[1]锁琰,乐康,徐小岩,等.基于密钥隔离的直接匿名证明方案[J].东南大学学报(自然科学版),2011,41(6):1158-1164.[doi:10.3969/j.issn.1001-0505.2011.06.007]
 Suo Yan,Yue Kang,Xu Xiaoyan,et al.Key-insulated direct anonymous attestation[J].Journal of Southeast University (Natural Science Edition),2011,41(6):1158-1164.[doi:10.3969/j.issn.1001-0505.2011.06.007]
点击复制

基于密钥隔离的直接匿名证明方案()
分享到:

《东南大学学报(自然科学版)》[ISSN:1001-0505/CN:32-1178/N]

卷:
41
期数:
2011年第6期
页码:
1158-1164
栏目:
计算机科学与工程
出版日期:
2011-11-20

文章信息/Info

Title:
Key-insulated direct anonymous attestation
作者:
锁琰乐康徐小岩张毓森
(解放军理工大学指挥自动化学院,南京 210007)
Author(s):
Suo YanYue KangXu XiaoyanZhang Yusen
(Institute of Command Automation, PLA University of Science and Technology, Nanjing 210007, China)
关键词:
直接匿名证明 群签名 前向安全 密钥隔离 双线性映射
Keywords:
direct anonymous attestation group signature forward security key insulation bilinear map
分类号:
TP309
DOI:
10.3969/j.issn.1001-0505.2011.06.007
摘要:
为了降低可信平台的密钥泄漏对直接匿名证明方案造成的破坏,提出一种基于密钥隔离的直接匿名证明方案KIDAA. 首先将系统时间划分成若干时间段,然后对可信平台的私钥采取进化的处理办法,在不同的时间片段内使用不同的私钥,使得个别时间段内的私钥泄漏不会危害其他时间片段内的安全性.把可信平台的私钥分成2个部分,交给可信平台模块TPM和可信平台保存,在每个时间片段内,可信平台只有在TPM的帮助下,才能够获得完整的私钥信息.在签名过程中使用了双线性映射,缩短了签名长度,降低了TPM的计算量.最后,在DLIN假设和q-SDH假设的基础上,对KIDAA的安全性进行了分析和证明.分析表明,该方案满足密钥隔离性、不可伪造性和可变匿名性.
Abstract:
To reduce the damage to direct anonymous attestation (DAA) from the key-exposure of platform, a key-insulated DAA (KIDAA) is proposed. First, the lifetime of the system is divided into discrete periods. Then, the secret key of the trusted platform is processed through evolution, a temporary secret key is used to sign a message during the corresponding time period, thus the exposure of the temporary secret key at a given period will not enable an adversary to derive temporary secret keys for the remaining time periods. The secret key is divided into two parts: a helper key and temporary secret key. The former is stored in the trusted platform model (TPM), and the latter is kept by the platform. At the beginning of each time period, the platform can derive the temporary secret key for the current time period under the TPM server. The signature length of scheme is shortened through elliptic curve cryptography (ECC)-based sign algorithm, meanwhile the computational cost of the TPM is reduced. At last, the security in standard model under decision linear (DLIN) assumption and q-strong Diffie-Hellman (q-SDH) assumption is proved, which show that the scheme meets the security requirements of key insulation, variable-anonymity and unlink ability.

参考文献/References:

[1] Brickell E, Camenisch J, Chen L Q. Direct anonymous attestation[C]//Proceedings of the 11th ACM Conference on Computer and Communications Security. Washington DC, USA, 2004: 132-145.
[2] Goldwasser S, Micali S, Racko C. The knowledge complexity of interactive proofs [J]. SIAM Journal on Computing, 1989, 18(1): 186-208.
[3] Camenisch J, Lysyanskaya A. A signature scheme with efficient protocols[C]//Security in Communication Networks. Berlin: Springer-Verlag, 2003: 268-289.
[4] Chen L Q, Landfermann R, Lhr H, et al. A protocol for property-based attestation[C]//Proceedings of the 1st ACM Workshop on Scalable Trusted Computing. Nova Scotia, Canada, 2006: 7-16.
[5] Brickell E, Li J T. Enhanced privacy id: a direct anonymous attestation scheme with enhanced revocation capabilities[C]//Proceedings of the 2007 ACM Workshop on Privacy in Electronic Society. Alexandria, VA, USA, 2007: 21-30.
[6] Smyth B, Ryan M, Chen L Q. Direct anonymous attestation (DAA): ensuring privacy with corrupt administrators [M]//Stajano F. Security and Privacy in Ad-hoc and Sensor Networks. Berlin: Springer-Verlag, 2007: 218-231.
[7] Chen L Q, Lhr H, Manulis M, et al. Property-based attestation without a trusted third party[M]//Wu T C, Lei C L, Rijmen V. Information Security. Berlin: Springer-Verlag, 2008: 31-46.
[8] Weng J, Liu S L, Chen K F, et al. Identity-based key-insulated signature without random oracles[M]//Wang Y, Cheung Y M, Liu H. Computational Intelligence and Security. Berlin: Springer-Verlag, 2007:470-480.
[9] Groth J, Sahai A. Efficient non-interactive proof systems for bilinear groups[M]//Smart N. Advances in Cryptology: EUROCRYPT 2008. Berlin: Springer-Verlag, 2008: 415-432.
[10] Boneh D, Boyen X, Shacham H. Short group signatures[M]//Franklin M. Advances in Cryptology: CRYPTO 2004. Berlin: Springer-Verlag, 2004: 227-242.
[11] Groth J. Fully anonymous group signatures without random oracles[M]//Kurosawa K. Advances in Cryptology: ASIACRYPT 2007. Berlin: Springer-Verlag, 2008: 164-180.
[12] 陈小峰, 冯登国. 一种基于双线性映射的直接匿名证明方案[J]. 软件学报, 2010(8): 2070-2078.
  Chen Xiaofeng, Feng Dengguo. Direct anonymous attestation based on bilinear maps[J]. Journal of Software, 2010(8): 2070-2078.
[13] Benot L, Moti Y. Dynamic fully forward-secure group signatures[C]//Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security. Beijing, China, 2010:70-81.

相似文献/References:

[1]周振吉,吴礼发,洪征,等.云计算环境下基于信任的虚拟机可信证明模型[J].东南大学学报(自然科学版),2015,45(1):31.[doi:10.3969/j.issn.1001-0505.2015.01.006]
 Zhou Zhenji,Wu Lifa,Hong Zheng,et al.Trust based trustworthiness attestation model of virtual machines for cloud computing[J].Journal of Southeast University (Natural Science Edition),2015,45(6):31.[doi:10.3969/j.issn.1001-0505.2015.01.006]

备注/Memo

备注/Memo:
作者简介: 锁琰(1982—),男,博士生; 张毓森(联系人),男,博士,教授,博士生导师,tcsuoyan@163.com.
基金项目: 国家自然科学基金资助项目(60973135).
引文格式: 锁琰,乐康,徐小岩,等.基于密钥隔离的直接匿名证明方案[J].东南大学学报:自然科学版,2011,41(6):1158-1164. [doi:10.3969/j.issn.1001-0505.2011.06.007]
更新日期/Last Update: 2011-11-20