基于信任的服务实体跨域认证方案
|
摘要
根据目前基于身份的跨域认证过程中域代理(domain agent,DA)数量有限的特点,针对该跨域认证过程中计算复杂的问题,采用信任和基于身份密码体制相结合的方式,提出了基于信任的用户跨域访问信息服务实体(information services entity,ISE)资源的算法。该算法首先完成用户在DA的身份认证,然后采用提出的信任度判断方法进行信任度的判断达到双向认证的目的,最终实现用户跨域访问ISE。仿真结果表明,信任度的判断方法有效地实现抵抗"恶意"DA的攻击,同时该基于信任的ISE跨域认证方案与基于身份的跨域认证方案相比,计算量减少,通信开销降低。
According to the characteristics of limited number of domain agents and to solve the complex computational problems in the current cross-domain authentication process based on identity,an algorithm based on trust for users to cross-domain access information services entity(ISE)resources is proposed.The algorithm adopts a combination of trust and identity-based cryptosystems.The algorithm firstly completes the identity authentication of users in the domain agent,and then judges the trust degree by using the proposed trust judgment method to achieve the purpose of bidirectional authentication,and finally realizes user cross-domain access ISE.The simulation results show that the method of judging trust effectively resists attacks from "malicious"domain agents.Compared with identity-based cross-domain authentication,the scheme based on trust for ISE reduces the amount of calculation and communication cost.
According to the characteristics of limited number of domain agents and to solve the complex computational problems in the current cross-domain authentication process based on identity,an algorithm based on trust for users to cross-domain access information services entity(ISE)resources is proposed.The algorithm adopts a combination of trust and identity-based cryptosystems.The algorithm firstly completes the identity authentication of users in the domain agent,and then judges the trust degree by using the proposed trust judgment method to achieve the purpose of bidirectional authentication,and finally realizes user cross-domain access ISE.The simulation results show that the method of judging trust effectively resists attacks from "malicious"domain agents.Compared with identity-based cross-domain authentication,the scheme based on trust for ISE reduces the amount of calculation and communication cost.
引文
[1]SHAMIR A.Identity-based cryptosystems and signature schemes[C]∥Proc.of the Application of Cryptographic Techniques,1984,21(2):47-53.
[2]罗长远,霍士伟,邢洪智.普适环境中基于身份的跨域认证方案[J].通信学报,2011,32(9):111-122.LUO C Y,HUO S W,XING H Z.Identity-based cross-domain authentication scheme in pervasive computing environments[J].Journal on Communications,2011,32(9):111-122.
[3]LI Y,CHEN W,CAI Z,et al.CAKA:a novel certificatelessbased cross-domain authenticated key agreement protocol for wireless mesh networks[J].Wireless Networks,2016,22(8):1-13.
[4]YUAN C,ZHANG W,Wang X.EIMAKP:heterogeneous crossdomain authenticated key agreement protocols in the EIM System[J].Arabian Journal for Science and Engineering,2017,42(8):3275-3287.
[5]BLAZE M,FEIGENBAUM J,LACY J.Decentralized trust management[C]∥Proc.of the 17th IEEE Symposium on Security and Privacy,1996:164-173.
[6]唐文,陈钟.基于模糊集合理论的主观信任管理模型研究[J].软件学报,2003,14(8):1401-1408.TANG W,CHEN Z.Research of subjective trust management model based on the fuzzy set theory[J].Journal of Software,2003,14(8):1401-1408.
[7]CHANDRAN K,SHANMUGASUDARAM V,SUBRAMANI K.Designing a fuzzy-logic based trust and reputation model for secure resource allocation in cloud computing[J].International Arab Journal of Information Technology,2016,13(1):30-37.
[8]CERUTTI F,TONIOLO A,OREN N,et al.Subjective logic operators in trust assessment:an empirical study[J].Information Systems Frontiers,2015,17(4):743-762.
[9]CHIREGI M,NAVIMIPOUR N J.A new method for trust and reputation evaluation in the cloud environments using the recommendations of opinion leaders’entities and removing the effect of troll entities[J].Computers in Human Behavior,2016,60:280-292.
[10]ZHANG T,YAN L,YANG Y.Trust evaluation method for clustered wireless sensor networks based on cloud model[J].Wireless Networks,2018,24(3):777-797.
[11]YUAN W,GUAN D,LEE Y K,et al.The small-world trust network[J].Applied Intelligence,2011,35(3):399-410.
[12]张绍武,林鸿飞,刘晓霞,等.基于概率的信任传播模型[J].计算机科学,2014,41(8):90-93.ZHANG S W,LIN H F,LIU X X,et al.Trust propagation based on probability[J].Computer Science,2014,41(8):90-93.
[13]LIU X J.An improved clustering-based collaborative filtering recommendation algorithm[J].Cluster Computing,2017,20(2):1281-1288.
[14]YANG B,LEI Y,LIU J,et al.Social collaborative filtering by trust[J].IEEE trans.on Pattern Analysis and Machine Intelligence,2017,39(8):1633-1647.
[15]CHEN R,BAO F,GUO J.Trust-based service management for social internet of things systems[J].IEEE trans.on Dependable and Secure Computing,2016,13(6):684-696.
[16]LIU X,MA W.CDAKA:A provably-secure heterogeneous cross-domain authenticated key agreement protocol with symptoms-matching in TMIS[J].Journal of Medical Systems,2018,42(8):135-149.
[17]袁峰,程朝辉.SM9标识密码算法综述[J].信息安全研究,2016,2(11):1008-1027.YUAN F,CHENG Z H.Overview on SM9identity-based cryptographic algorithm[J].Information Security Research,2016,2(11):1008-1027.
[18]CHOU C H,TSAI K Y,LU C F.Two ID-based authenticated schemes with key agreement for mobile environments[J].The Journal of Supercomputing,2013,66(2):973-988.
[19]KILINC H H,YANIK T.A survey of SIP authentication and key agreement schemes[J].IEEE Communications Surveys&Tutorials,2014,16(2):1005-1023.
[2]罗长远,霍士伟,邢洪智.普适环境中基于身份的跨域认证方案[J].通信学报,2011,32(9):111-122.LUO C Y,HUO S W,XING H Z.Identity-based cross-domain authentication scheme in pervasive computing environments[J].Journal on Communications,2011,32(9):111-122.
[3]LI Y,CHEN W,CAI Z,et al.CAKA:a novel certificatelessbased cross-domain authenticated key agreement protocol for wireless mesh networks[J].Wireless Networks,2016,22(8):1-13.
[4]YUAN C,ZHANG W,Wang X.EIMAKP:heterogeneous crossdomain authenticated key agreement protocols in the EIM System[J].Arabian Journal for Science and Engineering,2017,42(8):3275-3287.
[5]BLAZE M,FEIGENBAUM J,LACY J.Decentralized trust management[C]∥Proc.of the 17th IEEE Symposium on Security and Privacy,1996:164-173.
[6]唐文,陈钟.基于模糊集合理论的主观信任管理模型研究[J].软件学报,2003,14(8):1401-1408.TANG W,CHEN Z.Research of subjective trust management model based on the fuzzy set theory[J].Journal of Software,2003,14(8):1401-1408.
[7]CHANDRAN K,SHANMUGASUDARAM V,SUBRAMANI K.Designing a fuzzy-logic based trust and reputation model for secure resource allocation in cloud computing[J].International Arab Journal of Information Technology,2016,13(1):30-37.
[8]CERUTTI F,TONIOLO A,OREN N,et al.Subjective logic operators in trust assessment:an empirical study[J].Information Systems Frontiers,2015,17(4):743-762.
[9]CHIREGI M,NAVIMIPOUR N J.A new method for trust and reputation evaluation in the cloud environments using the recommendations of opinion leaders’entities and removing the effect of troll entities[J].Computers in Human Behavior,2016,60:280-292.
[10]ZHANG T,YAN L,YANG Y.Trust evaluation method for clustered wireless sensor networks based on cloud model[J].Wireless Networks,2018,24(3):777-797.
[11]YUAN W,GUAN D,LEE Y K,et al.The small-world trust network[J].Applied Intelligence,2011,35(3):399-410.
[12]张绍武,林鸿飞,刘晓霞,等.基于概率的信任传播模型[J].计算机科学,2014,41(8):90-93.ZHANG S W,LIN H F,LIU X X,et al.Trust propagation based on probability[J].Computer Science,2014,41(8):90-93.
[13]LIU X J.An improved clustering-based collaborative filtering recommendation algorithm[J].Cluster Computing,2017,20(2):1281-1288.
[14]YANG B,LEI Y,LIU J,et al.Social collaborative filtering by trust[J].IEEE trans.on Pattern Analysis and Machine Intelligence,2017,39(8):1633-1647.
[15]CHEN R,BAO F,GUO J.Trust-based service management for social internet of things systems[J].IEEE trans.on Dependable and Secure Computing,2016,13(6):684-696.
[16]LIU X,MA W.CDAKA:A provably-secure heterogeneous cross-domain authenticated key agreement protocol with symptoms-matching in TMIS[J].Journal of Medical Systems,2018,42(8):135-149.
[17]袁峰,程朝辉.SM9标识密码算法综述[J].信息安全研究,2016,2(11):1008-1027.YUAN F,CHENG Z H.Overview on SM9identity-based cryptographic algorithm[J].Information Security Research,2016,2(11):1008-1027.
[18]CHOU C H,TSAI K Y,LU C F.Two ID-based authenticated schemes with key agreement for mobile environments[J].The Journal of Supercomputing,2013,66(2):973-988.
[19]KILINC H H,YANIK T.A survey of SIP authentication and key agreement schemes[J].IEEE Communications Surveys&Tutorials,2014,16(2):1005-1023.