命名数据网络中隐私保护安全机制研究

发布时间：2018-03-02 02:16

  本文关键词： 命名数据网络 匿名 隐私 安全　出处：《西安电子科技大学》2014年硕士论文　论文类型：学位论文

【摘要】：随着“信息爆炸”时代的到来，当前基于TCP/IP的网络架构在安全性、移动性、拥塞控制等方面表现出越来越多的不适应性。为了从根本上解决这些问题，未来网络研究领域的学者们重新设计网络架构，以替代TCP/IP网络。命名数据网络（Named Data Networking）是其中的研究热点之一，采取以数据为中心的传播方式，基于名字路由，而不关注内容存储的位置，同时由于其网络存储及基于内容的安全保障机制，有效提高了网络的安全性。然而，该网络也引入了一系列隐私问题。首先，命名数据网络中的数据包会泄露发布者的身份隐私，因为为保证数据的完整性与源认证，数据包中携带有发布者对数据的签名及签名验证信息；其次，在非机密信息共享情况下，攻击者很容易就能获取请求者发出的请求包和接收的数据包，进而分析请求者行为习惯等，获取请求者的敏感信息。为解决这些问题，本文针对命名数据网络提出了一个匿名认证机制和一个匿名通信机制。本文的主要内容概括为如下三个方面： （1）研究归纳命名数据网络中存在的隐私安全问题，主要包括名字隐私、内容隐私、签名隐私和缓存隐私。 （2）提出一种可实现发布者隐私保护的匿名认证机制。该机制基于群签名算法，，同时支持批验证。该机制在实现匿名认证，保护发布者的身份隐私的同时，具有较低的验证开销。 （3）设计一种可实现请求者隐私保护的匿名通信机制。该机制采用了群及分层加密的思想，充分考虑了命名数据网络多路径转发的路由策略，在实现请求者匿名的同时，具有错误容忍和低延迟的特性。
[Abstract]:With the "information explosion" era, the current TCP/IP network architecture based on security, mobility, congestion control showed more and more adaptability. In order to fundamentally solve these problems, the future of the field of network research scholars to re design the network architecture, to replace the TCP/IP network data network (Named Data named. Networking) is one of the research hotspot, adopt data centric communication, based on the name of routing, and pays no attention to the content storage location, at the same time because of the network storage and security mechanism based on content, effectively improve the security of the network. However, the network also introduced a series of privacy first., named data packets in the network will reveal the publisher's identity privacy, because in order to ensure data integrity and source authentication, data packet carries on the data publisher Signature and signature verification information; secondly, in the non confidential information sharing case, the attacker can easily access requests issued request packets and the packets received, and then analyzes the request behavior, obtain sensitive information requests. In order to solve these problems, this paper proposes a network named data anonymous the authentication mechanism and an anonymous communication mechanism. The main contents of this paper are summarized as the following three aspects:
(1) to study the privacy security problems in the nomenclature network, including the name privacy, the content privacy, the signature privacy and the cache privacy.
(2) put forward an anonymous authentication mechanism that can realize publisher privacy protection. This mechanism is based on group signature algorithm, and supports batch verification. The mechanism achieves low anonymity authentication, protects publisher identity privacy, and has low verification cost.
(3) a design can achieve the request of anonymous communication mechanism of privacy protection. The mechanism uses layered encryption and group thinking, fully consider the routing strategy named data network multi path forwarding, in the realization of anonymous request at the same time, with the fault tolerant and low delay characteristics.

【学位授予单位】：西安电子科技大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08


本文编号：1554592