基于DAA和TLS的匿名远程证明协议
|
摘要
为了解决使用直接匿名证明方法进行远程证明易受伪装攻击的问题,提出了一种基于直接匿名证明和安全传输层协议(TLS)的匿名远程证明协议.使用可信平台模块,完成平台配置和匿名身份的度量并生成签名信息;改进身份认证和证书校验机制,并使用TLS协议的扩展消息传输远程证明内容;结合匿名证明、完整性报告和密钥协商机制设计总体协议,从而在交互双方构建出匿名认证的可信信道.分析表明:改进方案满足身份认证的不可伪造性、匿名性、可控的可链接性和不可克隆性,能够抵御重放攻击和伪装攻击,且设计的协议兼容扩展的TLS协议架构,便于部署.
To prevent the masquerading attack in the remote attestation with the direct anonymous attestation(DAA),a anonymous remote attestation protocol was proposed based on DAA and the transport layer security(TLS)protocol.The trusted platform module was utilized to measure the platform configuration and anonymous identity,and the signature generated.The new identity authentication and certificate verification method were designed.The remote attestation information was transmitted with supplemental messages in TLS.The anonymous attestation,integrity reporting and key agreement mechanisms were integrated so as to build a trusted anonymous channel.Security analysis shows that our protocol satisfies unforgeability,anonymity,user-controllable linkability and uncloneability in identity authentication as well as resists the replay attack and the masquerading attack.The proposed protocol is easily deployed because of the compatibility with the TLS extension framework.
To prevent the masquerading attack in the remote attestation with the direct anonymous attestation(DAA),a anonymous remote attestation protocol was proposed based on DAA and the transport layer security(TLS)protocol.The trusted platform module was utilized to measure the platform configuration and anonymous identity,and the signature generated.The new identity authentication and certificate verification method were designed.The remote attestation information was transmitted with supplemental messages in TLS.The anonymous attestation,integrity reporting and key agreement mechanisms were integrated so as to build a trusted anonymous channel.Security analysis shows that our protocol satisfies unforgeability,anonymity,user-controllable linkability and uncloneability in identity authentication as well as resists the replay attack and the masquerading attack.The proposed protocol is easily deployed because of the compatibility with the TLS extension framework.
引文
[1]沈昌祥,张焕国,冯登国,等.信息安全综述[J].中国科学:E辑,2007,37(2):129-150.
[2]Trusted Computing Group.TCG specification architecture overview[EB/OL].[2007-08-02].http:∥www.trustedcomputinggroup.org/resources/tcgarchitecture-overview-version-14/.
[3]Balfe S,Gallery E,Mitchell C J,et a1.Challenges for trusted computing[J].IEEE Security and Privacy,2008,6(6):60-66.
[4]Brickell E,Camenisch J,Chen L.Direct anonymous attestation[C]∥Proceedings of the 11th ACM Conference on Computer and Communications Security.New York:ACM,2004:132-145.
[5]Stumpf F,Tafreschi O,R¨oder P,et al.A robust integrity reporting protocol for remote attestation[C]∥Proceedings of the Second Workshop on Advances in Trusted Computing.New York:ACM,2006:1-12.
[6]Kenneth G,Ronald P,Reiner S.Linking remote attestation to secure tunnel endpoints[R].New York:IBM,2006.
[7]Gasmi Y,Sadeghi A R,Stewin P.Beyond secure channels[C]∥Proceedings of the 2007ACM Workshop on Scalable Trusted Computing.New York:ACM,2007:30-40.
[8]Frederik Armknecht,Yacine Gasmi,Ahmad Reza Sadeghi,et al.An efficient implementation of trusted channels based on OpenSSL[C]∥Proceedings of the2008ACM Workshop on Scalable Trusted Computing.New York:ACM,2008:41-50
[9]Zhang Dawei,Han Zhen.Protocol for trusted channel protocol based on portable trusted module[J].China Communications,2013,10(11):1-14.
[10]Chen Xiaofeng,Feng Dengguo.Direct anonymous attestation for next generation TPM[J].Journal of Computers,2008,3(12):43-50.
[11]杨力,张俊伟,马建峰,等.改进的移动计算平台直接匿名证明方案[J].通信学报,2013,34(6):69-75.
[12]Chen L,Page D,Smart N P.On the design and implementation of an efficient DAA scheme[C]∥Smart Card Research and Advanced Application.Berlin:Springer Heidelberg,2010:223-237.
[13]Chen L,Li J.Flexible and scalable digital signatures in TPM 2.0[C]∥Proceedings of the 2013 ACM Conference on Computer and Communications Security.New York:ACM,2013:37-48.
[14]Walker J,Li J.Key exchange with anonymous authentication using DAA-SIGMA protocol[C]∥Trusted Systems.Berlin:Springer Heidelberg,2011:108-127.
[15]Cesena E,L¨ohr H,Ramunno G,et al.Anonymous authentication with TLS and DAA[C]∥Trust and Trustworthy Computing.Berlin:Springer Heidelberg,2010:47-62.
[16]Dietrich K.Anonymous client authentication for transport layer security[C]∥Communications and Multimedia Security.Berlin:Springer Heidelberg,2010:268-280.
[17]Wachsmann C,Chen L,Dietrich K,et al.Lightweight anonymous authentication with TLS and DAA for embedded mobile devices[C]∥Information Security.Berlin:Springer Heidelberg,2011:84-98.
[18]Dierks T,Rescorla E.The transport layer security(TLS)protocol version 1.1[EB/OL].[2013-06-12].http:∥www.ietf.org/rfc/rfc4346.txt.
[19]Santesson S.TLS handshake message for supplemental data[EB/OL].[2013-06-12].http:∥tools.ietf.org/html/rfc4680.
[20]Dolev D,Yao A.On the security of public key protocols[J].IEEE Transactions on Information Theory,1983,29(2):198-208.
[2]Trusted Computing Group.TCG specification architecture overview[EB/OL].[2007-08-02].http:∥www.trustedcomputinggroup.org/resources/tcgarchitecture-overview-version-14/.
[3]Balfe S,Gallery E,Mitchell C J,et a1.Challenges for trusted computing[J].IEEE Security and Privacy,2008,6(6):60-66.
[4]Brickell E,Camenisch J,Chen L.Direct anonymous attestation[C]∥Proceedings of the 11th ACM Conference on Computer and Communications Security.New York:ACM,2004:132-145.
[5]Stumpf F,Tafreschi O,R¨oder P,et al.A robust integrity reporting protocol for remote attestation[C]∥Proceedings of the Second Workshop on Advances in Trusted Computing.New York:ACM,2006:1-12.
[6]Kenneth G,Ronald P,Reiner S.Linking remote attestation to secure tunnel endpoints[R].New York:IBM,2006.
[7]Gasmi Y,Sadeghi A R,Stewin P.Beyond secure channels[C]∥Proceedings of the 2007ACM Workshop on Scalable Trusted Computing.New York:ACM,2007:30-40.
[8]Frederik Armknecht,Yacine Gasmi,Ahmad Reza Sadeghi,et al.An efficient implementation of trusted channels based on OpenSSL[C]∥Proceedings of the2008ACM Workshop on Scalable Trusted Computing.New York:ACM,2008:41-50
[9]Zhang Dawei,Han Zhen.Protocol for trusted channel protocol based on portable trusted module[J].China Communications,2013,10(11):1-14.
[10]Chen Xiaofeng,Feng Dengguo.Direct anonymous attestation for next generation TPM[J].Journal of Computers,2008,3(12):43-50.
[11]杨力,张俊伟,马建峰,等.改进的移动计算平台直接匿名证明方案[J].通信学报,2013,34(6):69-75.
[12]Chen L,Page D,Smart N P.On the design and implementation of an efficient DAA scheme[C]∥Smart Card Research and Advanced Application.Berlin:Springer Heidelberg,2010:223-237.
[13]Chen L,Li J.Flexible and scalable digital signatures in TPM 2.0[C]∥Proceedings of the 2013 ACM Conference on Computer and Communications Security.New York:ACM,2013:37-48.
[14]Walker J,Li J.Key exchange with anonymous authentication using DAA-SIGMA protocol[C]∥Trusted Systems.Berlin:Springer Heidelberg,2011:108-127.
[15]Cesena E,L¨ohr H,Ramunno G,et al.Anonymous authentication with TLS and DAA[C]∥Trust and Trustworthy Computing.Berlin:Springer Heidelberg,2010:47-62.
[16]Dietrich K.Anonymous client authentication for transport layer security[C]∥Communications and Multimedia Security.Berlin:Springer Heidelberg,2010:268-280.
[17]Wachsmann C,Chen L,Dietrich K,et al.Lightweight anonymous authentication with TLS and DAA for embedded mobile devices[C]∥Information Security.Berlin:Springer Heidelberg,2011:84-98.
[18]Dierks T,Rescorla E.The transport layer security(TLS)protocol version 1.1[EB/OL].[2013-06-12].http:∥www.ietf.org/rfc/rfc4346.txt.
[19]Santesson S.TLS handshake message for supplemental data[EB/OL].[2013-06-12].http:∥tools.ietf.org/html/rfc4680.
[20]Dolev D,Yao A.On the security of public key protocols[J].IEEE Transactions on Information Theory,1983,29(2):198-208.