协议流程的形式化描述及验证能够高效地保障协议的开发质量,对安全苛求系统尤为重要。针对铁路信号安全通信协议-Ⅱ(Railway Signal Safety Communication Protocol,RSSP-Ⅱ)中消息鉴定层(Message Authenticate Safety Layer,MASL)实现...协议流程的形式化描述及验证能够高效地保障协议的开发质量,对安全苛求系统尤为重要。针对铁路信号安全通信协议-Ⅱ(Railway Signal Safety Communication Protocol,RSSP-Ⅱ)中消息鉴定层(Message Authenticate Safety Layer,MASL)实现的会话密钥生成、对等实体认证、消息源认证等流程,建立有色Petri网(Colored Petri Net,CPN)模型,模型构造过程中执行有限步数的仿真,保障模型本身正确。利用模型检验方法,通过分析状态空间报告,验证了模型满足活性、家态性、公平性等基本行为属性,不存在冗余、死锁、活锁等设计缺陷。通过计算树逻辑(Computation Tree Logic,CTL)语句,验证了保密性、认证性等特定安全属性。结果表明,该模型满足文本设计规范中的功能安全性要求,为协议工程后续的协议实现、一致性检验奠定理论基础。展开更多
The authentication and privacy of a group member is important in multicast communication. This paper proposes a privacy-preserving authenticated group-key management protocol for the Mobile Peer-to-Peer Network ( MP2...The authentication and privacy of a group member is important in multicast communication. This paper proposes a privacy-preserving authenticated group-key management protocol for the Mobile Peer-to-Peer Network ( MP2PN ). The MP2PN contains some super peers and each super peer controls a subgroup composed of regular peers. An efficient attribute-based signature based on Cipertext-Policy Attribute-Based Encryption (CP-ABE) is proposed and used in this group-key rmnagement protocol to authenticate a peer's at- tributes and identity. A peer can be described by a set of attributes or one unique special identity at- tribute. Peers that have some attributes in common can form a group and conmmnicate with each other anonymously and securely. Any super peer can initiate a group and act as a group controller. The group controller can authenticate a peer's attributes and identity as well as remove malicious peers. Any peer with attributes that rmtches the access structure can join the group and provide its input to form the group key. The proposed protocol pro- vides backward and forward secrecy. The sinmlation results show that this protocol is applicable for mobile devices and can meet the MP2PN requirements of group communication.展开更多
文摘协议流程的形式化描述及验证能够高效地保障协议的开发质量,对安全苛求系统尤为重要。针对铁路信号安全通信协议-Ⅱ(Railway Signal Safety Communication Protocol,RSSP-Ⅱ)中消息鉴定层(Message Authenticate Safety Layer,MASL)实现的会话密钥生成、对等实体认证、消息源认证等流程,建立有色Petri网(Colored Petri Net,CPN)模型,模型构造过程中执行有限步数的仿真,保障模型本身正确。利用模型检验方法,通过分析状态空间报告,验证了模型满足活性、家态性、公平性等基本行为属性,不存在冗余、死锁、活锁等设计缺陷。通过计算树逻辑(Computation Tree Logic,CTL)语句,验证了保密性、认证性等特定安全属性。结果表明,该模型满足文本设计规范中的功能安全性要求,为协议工程后续的协议实现、一致性检验奠定理论基础。
基金This paper was supported by the National Natural Science Foundation of China under Grant No. 61073042 the Fundamental Research Funds for the Central Universities under Grant No HEUCF100606 the Open Foundation of Network and Data Security Key Laboratory of Sichuan Province under Crant No 201107.
文摘The authentication and privacy of a group member is important in multicast communication. This paper proposes a privacy-preserving authenticated group-key management protocol for the Mobile Peer-to-Peer Network ( MP2PN ). The MP2PN contains some super peers and each super peer controls a subgroup composed of regular peers. An efficient attribute-based signature based on Cipertext-Policy Attribute-Based Encryption (CP-ABE) is proposed and used in this group-key rmnagement protocol to authenticate a peer's at- tributes and identity. A peer can be described by a set of attributes or one unique special identity at- tribute. Peers that have some attributes in common can form a group and conmmnicate with each other anonymously and securely. Any super peer can initiate a group and act as a group controller. The group controller can authenticate a peer's attributes and identity as well as remove malicious peers. Any peer with attributes that rmtches the access structure can join the group and provide its input to form the group key. The proposed protocol pro- vides backward and forward secrecy. The sinmlation results show that this protocol is applicable for mobile devices and can meet the MP2PN requirements of group communication.