期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

一种基于TPM匿名证书的信任协商方案 被引量:1

A Scenario of Trust Negotiation Based on TPM Anonymous Credentials
下载PDF
导出
摘要 为促进分布式网络环境中跨安全域的信息共享与协作,需要一种合理有效的信任协商敏感信息保护机制.可信计算组织(Trusted Computing Group,TCG)专注于从计算平台体系结构上增强其安全性.基于可信计算的匿名证书机制提出一种新的信任协商方案:匿名证书信任协商ACTN(anonymous credentials based trusted negotiation),良好地解决了跨安全域的敏感信息保护的问题,可以有效地防止重放攻击、窜改攻击和替换攻击.使用一个硬件模块TPM进行隐私信息保护,并通过TPM模块提供可靠的匿名证书和平台认证.定义了ACTN的模型以及模型中的匿名证书,详细说明了匿名证书的基本参数以及匿名证书的创建方法,讨论了策略的安全性、委托机制以及证书链的发现机制,同时设计了协商节点的框架以及协商过程.通过实验并与Trust Builder和COTN协商系统进行比较,表明系统具有良好的稳定性和可用性.最后指出相关的一些未来研究方向. An effective sensitive information protection mechanism in trust negotiation is needed to promote sharing and collaboration between security domains in distributed network computing. TCG is an industry standardization body that aims to develop and promote an open industry standard for trusted computing hardware and software building blocks to enable more secure data storage, online business practices, and online commerce transactions while protecting privacy and individual rights. The novel anonymous credentials based trusted negotiation system (ACTN) is designed and implemented based on the TPM anonymous credentials of trusted computing, which excellently deals with the difficulty of the protection of sensitive resources between strangers. The scenario resists the replay attacks, tampering attacks, masquerading, and the mechanism is based on a hardware module, called trusted platform module. The model of ACTN and the anonymous credentials are defined in detail ; the parameter and the construct method of anonymous credentials are explained ~ the security of policy, the mechanism of delegation and the credential chain discovery are discussed~ the framework of negotiation nodes and the process of negotiation are designed in addition. The results of the experiments are compared with the TrustBuilder and COTN negotiation system, and the results prove the sound performance and good security guarantee. Finally, some related future research fields of the paper are pointed out.
作者 石志国 贺也平 张宏
机构地区 北京科技大学信息工程学院
出处 《计算机研究与发展》 EI CSCD 北大核心 2008年第8期1279-1289,共11页 Journal of Computer Research and Development
基金 国家自然科学基金项目(60673121) 国家“八六三”高技术研究发展计划基金项目(2006aa010201,2007aa010601)~~
关键词 信息安全 自动信任协商 可信计算 匿名证书 访问控制 information security automated trust negotiation trusted computing anonymous credential access control
分类号 TP309 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献27

  • 1Winsborough W H, Li Ninghui. Safety in automated trust negotiation [J]. ACM Trans on Information and System Security, 2006, 9(3): 352-390.
  • 2李建欣,怀进鹏,李先贤.自动信任协商研究[J].软件学报,2006,17(1):124-133. 被引量:52
  • 3廖振松,金海,李赤松,邹德清.自动信任协商及其发展趋势[J].软件学报,2006,17(9):1933-1948. 被引量:52
  • 4Holt J E, Bradshaw R W, Seamons K E, et al. Hidden credentials [C]//Jajodia S, Samarati P, Syverson P F, eds. Proc of the ACM Workshop on Privacy in the Electronic Society. New York: ACM Press, 2003: 1-8.
  • 5Li J T, Li N H. OACerts: Oblivious attribute certificates [C] //Han Y F ed. Proc of the 3rd Conf on Applied Cryptography and Network Security. New York: ACM Press, 2003: 108-121.
  • 6Li N H, Du W L, Boneh D. Oblivious signature-based envelope [C] //Elizabethed Bed. Proe of the 22nd ACM Syrup on Principles of Distributed Computing (PODC 2003). New York:ACM Press, 2003: 182-189.
  • 7Yu T, Winslett M. Policy migration for sensitive credentials in trust negotiation [C]//Proc of the ACM Workshop on Privacy in the Electronic Society. New York: ACM Press, 2003.
  • 8Trusted Computing Group. Trusted platform module main specification [OL]. [ 2007-05-08 ]. http://www. trustedcomputinggroup, org.
  • 9Winsborough W H, Seamons K E, Jones V E. Automated trust negotiation [C] //Proc of DARPA Information Survivability Conference and Exposition. Piscataway, New Jersey: IEEE Press, 2000:88-102.
  • 10Yu T, Ma X, Winslett M. Prunes: An efficient and complete strategy for trust negotiation over the Internet [C] //Proc of the 7th ACM Conf on Computer and Communications Security (CCS-7). New York= ACM Press, 2000:210-219.

二级参考文献33

  • 1金海,陈汉华,吕志鹏,宁小敏.CGSP作业管理器合成服务的QoS优化模型及求解[J].计算机学报,2005,28(4):578-588. 被引量:53
  • 2杨胜文,史美林.一种支持QoS约束的Web服务发现模型[J].计算机学报,2005,28(4):589-594. 被引量:131
  • 3朱峻茂,杨寿保,樊建平,陈明宇.Grid与P2P混合计算环境下基于推荐证据推理的信任模型[J].计算机研究与发展,2005,42(5):797-803. 被引量:44
  • 4徐震,李斓,冯登国.基于角色的受限委托模型[J].软件学报,2005,16(5):970-978. 被引量:52
  • 5李建欣,怀进鹏,李先贤.自动信任协商研究[J].软件学报,2006,17(1):124-133. 被引量:52
  • 6Chadwick D. W. , Otenko A.. The PERMIS X. 509 role based privilege management infrastructure. In: Proceedings of the 7th ACM Symposium on Access Control Models and Technologies (SACMAT), Monterey, California, USA, 2002, 135-140
  • 7Blaze M. , Feigenbaum J. , Lacy J.. Decentralized trust management. In: Proceedings of the IEEE Symposium on Securityand Privacy, Oakland, CA, USA, 1996, 164-173
  • 8Li N. , Mitchell J. C. , Winsborough W. H.. Design of a Role-based trust management framework. In: Proceedings of the 2002 IEEE Symposium on Security and Privacy, Berkeley, California, 2002, 114-130
  • 9Clarke D. , Ellen J. E. , Ellison C. , Fredette M. , Morcos A. ,Rivest R. L.. Certificate chain discovery in SPKI/SDSI. Journal of Computer Security, 2001, 9(4):285-322
  • 10Winsborough W. H. , Seamons K. E. , Jones V.E.. Automated trust negotiation. In: Proceedings of the DARPA Information Survivability Conference and Exposition, 2000, 88-102

共引文献107

同被引文献6

引证文献1

计算机研究与发展
2008年 第8期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部