摘要
开放的分布式网络有很多安全隐患,使用成员认证服务可以保障系统安全。为了保证分布性,不能引入中心节点,这为认证服务的设计带来了巨大挑战。基于Feldman秘密共享和门限DSA签名算法,给出了一种不需要中心节点的分布式认证服务模型,包括系统初始化、证书的颁发和撤销以及认证授权。可验证秘密共享保证能够抵抗一定数量成员合谋攻击,证书撤销机制保证恶意节点能够自动被系统隔离。模拟实验结果表明,具备较好的认证效率。
Open distributed networks are vulnerable to attacks, and security can be guaranteed by membership certification service. Centralized node can not be introduced because of decentralization which brings large challenge for certification model design. In this paper, a certification model based on Feldman secret sharing and threshold DSA signature is proposed. It is composed of system initialization, certificate issue and revocation, and authorization. Attacks by limited set of members can be resisted and malicious members can be isolated automatically. Simulation experiments prove the high efficiency of this model.
出处
《计算机仿真》
CSCD
2008年第3期159-161,322,共4页
Computer Simulation
基金
国家自然科学基金资助项目(60573053)
关键词
分布式认证
门限签名
秘密共享
Distributed certification
Threshold signature
Secret sharing