摘要
现有PKI、IBC认证技术与SSL/TLS通信协议已不能满足当今网络空间新兴信息产业的毫秒级信息安全需求。针对新兴信息产业的毫秒级通信安全问题,以CFL为原点技术,并基于CFL_BLP模型给出CFL SSL协议及其形式化描述,从协议层面上证明该协议可实现毫秒级双向认证、通信的机密性和完整性保护、自主可控以及防止中间人攻击等信息安全属性。实验结果表明,与SSL/TLS协议相比,该协议的可用性和安全性更高,且能够满足各种新兴信息产业通信机制的毫秒级信息安全需求。
The existing Public Key Infrastructure(PKI),Identity-Based Cryptosystem(IBC)authentication technologies and SSL/TLS protocol,have failed to meet the millisecond-level information security requirements of the emerging information industry in cyberspace.To address the problem,this paper proposes the CFL SSL protocol,which is based on CFL.The paper gives a formalized description of CFL SSL on the basis of the CFL_BLP model,and proves at the protocol level that the protocol enables multiple information security properties,including millisecond-level mutual authentication,protection of the communication confidentiality and integrity,independent control and prevention of manin-the-middle attacks.Experimental results show that the protocol can meet the millisecond information security requirements of communication mechanisms in emerging information industries,and has higher availability and security than SSL/TLS protocol.
作者
廉文娟
赵朵朵
范修斌
LIAN Wenjuan;ZHAO Duoduo;FAN Xiubin(College of Computer Science&Engineering,Shandong University of Science and Technology,Qingdao,Shandong 266590,China;Qingdao Branch,Institute of Software,Chinese Academy of Sciences,Qingdao,Shandong 266114,China;Qingdao Bowen Guangcheng Information Security Technology Limited Company,Qingdao,Shandong 266235,China;Shandong Wenbin Information Security Technology Limited Company,Taian,Shandong 271200,China)
出处
《计算机工程》
CAS
CSCD
北大核心
2021年第6期152-163,共12页
Computer Engineering
基金
青岛市社科规划项目(QDSKL2001156)。
