远程匿名证明协议的研究与实现

发布时间：2018-05-12 16:03

本文选题：可信计算 + 可信计算模块　；参考：《北京交通大学》2016年硕士论文

【摘要】：伴随数字时代的到来,电子商务、电子政务、网络购物、网络社交等越来越多的应用在网络上广泛展开,计算机与网络已渗透到社会的各个领域,越来越深入我们的生活,并成为普通民众日常生活中的重要组成部分。大数据时代的到来似乎将为人类带来更多的便捷,但是大数据对网络隐私的负面影响逐渐引起了更多的人们思考。可信计算(Trusted Computing,TC)技术是由可信计算组织(Trusted Computing Group, TCG)提出,以确保计算机的行为像人们期望的那样的安全可靠。远程证明是TCG标准中的一个主要功能,它提供了两个交互双方之间的完整性配置的证据。在TCG标准v1.2中提出了一种匿名认证协议来保护用户隐私,被称为直接匿名认证(Direct Anonymous Attestation, DAA)。该直接匿名证明方案一方面容易受到伪装攻击,另一方面不易于在现有的网络协议架构中实际部署实施。本文全面分析了可信计算在隐私保护上设计的直接匿名证明方案的安全性,重点解决直接匿名证明存在的问题,提出了一种在运行性能方面与安全性方面上有一定优势的解决方案--基于直接匿名证明协议和安全传输层协议(Transport Layer Security, TLS)的远程匿名证明协议。在可信平台模块(Trusted Platform Module, TPM)的基础上,将身份匿名证明,平台完整性验证和密钥交换协议相结合,在交互双端之间构建出一条能够匿名认证身份与验证平台完整性的可信信道。改进方案满足以下七个安全需求：匿名性、不可伪造性、不可克隆性和用户可控连接性、前向安全性、抵抗重放攻击性和抵抗伪装攻击性。设计的协议兼容扩展的TLS协议架构,便于部署。另外协议支持椭圆曲线ECC算法,运输速度快,存储空间小,具有更高的使用性能。在协议安全性分析方面,本文在Dolev-Yao模型下进行理论分析,使用高级协议规范语言(High-Level Protocol Specification Language, HLPSL)对设计的协议进行建模,在SPAN模型检测工具的帮助下,模拟协议交互流程,自动地检测可能存在的攻击路径,分析协议设计方案的安全性。最后利用开源算法库OpenSSL在Linux环境下对设计方案模拟实现,在银联迷你付的支付环境下,适应性地将新的远程匿名证明协议应用到其中。
[Abstract]:With the advent of the digital age, e-commerce, e-government, online shopping, network social networking and other more and more widely used in the network, computers and networks have penetrated into all areas of society, more and more deep into our lives, And become an important part of ordinary people's daily life. The advent of the big data era seems to bring more convenience to mankind, but the negative impact of big data on Internet privacy has gradually aroused more people to think. Trusted Computing TCs are proposed by trusted Computing Group, TCG) to ensure that computers behave as safely and reliably as people expect. Remote certification is a major function of the TCG standard, which provides evidence of integrity configuration between two interactive parties. In the TCG standard v1.2, an anonymous authentication protocol is proposed to protect the privacy of users. It is called Direct Anonymous Attestation. On the one hand, the scheme is vulnerable to camouflage attack, on the other hand, it is difficult to deploy in the existing network protocol architecture. In this paper, the security of the direct anonymous proof scheme designed by trusted computing in privacy protection is analyzed, and the problem of direct anonymous proof is solved. In this paper, a solution with advantages in performance and security is proposed, which is based on Direct Anonymous Authentication Protocol and secure Transport layer Protocol, which is based on remote Anonymous Authentication Protocol. Based on trusted Platform Module, TPM), a trusted channel which can authenticate identity anonymously and verify the integrity of platform is constructed by combining anonymous authentication, platform integrity verification and key exchange protocol. The improved scheme meets the following seven security requirements: anonymity, unforgeability, non-cloning and user controllable connectivity, forward security, resistance to replay aggression and camouflage aggression. The designed protocol is compatible with the extended TLS protocol architecture for easy deployment. In addition, the protocol supports elliptic curve ECC algorithm, which has the advantages of fast transportation speed, small storage space and higher performance. In the aspect of protocol security analysis, this paper carries on the theoretical analysis under the Dolev-Yao model, uses the high-level protocol specification language High-Level Protocol Specification Language, HLPSL) to carry on the modeling to the designed protocol, with the help of the SPAN model checking tool, simulates the protocol interaction flow. The possible attack path is automatically detected and the security of the protocol design is analyzed. Finally, the open source algorithm library OpenSSL is used to simulate the design scheme in Linux environment. In the payment environment of UnionPay Mini payment, the new remote anonymous certification protocol is applied to it adaptively.
【学位授予单位】：北京交通大学
【学位级别】：硕士
【学位授予年份】：2016
【分类号】：TP309

【相似文献】