适用于多密级环境的移动存储设备互认证与密钥协商协议
|
摘要
针对多密级环境特点,提出一个能够离线认证、可识别密级的移动存储设备、主机终端互认证与密钥协商协议。协议基于TTP(trusted third party)的数字签名不可伪造特性和计算离散对数问题(discrete logarithm problem,DLP)的困难性,通过验证协商密钥加密所得密文的正确性实现移动存储设备与主机终端的互认证。对协议进行非形式化和形式化分析,分析结果表明,与同类协议相比,协议安全性较高,存储开销小,预共享认证参数次数少,实用性强。协议能够有效解决多密级环境下移动存储设备密级识别、身份认证问题,对移动存储设备安全管理具有重要意义。
Considering the characteristics of multi-level environment,this paper proposed a mutual authentication and key negotiation protocol between removable storage devices and host terminals. There was no online authentication center and the protocol could be able to identify the confidentiality level. Based on the unforgeability of the digital signature from TTP and the difficulty of calculating the DLP,the protocol achieved mutual authentication between removable storage devices and host terminals through verifying the correctness of ciphertext encrypted by the negotiation key. Informal and formal analyses were put on the protocol. The analysis results show that the protocol has high security,small storage cost,low number of pre-shared authentication parameters and strong practicability compared with the similar protocols. This protocol can effectively solve the problem of confidentiality level identification and identity authentication of removable storage devices in multi-level environment. And it's of great importance to the security management of removable storage devices.
Considering the characteristics of multi-level environment,this paper proposed a mutual authentication and key negotiation protocol between removable storage devices and host terminals. There was no online authentication center and the protocol could be able to identify the confidentiality level. Based on the unforgeability of the digital signature from TTP and the difficulty of calculating the DLP,the protocol achieved mutual authentication between removable storage devices and host terminals through verifying the correctness of ciphertext encrypted by the negotiation key. Informal and formal analyses were put on the protocol. The analysis results show that the protocol has high security,small storage cost,low number of pre-shared authentication parameters and strong practicability compared with the similar protocols. This protocol can effectively solve the problem of confidentiality level identification and identity authentication of removable storage devices in multi-level environment. And it's of great importance to the security management of removable storage devices.
引文
[1]1667-2006 IEEE standard protocol for authentication in host attachments of transient storage devices[S].2010:1-125.
[2]Pham D V,Syed A,Halgamuge M N.Universal serial bus based software attacks and protection solutions[J].Digital Investigation,2011,7(3-4):172-184.
[3]张慧敏.USB存储设备安全机制的研究与实现[D].成都:电子科技大学,2016.(Zhang Huimin.USB storage device security mechanism research and implementation[D].Chengdu:University of Electronic Science and Technology of China,2016.)
[4]吕志强,刘喆,常子敬,等.恶意USB设备攻击与防护技术研究[J].信息安全研究,2016,2(2):150-158.(Lyu Zhiqiang,Liu Zhe,Chang Zijing,et al.Research on attack and protection technology of malicious USB devices[J].Information Security Research,2016,2(2):150-158.)
[5]刘一.对我军移动存储介质安全保密管理的思考[J].信息安全与技术,2012,3(10):8-9.(Liu Yi.Thoughts on the security and secrecy management of mobile storage media[J].Information Security and Technology,2012,3(10):8-9.)
[6]赵松银,郁滨.USB安全连接方案设计与实现[J].系统仿真学报,2016 28(6):1400-1405.(Zhao Songyin,Yu Bin.USB security connection scheme design and implementation[J].Journal of System Simulation,2016,28(6):1400-1405.)
[7]Yang F Y,Wu T D,Chiu S H.A secure control protocol for USBmass storage devices[J].IEEE Trans on Consumer Electronics,2010,56(4):2339-2343.
[8]Chen Bo,Qin Chunfang,Yu Ling.A secure access authentication scheme for removable storage media[J].Journal of Information&Computational Science,2012,9(15):4353-4363.
[9]Lee C C,Chen C T,Wu P H,et al.Three-factor control protocol based on elliptic curve cryptosystem for universal serial bus mass storage devices[J].IET Computers&Digital Techniques,2013,7(1):48-56.
[10]He Debiao,Kumar N,Lee J H,et al.Enhanced three-factor security protocol for consumer USB mass storage devices[J].IEEE Trans on Consumer Electronics,2014,60(1):30-37.
[11]Giri D,Sherratt R S,Maitra T,et al.Efficient biometric and password based mutual authentication for consumer USB mass storage devices[J].IEEE Trans on Consumer Electronics,2015,61(4):491-499.
[12]Giri D,Sherratt R S,Maitra T.A novel and efficient session spanning biometric and password based three-factor authentication protocol for consumer USB mass storage devices[J].IEEE Trans on Consumer Electronics,2016,62(3):283-291.
[13]Amin R,Sherratt R S,Giri D,et al.A software agent enabled biometric security algorithm for secure file access in consumer storage devices[J].IEEE Trans on Consumer Electronics,2017,63(1):53-61.
[14]王黎,蔡皖东.移动存储介质安全管理系统设计与实现[J].信息安全与通信保密,2007,25(2):119-121.(Wang Li,Cai Wandong.Design and implementation of mobile storage media security management system[J].Information Security and Communication Secrecy,2007,25(2):119-121.)
[15]杨先文,李峥,王安,等.密码安全USB设备控制器IP的系统设计[J].华中科技大学学报:自然科学版,2010,38(9):59-62.(Yang Xianwen,Li Zhen,Wang An,et al.System design of cryptographic secure USB device controller IP[J].Journal of Huazhong University of Science and Technology:Natural Science Edition,2010,38(9):59-62.)
[16]李翠,郁滨.一种具有身份认证功能的USB IP核设计与实现[C]//计算机技术与应用学术会议论文集.2012:580-585.(Li Cui,Yu Bin.Design and implementation of a USB IP core with identity authentication function[C]//Proc of the Academic Conference on Computer Technology and Applications.2012:580-585.)
[17]王冠,李天亮.一种基于安全芯片的可信移动存储设备的双向认证机制[J].计算机与应用化学,2013,30(5):459-462.(Wang Guan,Li Tianliang.A two-way authentication mechanism for trusted mobile storage devices based on secure chips[J].Computer and Applied Chemistry,2013,30(5):459-462.)
[18]张学思.基于移动存储设备的多密级安全交互系统设计与实现[D].郑州:信息工程大学,2015.(Zhang Xuesi.Design and implementation of multi-level security interactive system based on mobile storage devices[D].Zhengzhou:University of Information Engineering,2015.)
[19]丁贤根.用无线认证终端授权认证及加/解密的安全U盘设计方法:中国,103366797B[P].2016.(Ding Xiangen.Authentication and encryption and decryption with wireless authentication terminal security U disk design method:China,103366797B[P].2016.)
[2]Pham D V,Syed A,Halgamuge M N.Universal serial bus based software attacks and protection solutions[J].Digital Investigation,2011,7(3-4):172-184.
[3]张慧敏.USB存储设备安全机制的研究与实现[D].成都:电子科技大学,2016.(Zhang Huimin.USB storage device security mechanism research and implementation[D].Chengdu:University of Electronic Science and Technology of China,2016.)
[4]吕志强,刘喆,常子敬,等.恶意USB设备攻击与防护技术研究[J].信息安全研究,2016,2(2):150-158.(Lyu Zhiqiang,Liu Zhe,Chang Zijing,et al.Research on attack and protection technology of malicious USB devices[J].Information Security Research,2016,2(2):150-158.)
[5]刘一.对我军移动存储介质安全保密管理的思考[J].信息安全与技术,2012,3(10):8-9.(Liu Yi.Thoughts on the security and secrecy management of mobile storage media[J].Information Security and Technology,2012,3(10):8-9.)
[6]赵松银,郁滨.USB安全连接方案设计与实现[J].系统仿真学报,2016 28(6):1400-1405.(Zhao Songyin,Yu Bin.USB security connection scheme design and implementation[J].Journal of System Simulation,2016,28(6):1400-1405.)
[7]Yang F Y,Wu T D,Chiu S H.A secure control protocol for USBmass storage devices[J].IEEE Trans on Consumer Electronics,2010,56(4):2339-2343.
[8]Chen Bo,Qin Chunfang,Yu Ling.A secure access authentication scheme for removable storage media[J].Journal of Information&Computational Science,2012,9(15):4353-4363.
[9]Lee C C,Chen C T,Wu P H,et al.Three-factor control protocol based on elliptic curve cryptosystem for universal serial bus mass storage devices[J].IET Computers&Digital Techniques,2013,7(1):48-56.
[10]He Debiao,Kumar N,Lee J H,et al.Enhanced three-factor security protocol for consumer USB mass storage devices[J].IEEE Trans on Consumer Electronics,2014,60(1):30-37.
[11]Giri D,Sherratt R S,Maitra T,et al.Efficient biometric and password based mutual authentication for consumer USB mass storage devices[J].IEEE Trans on Consumer Electronics,2015,61(4):491-499.
[12]Giri D,Sherratt R S,Maitra T.A novel and efficient session spanning biometric and password based three-factor authentication protocol for consumer USB mass storage devices[J].IEEE Trans on Consumer Electronics,2016,62(3):283-291.
[13]Amin R,Sherratt R S,Giri D,et al.A software agent enabled biometric security algorithm for secure file access in consumer storage devices[J].IEEE Trans on Consumer Electronics,2017,63(1):53-61.
[14]王黎,蔡皖东.移动存储介质安全管理系统设计与实现[J].信息安全与通信保密,2007,25(2):119-121.(Wang Li,Cai Wandong.Design and implementation of mobile storage media security management system[J].Information Security and Communication Secrecy,2007,25(2):119-121.)
[15]杨先文,李峥,王安,等.密码安全USB设备控制器IP的系统设计[J].华中科技大学学报:自然科学版,2010,38(9):59-62.(Yang Xianwen,Li Zhen,Wang An,et al.System design of cryptographic secure USB device controller IP[J].Journal of Huazhong University of Science and Technology:Natural Science Edition,2010,38(9):59-62.)
[16]李翠,郁滨.一种具有身份认证功能的USB IP核设计与实现[C]//计算机技术与应用学术会议论文集.2012:580-585.(Li Cui,Yu Bin.Design and implementation of a USB IP core with identity authentication function[C]//Proc of the Academic Conference on Computer Technology and Applications.2012:580-585.)
[17]王冠,李天亮.一种基于安全芯片的可信移动存储设备的双向认证机制[J].计算机与应用化学,2013,30(5):459-462.(Wang Guan,Li Tianliang.A two-way authentication mechanism for trusted mobile storage devices based on secure chips[J].Computer and Applied Chemistry,2013,30(5):459-462.)
[18]张学思.基于移动存储设备的多密级安全交互系统设计与实现[D].郑州:信息工程大学,2015.(Zhang Xuesi.Design and implementation of multi-level security interactive system based on mobile storage devices[D].Zhengzhou:University of Information Engineering,2015.)
[19]丁贤根.用无线认证终端授权认证及加/解密的安全U盘设计方法:中国,103366797B[P].2016.(Ding Xiangen.Authentication and encryption and decryption with wireless authentication terminal security U disk design method:China,103366797B[P].2016.)