可监管匿名认证方案
|
摘要
随着互联网中隐私保护技术的发展,身份认证已成为保护计算机系统和数据安全的一道重要屏障.然而,信息技术的快速发展使传统身份认证手段暴露出一些弊端,例如,区块链技术的兴起对身份认证提出了更高的要求,在认证身份的同时需要保护用户的身份隐私等.采用匿名认证技术可解决用户身份隐私泄露的问题,但目前大多数方案未考虑可监管的问题,一旦用户出现不诚信行为,很难进行追责,因此,需要在匿名认证过程中建立监管机制.针对以上问题和需求,主要设计了一种可监管的匿名认证方案,通过匿名证书的方式确定用户的资源访问权限和使用权限,同时,用户在出示证书时可选择性地出示属性,确保用户的隐私信息不过度暴露;此外,方案中引入监管机制,可信中心(CA)对匿名认证过程进行监管,一旦出现欺诈行为,可对相关责任人进行追责.该方案主要采用安全的密码学算法构建,并通过了安全性的分析证明,能够高效实现可监管的匿名身份认证,适宜在区块链(联盟链)和其他具有匿名认证需求和可监管需求的系统中使用.
With the development of the privacy protection technology of the Internet, identity authentication has been a guardian of data andcomputer system. However, there exists some weaknesses in traditional identity authentication technology asit does notmeet requirements of the new information technology, i.e., the rise of the blockchain has raised higher requirements for identity authentication and it not only needs to identify different users but also has the necessary to protect the privacy of the users. Anonymous authentication technology is a method to protect users' privacy hiding, but most existing schemes do not supporta proper supervision mechanism. Once a user is dishonest, it is difficult to trackits real identity. Therefore, it is necessary to establish a regulatory mechanism in the process of anonymous authentication. In this study, a supervised anonymous authentication scheme is proposed to solve above problems. On the one hand, access rights are provided for users by anonymous credentials, and users can selectively exposetheir attributes when they need to present their credentials. In this way, it can assure that users' information is under protection. On the other hand, a regulatory mechanism is introduced in anonymous authentication, which can track the real identity when cheating occurs.The supervised anonymous authentication scheme is constructed by secure cryptographic schemes and it is proved to be semantic secure. The proposed scheme is efficient and can be applied toconsortium blockchain and other supervised anonymous authentication systems.
With the development of the privacy protection technology of the Internet, identity authentication has been a guardian of data andcomputer system. However, there exists some weaknesses in traditional identity authentication technology asit does notmeet requirements of the new information technology, i.e., the rise of the blockchain has raised higher requirements for identity authentication and it not only needs to identify different users but also has the necessary to protect the privacy of the users. Anonymous authentication technology is a method to protect users' privacy hiding, but most existing schemes do not supporta proper supervision mechanism. Once a user is dishonest, it is difficult to trackits real identity. Therefore, it is necessary to establish a regulatory mechanism in the process of anonymous authentication. In this study, a supervised anonymous authentication scheme is proposed to solve above problems. On the one hand, access rights are provided for users by anonymous credentials, and users can selectively exposetheir attributes when they need to present their credentials. In this way, it can assure that users' information is under protection. On the other hand, a regulatory mechanism is introduced in anonymous authentication, which can track the real identity when cheating occurs.The supervised anonymous authentication scheme is constructed by secure cryptographic schemes and it is proved to be semantic secure. The proposed scheme is efficient and can be applied toconsortium blockchain and other supervised anonymous authentication systems.
引文
[1]I’Anson C,Mitchell CJ.Security defects in CCITT recommendation X.509:The directory authentication framework.ACMSIGCOMM Computer Communication Review,1990,20(2):30-34.[doi:10.1145378570.378623]
[2]Lyons-Burke K.Federal agency use of public key technology for digital signatures and authentication.ADA393324.2000.
[3]Weinshall D.Cognitive authentication schemes safe against spyware(short paper).In:Proc.of the IEEE Symp.on Security and Privacy.IEEE Computer Society,2006.295-300.[doi:10.1109/SP.2006.10]
[4]Tsai CS,Lee CC,Hwang MS.Password authentication schemes:Current status and key issues.Int’l Journal of Network Security,2006,3(2):101-115.
[5]Tian XJ,Zhu RW,Wong DS.Improved efficient remote user authentication schemes.Int’l Journal of Network Security,2007,4(2):149-154.[doi:10.6633/IJNS.200703.4(2).04]
[6]Camenisch J,Lysyanskaya A.Signature schemes and anonymous credentials from bilinear maps.In:Proc.of the Crypto 2004.2004.56-72.[doi:10.1007/978-3-540-28628-8_4]
[7]Dan B,Boyen X,Shacham H.Short group signatures.In:Proc.of the Advances in Cryptology-CRYPTO 2004.Berlin,Heidelberg:Springer-Verlag,2004.41-55.[doi:10.1007/978-3-540-28628-8_3]
[8]Man HA,Susilo W,Yi M,Sherman SMC.Constant-Size dynamic k-times anonymous authentication.IEEE Systems Journal,2013,7(2):249-261.[doi:10.1109/JSYST.2012.2221931]
[9]Camenisch J,Dubovitskaya M,Robert RE.Concepts and languages for privacy-preserving attribute-based authentication.Journal of Information Security and Applications,2014,19(1):25-44.[doi:10.1016/j.jisa.2014.03.004]
[10]Camenisch J,Drijvers M,Lehmann A.Anonymous attestation using the strong diffie hellman assumption revisited.In:Proc.of the Int’l Conf.on Trust and Trustworthy Computing.Springer Int’l Publishing,2016.1-20.[doi:10.1007/978-3-319-45572-3_1]
[11]Camenisch J.Specification of the Identity Mixer Cryptographic Library,Version 2.3.1.2010.1-49.
[12]Camenisch J,Lysyanskaya A.A signature scheme with efficient protocols.In:Proc.of the Int’l Conf.on Security in Communication Networks.Berlin,Heidelberg:Springer-Verlag,2002.268-289.[doi:10.1007/3-540-36413-7_20]
[13]Wang ZH,Han Z,Liu JQ,Zhang DW,Chang L.ID authentication scheme based on PTPM and certificateless public key cryptography in cloud environment.Ruan Jian Xue Bao/Journal of Software,2016,27(6):1523-1537(in Chinese with English abstract).http://www.jos.org.cn/1000-9825/4992.htm[doi:10.13328/j.cnki.jos.004992]
[14]Wang D,Li WT,Wang P.Crytanalysis of Three Anonymous Authentication Schemes for Multi-Server Environment.Ruan Jian Xue Bao/Journal of Software,2018,29(7):1937-1952(in Chinese with English abstract).http://www.jos.org.cn/1000-9825/5361.htm[doi:10.13328/j.cnki.jos.005361]
[15]Chaum D,Van Heyst E.Group signatures.In:Proc.of the Advances in Cryptology-EUROCRYPT’91.LNCS 547,SpringerVerlag,1991.257-265.[doi:10.1007/3-540-46416-6_22]
[16]Bellare M,Micciancio D,Warinschi B.Foundations of group signatures:Formal definitions,simplified requirements,and a construction based on general assumptions.In:Proc.of the Advances in Cryptology-EUROCRYPT 2003.Warsaw,2003.614-629.[doi:10.1007/3-540-39200-9_38]
[17]Goldwasser S,Micali S,Rackoff C.The knowledge complexity of interactive proof systems.In:Proc.of the 17th ACM Symp.on Theory of Computing.1985.291-304.[doi:10.1145/22145.22178]
[18]Fiat A,Shamir A.How to prove yourself:Practical solutions to identification and signature problems.In:Proc.of the Conf.on the Theory and Application of Cryptographic Techniques.Berlin,Heidelberg:Springer-Verlag,1986.186-194.[doi:10.1007/3-540-47721-7_12]
[13]王中华,韩臻,刘吉强,张大伟,常亮.云环境下基于PTPM和无证书公钥的身份认证方案.软件学报,2016,27(6):1523-1537.http://www.jos.org.cn/1000-9825/4992.htm[doi:10.13328/j.cnki.jos.004992]
[14]汪定,李文婷,王平.对三个多服务器环境下匿名认证协议的分析.软件学报,2018,29(7):1937-1952.http://www.jos.org.cn/1000-9825/5361.htm[doi:10.13328/j.cnki.jos.005361]
[2]Lyons-Burke K.Federal agency use of public key technology for digital signatures and authentication.ADA393324.2000.
[3]Weinshall D.Cognitive authentication schemes safe against spyware(short paper).In:Proc.of the IEEE Symp.on Security and Privacy.IEEE Computer Society,2006.295-300.[doi:10.1109/SP.2006.10]
[4]Tsai CS,Lee CC,Hwang MS.Password authentication schemes:Current status and key issues.Int’l Journal of Network Security,2006,3(2):101-115.
[5]Tian XJ,Zhu RW,Wong DS.Improved efficient remote user authentication schemes.Int’l Journal of Network Security,2007,4(2):149-154.[doi:10.6633/IJNS.200703.4(2).04]
[6]Camenisch J,Lysyanskaya A.Signature schemes and anonymous credentials from bilinear maps.In:Proc.of the Crypto 2004.2004.56-72.[doi:10.1007/978-3-540-28628-8_4]
[7]Dan B,Boyen X,Shacham H.Short group signatures.In:Proc.of the Advances in Cryptology-CRYPTO 2004.Berlin,Heidelberg:Springer-Verlag,2004.41-55.[doi:10.1007/978-3-540-28628-8_3]
[8]Man HA,Susilo W,Yi M,Sherman SMC.Constant-Size dynamic k-times anonymous authentication.IEEE Systems Journal,2013,7(2):249-261.[doi:10.1109/JSYST.2012.2221931]
[9]Camenisch J,Dubovitskaya M,Robert RE.Concepts and languages for privacy-preserving attribute-based authentication.Journal of Information Security and Applications,2014,19(1):25-44.[doi:10.1016/j.jisa.2014.03.004]
[10]Camenisch J,Drijvers M,Lehmann A.Anonymous attestation using the strong diffie hellman assumption revisited.In:Proc.of the Int’l Conf.on Trust and Trustworthy Computing.Springer Int’l Publishing,2016.1-20.[doi:10.1007/978-3-319-45572-3_1]
[11]Camenisch J.Specification of the Identity Mixer Cryptographic Library,Version 2.3.1.2010.1-49.
[12]Camenisch J,Lysyanskaya A.A signature scheme with efficient protocols.In:Proc.of the Int’l Conf.on Security in Communication Networks.Berlin,Heidelberg:Springer-Verlag,2002.268-289.[doi:10.1007/3-540-36413-7_20]
[13]Wang ZH,Han Z,Liu JQ,Zhang DW,Chang L.ID authentication scheme based on PTPM and certificateless public key cryptography in cloud environment.Ruan Jian Xue Bao/Journal of Software,2016,27(6):1523-1537(in Chinese with English abstract).http://www.jos.org.cn/1000-9825/4992.htm[doi:10.13328/j.cnki.jos.004992]
[14]Wang D,Li WT,Wang P.Crytanalysis of Three Anonymous Authentication Schemes for Multi-Server Environment.Ruan Jian Xue Bao/Journal of Software,2018,29(7):1937-1952(in Chinese with English abstract).http://www.jos.org.cn/1000-9825/5361.htm[doi:10.13328/j.cnki.jos.005361]
[15]Chaum D,Van Heyst E.Group signatures.In:Proc.of the Advances in Cryptology-EUROCRYPT’91.LNCS 547,SpringerVerlag,1991.257-265.[doi:10.1007/3-540-46416-6_22]
[16]Bellare M,Micciancio D,Warinschi B.Foundations of group signatures:Formal definitions,simplified requirements,and a construction based on general assumptions.In:Proc.of the Advances in Cryptology-EUROCRYPT 2003.Warsaw,2003.614-629.[doi:10.1007/3-540-39200-9_38]
[17]Goldwasser S,Micali S,Rackoff C.The knowledge complexity of interactive proof systems.In:Proc.of the 17th ACM Symp.on Theory of Computing.1985.291-304.[doi:10.1145/22145.22178]
[18]Fiat A,Shamir A.How to prove yourself:Practical solutions to identification and signature problems.In:Proc.of the Conf.on the Theory and Application of Cryptographic Techniques.Berlin,Heidelberg:Springer-Verlag,1986.186-194.[doi:10.1007/3-540-47721-7_12]
[13]王中华,韩臻,刘吉强,张大伟,常亮.云环境下基于PTPM和无证书公钥的身份认证方案.软件学报,2016,27(6):1523-1537.http://www.jos.org.cn/1000-9825/4992.htm[doi:10.13328/j.cnki.jos.004992]
[14]汪定,李文婷,王平.对三个多服务器环境下匿名认证协议的分析.软件学报,2018,29(7):1937-1952.http://www.jos.org.cn/1000-9825/5361.htm[doi:10.13328/j.cnki.jos.005361]