09-20 发布日期:2018-10-10
  • 通讯作者: 马文平(1966-),男,教授,博士生导师,主要研究方向为密码学和信息安全,E-mail:wp_ma@mail.xidian.edu.cn
  • 作者简介:谢艳容(1992-),女,硕士生,主要研究方向为信息安全和通信理论,E-mail:xyrong1226@163.com;罗 维(1987-),男,博士生,主要研究方向为密码学和云计算安全。
  • 基金资助:
    本文受国家自然科学基金(61373171),高等学校创新引智计划项目(B08038),国家重点研发计划重点专项(2017YFB0802400)资助。

New Cross-domain Authentication Model for Information Services Entity

XIE Yan-rong, MA Wen-ping, LUO Wei   

  1. State Key Laboratory of Integrated Services Networks,Xidian University,Xi’an 710071,China
  • Received:2017-08-05 Online:2018-09-20 Published:2018-10-10

PDF (PC)

901

摘要: 为解决基于身份的信息服务多信任域认证系统不能实现身份即时撤销的问题,提出了一种可撤销的身份签名方案。在SM9(国产标识密码)签名算法的基础上,引进一个安全仲裁来保管实体的部分私钥,通过终止安全仲裁给实体发送签名信令来撤销实体的签名能力,从而实现身份的即时撤销。在该方案的基础上,利用基于证书的公钥基础设施(PKI)与基于身份的密码体制(IBC)的组合应用优点,提出了一种新的信息服务实体跨域认证模型。该模型不仅具有灵活高效的认证特点,而且适合构建大规模信息服务实体的应用环境。同时,设计了一种跨域认证协议,实现了跨信任域的双向实体认证和密钥协商。分析结果表明,该协议具有较高的安全性及较少的通信量和计算量。

关键词: SM9, 安全仲裁, 密钥协商, 认证, 身份撤销, 信息服务

Abstract: To solve the problem that the identity of information services entity(ISE) cannot be revoked immediately in the cross-domain authentication system,a revocable identity-based signature scheme was proposed.Based on the SM9 signature algorithm,a security mediator(SEM) was introduced to keep a part of the private key of the ISE.By terminating the SEM to send the token to ISE to revoke its signature capability,the identity of ISE can be revoked immediately.Based on this scheme,a new cross-domain authentication model for ISE was proposed by taking the combining advantages of certificate-based public key infrastructure(PKI) and identity-based cryptography(IBC).The proposed model is not only flexible and efficient,but also suitable for constructing large-scale application environment of ISE.Meanwhile,a cross-domain authentication protocol was designed to realize the mutual authentication with key agreement between cross-domain entities.Analysis shows that the proposed protocol has high security and low communication and computation cost.

Key words: Authentication, Identity revocation, Information services, Key agreement, Security mediator, SM9

中图分类号: 

  • TP309
[1]CASTIGLIONE A,PALMIERI F,CHEN C L,et al.A blind signature-based approach for cross-domain authentication in the cloud environment[J].International Journal of Data Warehousing and Mining,2016,12(1):34-48.
[2]PENG H X.An identity-based authentication model for multi- domain[J].Chinese Journal of Computers,2006,29(8):1271-1281.(in Chinese)
彭华熹.一种基于身份的多信任域认证模型[J].计算机学报,2006,29(8):1271-1281.
[3]LU X M,FENG D G.An identity-based multi-trust domain grid authentication model [J].Journal of Electronics,2006,34(4):577-582.(in Chinese)
路晓明,冯登国.一种基于身份的多信任域网格认证模型[J].电子学报,2006,34(4):577-582.
[4]ZHANG W B,ZHANG H Q,ZHANG B,et al.An identity-based authentication model for multi-domain in grid environment[C]∥2008 International Conference on Computer Science and Software Engineering.Piscataway,NJ:IEEE Press,2008:165-169.
[5]HE D,ZEADALLY S,KUMAR N,et al.Anonymous authentication for wireless body area networks with provable security[J].IEEE Systems Journal,2016(99):1-12.
[6]CHOU C H,TSAI K Y,LU C F.Two ID-based authenticated schemes with key agreement for mobile environments[J].The Journal of Supercomputing,2013,66(2):973-988.
[7]FARASH M S,ATTARI M A.A secure and efficient identity-based authenticated key exchange protocol for mobile client-server networks[J].The Journal of Supercomputing,2014,69(1):395-411.
[8]NI L,CHEN G L,LI J H,et al.Strongly secure identity-based authenticated key agreement protocols without bilinear pairings[J].Information Sciences,2016,367:176-193.
[9]YUAN C,ZHANG W F,WANG X M.EIMAKP:Heteroge-neous cross-domain authenticated key agreement protocols in the EIM system [J/OL].Arabian Journal for Science and Enginee-ring(2017-02-23)[2017-08-02].https://link.springer.com/article/10.1007/s13369-017-2447-9.
[10]BONEH D,FRANKLIN M.Identity-based encryption from the weil pairing[C]∥Annual International Cryptology Conference.Berlin:Springer-Verlag,2001:213-229.
[11]CHENG X G,GUO L F,WANG X M.An identity-based mediated signature scheme from bilinear pairing[J].International Journal of Network Security,2006,2(1):29-33.
[12]MARTINS P,SOUSA L,CHAWAN P.Featuring immediate
revocation in Mikey-Sakke(FIRM) [C]∥2015 IEEE International Symposium on Multimedia(ISM).Piscataway,NJ:IEEE,2015:501-506.
[13]CHEN Y,JIANG Z L,YIU S M,et al.Fully secure ciphertext-policy attribute based encryption with security mediator[C]∥International Conference on Information and Communications Security.Cham:Springer-Verlag,2014:274-289.
[14]YUAN F,CHENG Z H.Overview on SM9 identity-based cryptographic algorithm[J].Information Security Research,2016,2(11):1008-1027.(in Chinese)
袁峰,程朝辉.SM9标识密码算法综述[J].信息安全研究,2016,2(11):1008-1027.
[15]POINTCHEVAL D,STERN J.Security arguments for digital
signatures and blind signatures[J].Journal of cryptology,2000,13(3):361-396.
[1] 邵子灏, 杨世宇, 马国杰.
室内信息服务的基础——低成本定位技术研究综述
Foundation of Indoor Information Services:A Survey of Low-cost Localization Techniques
计算机科学, 2022, 49(9): 228-235. https://doi.org/10.11896/jsjkx.210900260
[2] 蹇奇芮, 陈泽茂, 武晓康.
面向无人机通信的认证和密钥协商协议
Authentication and Key Agreement Protocol for UAV Communication
计算机科学, 2022, 49(8): 306-313. https://doi.org/10.11896/jsjkx.220200098
[3] 陈彦冰, 钟超然, 周超然, 薛凌妍, 黄海平.
基于医疗联盟链的跨域认证方案设计
Design of Cross-domain Authentication Scheme Based on Medical Consortium Chain
计算机科学, 2022, 49(6A): 537-543. https://doi.org/10.11896/jsjkx.220200139
[4] 梁珍珍, 徐明.
基于海洋水声信道的密钥协商方案
Key Agreement Scheme Based on Ocean Acoustic Channel
计算机科学, 2022, 49(6): 356-362. https://doi.org/10.11896/jsjkx.210400097
[5] 宋涛, 李秀华, 李辉, 文俊浩, 熊庆宇, 陈杰.
大数据时代下车联网安全加密认证技术研究综述
Overview of Research on Security Encryption Authentication Technology of IoV in Big Data Era
计算机科学, 2022, 49(4): 340-353. https://doi.org/10.11896/jsjkx.210400112
[6] 王向宇, 杨挺.
智能合约定义路由目录服务器
Routing Directory Server Defined by Smart Contract
计算机科学, 2021, 48(6A): 504-508. https://doi.org/10.11896/jsjkx.200700210
[7] 吴少乾, 李西明.
对抗网络上的可认证加密安全通信
Authenticable Encrypted Secure Communication Based on Adversarial Network
计算机科学, 2021, 48(5): 328-333. https://doi.org/10.11896/jsjkx.200300177
[8] 曹萌, 于洋, 梁英, 史红周.
基于区块链的大数据交易关键技术与发展趋势
Key Technologies and Development Trends of Big Data Trade Based on Blockchain
计算机科学, 2021, 48(11A): 184-190. https://doi.org/10.11896/jsjkx.210100163
[9] 廉文娟, 赵朵朵, 范修斌, 耿玉年, 范新桐.
基于认证及区块链的CFL_BLP_BC模型
CFL_BLP_BC Model Based on Authentication and Blockchain
计算机科学, 2021, 48(11): 36-45. https://doi.org/10.11896/jsjkx.201000002
[10] 倪亮, 王念平, 谷威力, 张茜, 刘伎昭, 单芳芳.
基于格的抗量子认证密钥协商协议研究综述
Research on Lattice-based Quantum-resistant Authenticated Key Agreement Protocols:A Survey
计算机科学, 2020, 47(9): 293-303. https://doi.org/10.11896/jsjkx.200400138
[11] 伍育红, 胡向东.
工业互联网网络传输安全问题研究
Study on Security of Industrial Internet Network Transmission
计算机科学, 2020, 47(6A): 360-363. https://doi.org/10.11896/JsJkx.191000114
[12] 莫天庆, 何咏梅.
一种基于无证书的SIP认证密钥协商协议
SIP Authentication Key Agreement of Protocol Based on Certificateless
计算机科学, 2020, 47(6A): 413-419. https://doi.org/10.11896/JsJkx.191100216
[13] 陈孟东, 郭东升, 谢向辉, 吴东.
基于异构计算平台的规则处理器的设计与实现
Design and Implementation of Rule Processor Based on Heterogeneous Computing Platform
计算机科学, 2020, 47(4): 312-317. https://doi.org/10.11896/jsjkx.190300104
[14] 赵楠,章国安.
VANET中基于无证书环签密的可认证隐私保护方案
Authenticated Privacy Protection Scheme Based on Certificateless Ring Signcryption in VANET
计算机科学, 2020, 47(3): 312-319. https://doi.org/10.11896/jsjkx.190100115
[15] 李兆斌, 崔钊, 魏占祯, 赵洪, 郭超.
基于物理层信道特征的无线网络认证机制
Wireless Network Authentication Method Based on Physical Layer Channel Characteristics
计算机科学, 2020, 47(12): 267-272. https://doi.org/10.11896/jsjkx.190900095
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发