信任计算模型及其在公钥基础设施(PKI)中的应用研究
|
摘要
信任模型是整个安全体系的基础。本文对在线电子交易社团中的信任理解、产生和积累机制研究进行了综合分析,引入了描述在线电子交易社团信任的数学框架。对可信性呈正态分布和二元关键属性的两种情况进行了具体分析。对比了3种典型的信任产生机制,指出信誉报告系统是一种较好的在线电子社团信任产生机制。
基于以上工作,分析了关键属性为二元属性的BBK信任计算模型,指出其存在的问题:信任理解与现实存在偏差—信任失败的惩罚尺度等于成功信任尺度;存在严重的恶意推荐现象和不公平现象;采用简单的算术平均计算信任值可能导致波动很大;计算时延较大。对此,本文提出了一种改进的方案iBBK信任计算模型,新模型引入惩罚因子加大恶意欺骗惩罚;采用信誉报告减少恶意推荐的危害;信任失败时依据位置进行不同程度的惩罚,对多条路径的推荐综合值计算采用加权有效成功经历次数的方法;采用本地计算与分布式计算相结合的方式减小平均时延。并进行了模拟实验比较改进前后的性能。
为了解决PKI工程中层次式强制信任模型在信任控制上不灵活、信任风险过大等问题,本文将iBBK信任计算模型应用到PKI中,并在完整性保护、身份认证、不可否认性和时间戳服务上进行了安全适应性补充,同时结合信任管理思想详细设计了PKI中的iBBK信任计算引擎。为满足设计需要的PKI底层支持和上层服务平台,本文设计和实现了PKI环境,包括底层开发接口:PEM与DER编解码、对称加密、随机数产生、RSA算法、证书请求PKCS#10封装与解码、X.509证书和黑名单编解码、数字摘要、数字签名与验证、数字信封等和上层服务:认证中心和注册中心。
Trust model is the foundation of the whole secure architecture. This paper analyzes the understanding, production and accumulation mechanism of trust research in online electronic transaction community, and introduces a mathematical framework to define trust. Furthermore, this paper analyzes two specific cases: Gaussian trustworthiness and binary critical attributes. Based on comparing three typical trust production mechanisms, the reputation report system is better in online electronic transaction community.
According to the research mentioned above, this paper analyzes the BBK trust model whose critical attribute is binary, and indicates its disadvantages: trust failure punishment equals to that of success, which deviates reality; malicious recommendation and unfair phenomenon is serious; trust value fluctuates due to simple arithmetical average algorithm and computation lasts long. This paper proposes an improved model called iBBK, which punishes severely on deceit using punishment factor, cuts down malicious recommendation dangerousness by employing reputation report system, carries out various punishment to entities in different position of the trust path when trust fail, computes combined trust value with weightiness, and. combines local computing and distribute computing to speed up trust path found. Some simulation experiments are carried out to verify our conclusions.
In order to introduce iBBK model into PKI system to resolve inflexibility of trust control and much risk of trust, integrity, authentication, no- repudiation guarantee and time stamp services should be satisfied. This paper designs iBBK trust computation engine of PKI combining iBBK trust computing model and trust management model. The PKI environemt including development interface such as PEM and DER encoding and decoding, symmetry cryptography, RSA algrothm, random numeric generate,
certificate request PKCS#10 encoding and decoding, X.509 certificate encoding and decoding, digital abstract, digital signature and verifying signature, digital envelope and advance services such as certificate authority and register authority.
基于以上工作,分析了关键属性为二元属性的BBK信任计算模型,指出其存在的问题:信任理解与现实存在偏差—信任失败的惩罚尺度等于成功信任尺度;存在严重的恶意推荐现象和不公平现象;采用简单的算术平均计算信任值可能导致波动很大;计算时延较大。对此,本文提出了一种改进的方案iBBK信任计算模型,新模型引入惩罚因子加大恶意欺骗惩罚;采用信誉报告减少恶意推荐的危害;信任失败时依据位置进行不同程度的惩罚,对多条路径的推荐综合值计算采用加权有效成功经历次数的方法;采用本地计算与分布式计算相结合的方式减小平均时延。并进行了模拟实验比较改进前后的性能。
为了解决PKI工程中层次式强制信任模型在信任控制上不灵活、信任风险过大等问题,本文将iBBK信任计算模型应用到PKI中,并在完整性保护、身份认证、不可否认性和时间戳服务上进行了安全适应性补充,同时结合信任管理思想详细设计了PKI中的iBBK信任计算引擎。为满足设计需要的PKI底层支持和上层服务平台,本文设计和实现了PKI环境,包括底层开发接口:PEM与DER编解码、对称加密、随机数产生、RSA算法、证书请求PKCS#10封装与解码、X.509证书和黑名单编解码、数字摘要、数字签名与验证、数字信封等和上层服务:认证中心和注册中心。
Trust model is the foundation of the whole secure architecture. This paper analyzes the understanding, production and accumulation mechanism of trust research in online electronic transaction community, and introduces a mathematical framework to define trust. Furthermore, this paper analyzes two specific cases: Gaussian trustworthiness and binary critical attributes. Based on comparing three typical trust production mechanisms, the reputation report system is better in online electronic transaction community.
According to the research mentioned above, this paper analyzes the BBK trust model whose critical attribute is binary, and indicates its disadvantages: trust failure punishment equals to that of success, which deviates reality; malicious recommendation and unfair phenomenon is serious; trust value fluctuates due to simple arithmetical average algorithm and computation lasts long. This paper proposes an improved model called iBBK, which punishes severely on deceit using punishment factor, cuts down malicious recommendation dangerousness by employing reputation report system, carries out various punishment to entities in different position of the trust path when trust fail, computes combined trust value with weightiness, and. combines local computing and distribute computing to speed up trust path found. Some simulation experiments are carried out to verify our conclusions.
In order to introduce iBBK model into PKI system to resolve inflexibility of trust control and much risk of trust, integrity, authentication, no- repudiation guarantee and time stamp services should be satisfied. This paper designs iBBK trust computation engine of PKI combining iBBK trust computing model and trust management model. The PKI environemt including development interface such as PEM and DER encoding and decoding, symmetry cryptography, RSA algrothm, random numeric generate,
certificate request PKCS#10 encoding and decoding, X.509 certificate encoding and decoding, digital abstract, digital signature and verifying signature, digital envelope and advance services such as certificate authority and register authority.
引文
[1] S. Kent. Privacy Enhancement for Internet Electronic Mail:Part Ⅱ: Certificate-Based Key Management[S]. RFC 1422, 1993.
[2] Diego Gambetta. Can We Trust Trust?[A]. In: Trust: Making and Breaking Cooperative Relations[C]. Basil Blackwell: Oxford, 1990. 213~237.
[3] Alfarez Abdul-Rahman, Stephen Hailes. A Distributed Trust Model[A]. In: Proceeding of the 1997 New Security Paradgms Workshop[C].USA: ACM, 1997. 48~60.
[4] Raphael Yahalom, Birgit Klein, Thomas Beth. Trust Relationships in Secure Systems-A Distributed Authentication Perspective[A]. In: Proceedings, IEEE Symposium on Research in Security and Privacy[C].USA:IEEE, 1993. 50~164.
[5] T.Beth, M.Borcherding, B.Klein. Valuation of Trust in Open Network[A]. In: Proc. European Symposium On Research in Security(ESORICS)[C]. Brighton: Springer-Verlag, 1994. 3~18.
[6] A.Jφsang. The right type of trust for distributed systems[A]. In: Proc. Of the 1996 New Security Paradigms Workshop[C]. USA:ACM, 1996.
[7] A.Jφsang. A model for trust in security systems[A]. In: Proceedings of the Second Nordic Workshop on Secure Computer Systems[C]. Helsinki: Helsinki University of Technology, 1997.
[8] A.Jφsang, A.J.Knapskog. A metric for trusted systems(R). Global IT Security. Wein,Budapest: Austrian Computer society, 1998. 541~549.
[9] A.Jφsang. A Subjective Metric of Authentication[A]. In: Proceedings of ESORICS'98[C]. Louvain-la-Neuve, Belgium: Springer,1998. 329~344.
[10] Radia Perlman. An overview of PKI trust models[J]. IEEE Network, 1999, 13 (6): 38~43.
[11] Andrew Young, David Chadwick. Trust models in ICE-TEL[A]. In:Network and Distributed System Security[C]. USA:IEEE,1997.
122~133.
[12] David W.Chadwick, Andrew J.Young. Merging and extending the PGP and PEM trust models-the ICE-TEL trust model[J]. IEEE Network, 1997,11(3):16~24.
[13] SPKI Workgroup. the current SPKI draft specification[EB/OL]. http://www.clark.net/pub/cme/spki.txt.2001,9.
[14] Alfarez Abdul-Rahman.The PGP Trust Model[J]. EDI-Forum: the Journal of Electronic Commerce, 1997,3(2):34~36.
[15] M.Blaze,J.Feigenbaum,A.D.Keromytis. KeyNote: Trust management for public-key infrastructures[A]. In:Cambridge 1998 Security Protocols International Workshop[C]. Cambridge,England:Springer, 1998. 59~63.
[16] Carlisle,Steve著,冯登国等译.公开密钥基础设施—概念、标准和实施[M].北京:人民邮电出版社,2001.87~97.
[17] Dellarocas. The Design of Reliable Trust Management Systems for Electronic Trading Communities [EB/OL]. http://ccs.mit. edu/dell/trustmgt.pdf. 1999,5.
[18] Michael Burrows, Martin Abadi, Rioger Needham. A logic of Authentication[R]. Japan: DEC, 1989.
[19] EC. Information Technology Security Evaluation Criteria(ITSEC). EC:The European Commission,1992.
[20] Matt Blaze, Joan Feigenbaum, Jack Lacy. Decentralized Trust Management[A]. In:17th Symposium on Security and Privacy[C]. Oakland:IEEE,1996. 164~173.
[21] M.Blaze, J.Feigenbaum, J.Ioannidis et al. The Role of Trust Management in Distributed Systems Security[A]. In:Secure Internet Programming: Issues for mobile and distributed objects[C]. Berlin:Springer-Verlag, 1999.185~210.
[22] M.Blaze, J.Feigenbaum, P.Resnick. Managing Trust in an Information-Labeling System[R]. European: European Transaction Telecommunications, 1997.491~501.
[23] M.blaze, J.Feigenbaum, M.Strauss. Compliance Checking in the PolicyMaker Trust Management System[A]. In: Proc. Of the Financial
Cryptography'98[C]. USA:Lecture Notes in Computer Science, 1998. 254~274.
[24] M. Blaze, J. Feigenbaum, J. Ioannidis et al. The KeyNote Trust Management System Version 2[S]. RFC 2704, 1999.
[25] R.Khare, A.Rifkin. Trust Management on World Wide Web[J]. In World Wide Web Journal, 1997, 2(3):77-112.
[26] 徐锋,吕建.Web安全中的信任管理研究与进展[J].软件学报,2002,13(8):1-6.
[27] Rorty, Richard, Schneewind et al.Philosophy in History[M]. UK: Cambridge University Press, 1984. 279~301.
[28] Bakos, Y. Reducing Buyer Search Costs: Implications for Electronic Marketplaces[J]. Management Science, 1997,43(12):67~74.
[29] Bakos, Y. Towards Friction-Free Markets: The Emerging Role of Electronic Marketplaces on the Internet[J]. Communications of the ACM, 41 (8),1998:35~42.
[30] Friedman, Resnick. The Social Cost of Cheap Pseudonyms[A].In: the Telecommunications Policy Research Conference[C]. Washington, DC: the Social press, 1998.
[31] Resnick, Varian. Recommender Systems[J]. Communications of the ACM, 1997, 40 (3):56~58.
[31] Weber, Thomas E. To Build Virtual Trust, Web Sites Develop "Reputation Managers"[J]. The Wall Street Journal, B1, 2000:54~61.
[33] Deutsch, Morton. Cooperation and Trust: Some Theoretical Notes[A]. In: Nebrasks Symposium on Motivation[C]. Lincoln, Nebraska: University of Nebraska Press,1962. 275~319.
[34] Luhmann, Niklas. Familiarity, Confidence, Trust: Problems and Alternatives[R]. UK: Blackwell,1990. 94~107.
[35] Hart, David, Anderson et al. Envelopes as a Vehicle for Improving the Efficiency of Plan Execution[R]. University of Massachusetts at Amherst, Department of Computing and Information Science, 1990.
[35] Boon, Susan, Holmes et al. The dynamics of interpersonal trust: resolving uncertainty in the face of risk[M]. Cooperation and Prosocial
Behaviour. UK: Cambridge University Press, 1991. 190~211.
[36] Parsons, T. The Social System[M]. UK:The Free Press, 1964.
[37] Johnson, Post. Law And Borders-The Rise of Law in Cyberspace[J]. Stanford Law Review, 1996, 48:34~46.
[38] Maes, Guttman, Moukas. Agents that Buy and Sell[J].Communications of the ACM, 1999, 42 (3):81~91.
[39] Dellarocas, Klein, Rodriguez-Aguilar. An exception-handling architecture for open electronic marketplaces of contract net software agents[A]. In:Proceedings of the 2nd ACM Conference on Electronic Commerce[C]. Minneapolis, MN:ACM, 2000.
[40] Wilson, Robert. Reputations in Games and Markets[M]. Game-Theoretic Models of Bargaining: Cambridge University Press, 1985.27~62.
[41] Rogerson, William. Reputation and Product Quality[J]. The Bell Journal of Economics, 1983,14(2): 508~516.
[42] Schmalensee, R. Advertising and Product Quality[J]. Journal of Political Economy, 1978, 86(9):485~503.
[43] Goldberg, Nichols, Oki, Terry. Using Collaborative Filtering to Weave an Information Tapestry[J]. Communications of the ACM, 1992,35 (12): 61~70.
[44] Resnick, Iacovou, Suchak,Bergstrom, Riedl. Grouplens: An Open Architecture for Collaborative Filtering of Netnews[A]. In:Proceedings of the ACM 1994 Conference on Computer Supported Cooperative Work[C]. New York, NY: ACM Press,1994. 175~186.
[45] Shardanand, Maes. Social information filtering: Algorithms for automating "word of mouth"[A]. In:Proceedings of the Conference on Human Factors in Computing Systems (CHI95)[C]. Denver: CO, 1995. 210~217.
[46] Billsus, Pazzani. Learning collaborative information filters[A]. In: Proceedings of the 15th International Conference on Machine Learning[C].USA: ACM, 1998. 46~54.
[47] Jain, Murty, Flynn. Data clustering: a review[J]. ACM Computing
Surveys. 1999,31(3): 264~323.
[48] Gordon, A.D. Classification[M]. Boca Raton: Chapman & HalI/CRC, 1999.
[49] Arrow, Kenneth. Social Choice and Individual Values[M]. USA:Yale University Press, 1963.
[50] Sen, A. Social choice theory[M]. Elsevier Science Publishers:Handbook of Mathematical Economics, 1986.
[51] Lars Resmusson, Sverker Jansson. Simulated Social control for Secure Internet Commerce(A). In: Proceedings, New Security Paradigms'96 Workshop[C]. USA:ACM, 1996.
[52] L.Rasmusson, S.Jansson. Personal Security Assistance for Secure Internet Commerce(A). In: Proceedings, New Security Paradigms'96 Workshop[C]. USA:ACM, 1996.
[53] Andrew Nash,William Duane,Celia Joseph等著,张玉清等译.公钥基础设施(PKI)实现和管理电子安全.北京:清华出版社,2002.
[54] 陈华勇,谢冬青,王永静.BBK信任计算模型的分析和改进[J].湖南大学学报,2003,30(3):59~62.
[2] Diego Gambetta. Can We Trust Trust?[A]. In: Trust: Making and Breaking Cooperative Relations[C]. Basil Blackwell: Oxford, 1990. 213~237.
[3] Alfarez Abdul-Rahman, Stephen Hailes. A Distributed Trust Model[A]. In: Proceeding of the 1997 New Security Paradgms Workshop[C].USA: ACM, 1997. 48~60.
[4] Raphael Yahalom, Birgit Klein, Thomas Beth. Trust Relationships in Secure Systems-A Distributed Authentication Perspective[A]. In: Proceedings, IEEE Symposium on Research in Security and Privacy[C].USA:IEEE, 1993. 50~164.
[5] T.Beth, M.Borcherding, B.Klein. Valuation of Trust in Open Network[A]. In: Proc. European Symposium On Research in Security(ESORICS)[C]. Brighton: Springer-Verlag, 1994. 3~18.
[6] A.Jφsang. The right type of trust for distributed systems[A]. In: Proc. Of the 1996 New Security Paradigms Workshop[C]. USA:ACM, 1996.
[7] A.Jφsang. A model for trust in security systems[A]. In: Proceedings of the Second Nordic Workshop on Secure Computer Systems[C]. Helsinki: Helsinki University of Technology, 1997.
[8] A.Jφsang, A.J.Knapskog. A metric for trusted systems(R). Global IT Security. Wein,Budapest: Austrian Computer society, 1998. 541~549.
[9] A.Jφsang. A Subjective Metric of Authentication[A]. In: Proceedings of ESORICS'98[C]. Louvain-la-Neuve, Belgium: Springer,1998. 329~344.
[10] Radia Perlman. An overview of PKI trust models[J]. IEEE Network, 1999, 13 (6): 38~43.
[11] Andrew Young, David Chadwick. Trust models in ICE-TEL[A]. In:Network and Distributed System Security[C]. USA:IEEE,1997.
122~133.
[12] David W.Chadwick, Andrew J.Young. Merging and extending the PGP and PEM trust models-the ICE-TEL trust model[J]. IEEE Network, 1997,11(3):16~24.
[13] SPKI Workgroup. the current SPKI draft specification[EB/OL]. http://www.clark.net/pub/cme/spki.txt.2001,9.
[14] Alfarez Abdul-Rahman.The PGP Trust Model[J]. EDI-Forum: the Journal of Electronic Commerce, 1997,3(2):34~36.
[15] M.Blaze,J.Feigenbaum,A.D.Keromytis. KeyNote: Trust management for public-key infrastructures[A]. In:Cambridge 1998 Security Protocols International Workshop[C]. Cambridge,England:Springer, 1998. 59~63.
[16] Carlisle,Steve著,冯登国等译.公开密钥基础设施—概念、标准和实施[M].北京:人民邮电出版社,2001.87~97.
[17] Dellarocas. The Design of Reliable Trust Management Systems for Electronic Trading Communities [EB/OL]. http://ccs.mit. edu/dell/trustmgt.pdf. 1999,5.
[18] Michael Burrows, Martin Abadi, Rioger Needham. A logic of Authentication[R]. Japan: DEC, 1989.
[19] EC. Information Technology Security Evaluation Criteria(ITSEC). EC:The European Commission,1992.
[20] Matt Blaze, Joan Feigenbaum, Jack Lacy. Decentralized Trust Management[A]. In:17th Symposium on Security and Privacy[C]. Oakland:IEEE,1996. 164~173.
[21] M.Blaze, J.Feigenbaum, J.Ioannidis et al. The Role of Trust Management in Distributed Systems Security[A]. In:Secure Internet Programming: Issues for mobile and distributed objects[C]. Berlin:Springer-Verlag, 1999.185~210.
[22] M.Blaze, J.Feigenbaum, P.Resnick. Managing Trust in an Information-Labeling System[R]. European: European Transaction Telecommunications, 1997.491~501.
[23] M.blaze, J.Feigenbaum, M.Strauss. Compliance Checking in the PolicyMaker Trust Management System[A]. In: Proc. Of the Financial
Cryptography'98[C]. USA:Lecture Notes in Computer Science, 1998. 254~274.
[24] M. Blaze, J. Feigenbaum, J. Ioannidis et al. The KeyNote Trust Management System Version 2[S]. RFC 2704, 1999.
[25] R.Khare, A.Rifkin. Trust Management on World Wide Web[J]. In World Wide Web Journal, 1997, 2(3):77-112.
[26] 徐锋,吕建.Web安全中的信任管理研究与进展[J].软件学报,2002,13(8):1-6.
[27] Rorty, Richard, Schneewind et al.Philosophy in History[M]. UK: Cambridge University Press, 1984. 279~301.
[28] Bakos, Y. Reducing Buyer Search Costs: Implications for Electronic Marketplaces[J]. Management Science, 1997,43(12):67~74.
[29] Bakos, Y. Towards Friction-Free Markets: The Emerging Role of Electronic Marketplaces on the Internet[J]. Communications of the ACM, 41 (8),1998:35~42.
[30] Friedman, Resnick. The Social Cost of Cheap Pseudonyms[A].In: the Telecommunications Policy Research Conference[C]. Washington, DC: the Social press, 1998.
[31] Resnick, Varian. Recommender Systems[J]. Communications of the ACM, 1997, 40 (3):56~58.
[31] Weber, Thomas E. To Build Virtual Trust, Web Sites Develop "Reputation Managers"[J]. The Wall Street Journal, B1, 2000:54~61.
[33] Deutsch, Morton. Cooperation and Trust: Some Theoretical Notes[A]. In: Nebrasks Symposium on Motivation[C]. Lincoln, Nebraska: University of Nebraska Press,1962. 275~319.
[34] Luhmann, Niklas. Familiarity, Confidence, Trust: Problems and Alternatives[R]. UK: Blackwell,1990. 94~107.
[35] Hart, David, Anderson et al. Envelopes as a Vehicle for Improving the Efficiency of Plan Execution[R]. University of Massachusetts at Amherst, Department of Computing and Information Science, 1990.
[35] Boon, Susan, Holmes et al. The dynamics of interpersonal trust: resolving uncertainty in the face of risk[M]. Cooperation and Prosocial
Behaviour. UK: Cambridge University Press, 1991. 190~211.
[36] Parsons, T. The Social System[M]. UK:The Free Press, 1964.
[37] Johnson, Post. Law And Borders-The Rise of Law in Cyberspace[J]. Stanford Law Review, 1996, 48:34~46.
[38] Maes, Guttman, Moukas. Agents that Buy and Sell[J].Communications of the ACM, 1999, 42 (3):81~91.
[39] Dellarocas, Klein, Rodriguez-Aguilar. An exception-handling architecture for open electronic marketplaces of contract net software agents[A]. In:Proceedings of the 2nd ACM Conference on Electronic Commerce[C]. Minneapolis, MN:ACM, 2000.
[40] Wilson, Robert. Reputations in Games and Markets[M]. Game-Theoretic Models of Bargaining: Cambridge University Press, 1985.27~62.
[41] Rogerson, William. Reputation and Product Quality[J]. The Bell Journal of Economics, 1983,14(2): 508~516.
[42] Schmalensee, R. Advertising and Product Quality[J]. Journal of Political Economy, 1978, 86(9):485~503.
[43] Goldberg, Nichols, Oki, Terry. Using Collaborative Filtering to Weave an Information Tapestry[J]. Communications of the ACM, 1992,35 (12): 61~70.
[44] Resnick, Iacovou, Suchak,Bergstrom, Riedl. Grouplens: An Open Architecture for Collaborative Filtering of Netnews[A]. In:Proceedings of the ACM 1994 Conference on Computer Supported Cooperative Work[C]. New York, NY: ACM Press,1994. 175~186.
[45] Shardanand, Maes. Social information filtering: Algorithms for automating "word of mouth"[A]. In:Proceedings of the Conference on Human Factors in Computing Systems (CHI95)[C]. Denver: CO, 1995. 210~217.
[46] Billsus, Pazzani. Learning collaborative information filters[A]. In: Proceedings of the 15th International Conference on Machine Learning[C].USA: ACM, 1998. 46~54.
[47] Jain, Murty, Flynn. Data clustering: a review[J]. ACM Computing
Surveys. 1999,31(3): 264~323.
[48] Gordon, A.D. Classification[M]. Boca Raton: Chapman & HalI/CRC, 1999.
[49] Arrow, Kenneth. Social Choice and Individual Values[M]. USA:Yale University Press, 1963.
[50] Sen, A. Social choice theory[M]. Elsevier Science Publishers:Handbook of Mathematical Economics, 1986.
[51] Lars Resmusson, Sverker Jansson. Simulated Social control for Secure Internet Commerce(A). In: Proceedings, New Security Paradigms'96 Workshop[C]. USA:ACM, 1996.
[52] L.Rasmusson, S.Jansson. Personal Security Assistance for Secure Internet Commerce(A). In: Proceedings, New Security Paradigms'96 Workshop[C]. USA:ACM, 1996.
[53] Andrew Nash,William Duane,Celia Joseph等著,张玉清等译.公钥基础设施(PKI)实现和管理电子安全.北京:清华出版社,2002.
[54] 陈华勇,谢冬青,王永静.BBK信任计算模型的分析和改进[J].湖南大学学报,2003,30(3):59~62.