摘要
TPM计算和存储能力的制约以及直接匿名认证(DAA)的复杂性,导致现有的DAA方案只适用于单可信域,针对此局限,提出了一种适合分布式网络并行、高性能及计算机协同工作特点的跨域匿名认证机制。该机制引入可信第三方——证书仲裁中心(CAC)完成跨域示证者的平台真实性验证,为身份真实的示证者颁发跨域认证证书,该证书一次颁发,多次使用,提高跨域匿名认证效率,同时防止CAC成为系统瓶颈。该模型具有高效、安全、可信等特点,且达到可控的匿名性,并通过通用可组合安全模型分析表明该机制安全地实现了跨域匿名认证。
The restriction of computing and storage of Trusted Platform Module TPM and authentication complexity of Direct Anonymous Attestation DAA results in that DAA mechanism is for single-domain.In order to overcome this limitation a DAA for cross-domain was proposed in this paper considering paralleling high-performance and co-processing in distributed network.The mechanism introduced a trusted third party-Certificate Arbitration Center CAC to verify the reality of requester's platform certificate which issues the cross-domain certificate to the requester with real TPM.The certificate is issued once for repeated usage which prevents CAC becoming system bottleneck.The mechanism reaches the controllable anonymity and the analysis with universally composable security shows that the mechanism realizes the cross-domain anonymous attestation securely.
出处
《计算机应用》
CSCD
北大核心
2010年第8期2120-2124,共5页
journal of Computer Applications
基金
国家863计划项目(2007AA01Z438200)
国家自然科学基金资助项目(60633020)
陕西师范大学研究生创新基金资助项目(2010CXS009)
关键词
可信计算
分布式网络
跨域认证
通用可组合安全
匿名认证
trusted computing distributed network cross-domain mechanism universally composable security anonymous attestation
