语义远程认证的研究
|
摘要
在计算机技术与网络通信技术飞速发展的今天,政府机构、企事业单位、各种组织以及个人对计算机和网络的依赖变得越来越强,计算机与网络的应用已经渗透到政治、经济、社会、教育和军事等几乎所有领域的各种业务流程之中。但与此同时,计算机病毒、木马和黑客的攻击也使我们认识到现有计算机网络系统是十分脆弱的,而且这种脆弱性可能造成的损失也是不可估量的。
各种网络应用尤其是电子商务的发展对安全提出了更高的要求,需要系统能够在极高程度上保证其真实性、完整性、保密性、有效性和拒绝否认性等。现有的计算机安全思想只是通过在PC机与外界网络之间增加一些安全层次,如口令、加密等等,但这些都属于一种被动的方案,而且这些层次的基础如操作系统和硬件等可能本身就存在致命的漏洞。事实证明,这种思路只能是临时解决部分问题,并且解决的程度无法令人满意。因此,TCG(Trusted ComputingGroup,可信计算组织)提出了可信计算的概念,这是一种新的计算平台,在软硬件上都做出了相应的规定,其目标是在整个计算设施中建立起一个比较完善的验证体系,来提升整个计算体系的安全性。
在这个验证体系中,确保每个端点机的安全之后,不可避免的要在端点机之间进行网络连接以便完成网络行为,此时便需要使用计算平台中的远程认证。然而,传统的远程认证方法存在很多的显而易见的问题,它们是静态的、只进行一次性的认证,而且它们可能仅仅针对身份进行验证,这种方法其实是基于信任而不是基于行为。谁也无法确信拥有合法身份的端点就不会做出危害系统的行为,因为端点的程序很可能已经被篡改,而且这个合法的身份也很可能早已被恶意的实体所窃取。
针对传统远程认证所存在的这些问题,参考了TCG所定义的关于网络连接的TNC架构(TCG Network Connect Architecture,TCG网络连接架构),设计出了一个基于客户/服务器模式的认证模型,这个模型当中的认证是动态的,它要进行持续的认证而并不是仅仅在初次连接时认证一次,而且它还对客户端的各个方面都进行安全性的评估,还时刻监视端点的行为,称之为语义远程认证。为了实现其通用的特性,采用当前最流行的独立于各种操作系统的Java虚拟机来作为平台。而且,这个模型虽然是参考自可信计算中的TNC架构,但其不仅仅可以运用于可信计算平台,而也可以应用于当前仍占主流的非可信计算平台。
With the rapid development of computer technologies and network communications, the government, enterprises, institutions, various organizations and the individuals depend on the network more and more frequently, the applications of computer and network have been permeated into all kinds of fields such as politics, economy, society, education and military affairs. Meanwhile, all kinds of attacks such as computer virus, Trojan Programs and hackers attacks have made current computer network systems very vulnerable. And the loss caused by malicious behavior is immeasurable.
The development of network application especially in electronic commerce has challenging network security mechanism. It becomes very necessary to keep network systems authentic, integrated, confidential, valid, rejecting-negative and so on. The current computer security ideology belongs to a kind of static mechanism which joins some security layers between PC and external networks such as password and encryption. The foundations of those security layers like operation systems and hardware systems are very vulnerable. It has been proved that the current security mechanism which couldn't solve all kinds of security problems permanently is not very satisfying. So TCG(Trusted Computing Group) advances the conception of Trusted Computing and constitutes relevant regulations about software implementation and hardware platform. Trusted Computing belongs to a kind of computer platform and its objective is that building up a perfect verification system to enhance the security of computer system.
In this verification system, remote communication between two hosts is necessary to implement network connections besides ensuring each host secure. Considering the communication security among hosts, remote authentication will be needed. Traditional remote authentication possesses of many obvious problems. For example, the authentication will be done only to identity and only once. And it belongs to a kind of static authentication and is implemented based on trust in hosts rather than in behavior. Because it is very possible that the programs in terminal hosts have been juggled and the legitimate identity has been filched by malicious entity, making sure that terminal hosts with legitimate identity will never damage to target systems becomes very impossible.
In order to make up the defect of traditional authentication, an authentication structure based on client/server is produced according to network connection TNC defined by TCG. In this authentication structure, all authentications are dynamic and consistent. Other than verifying once at the beginning of connections, it will evaluate each aspect of terminal host related to security and monitor the behaviors of terminal host. This new authentication structure is called Semantic Remote Authentication. In order to make it universal, the most popular Java Virtual Machine is adopted as the development platform which is independent to operation system. Moreover, Semantic Remote Authentication is not only useful on the platform of Trusted Computing but also useful on the platform of Untrusty Computing.
各种网络应用尤其是电子商务的发展对安全提出了更高的要求,需要系统能够在极高程度上保证其真实性、完整性、保密性、有效性和拒绝否认性等。现有的计算机安全思想只是通过在PC机与外界网络之间增加一些安全层次,如口令、加密等等,但这些都属于一种被动的方案,而且这些层次的基础如操作系统和硬件等可能本身就存在致命的漏洞。事实证明,这种思路只能是临时解决部分问题,并且解决的程度无法令人满意。因此,TCG(Trusted ComputingGroup,可信计算组织)提出了可信计算的概念,这是一种新的计算平台,在软硬件上都做出了相应的规定,其目标是在整个计算设施中建立起一个比较完善的验证体系,来提升整个计算体系的安全性。
在这个验证体系中,确保每个端点机的安全之后,不可避免的要在端点机之间进行网络连接以便完成网络行为,此时便需要使用计算平台中的远程认证。然而,传统的远程认证方法存在很多的显而易见的问题,它们是静态的、只进行一次性的认证,而且它们可能仅仅针对身份进行验证,这种方法其实是基于信任而不是基于行为。谁也无法确信拥有合法身份的端点就不会做出危害系统的行为,因为端点的程序很可能已经被篡改,而且这个合法的身份也很可能早已被恶意的实体所窃取。
针对传统远程认证所存在的这些问题,参考了TCG所定义的关于网络连接的TNC架构(TCG Network Connect Architecture,TCG网络连接架构),设计出了一个基于客户/服务器模式的认证模型,这个模型当中的认证是动态的,它要进行持续的认证而并不是仅仅在初次连接时认证一次,而且它还对客户端的各个方面都进行安全性的评估,还时刻监视端点的行为,称之为语义远程认证。为了实现其通用的特性,采用当前最流行的独立于各种操作系统的Java虚拟机来作为平台。而且,这个模型虽然是参考自可信计算中的TNC架构,但其不仅仅可以运用于可信计算平台,而也可以应用于当前仍占主流的非可信计算平台。
With the rapid development of computer technologies and network communications, the government, enterprises, institutions, various organizations and the individuals depend on the network more and more frequently, the applications of computer and network have been permeated into all kinds of fields such as politics, economy, society, education and military affairs. Meanwhile, all kinds of attacks such as computer virus, Trojan Programs and hackers attacks have made current computer network systems very vulnerable. And the loss caused by malicious behavior is immeasurable.
The development of network application especially in electronic commerce has challenging network security mechanism. It becomes very necessary to keep network systems authentic, integrated, confidential, valid, rejecting-negative and so on. The current computer security ideology belongs to a kind of static mechanism which joins some security layers between PC and external networks such as password and encryption. The foundations of those security layers like operation systems and hardware systems are very vulnerable. It has been proved that the current security mechanism which couldn't solve all kinds of security problems permanently is not very satisfying. So TCG(Trusted Computing Group) advances the conception of Trusted Computing and constitutes relevant regulations about software implementation and hardware platform. Trusted Computing belongs to a kind of computer platform and its objective is that building up a perfect verification system to enhance the security of computer system.
In this verification system, remote communication between two hosts is necessary to implement network connections besides ensuring each host secure. Considering the communication security among hosts, remote authentication will be needed. Traditional remote authentication possesses of many obvious problems. For example, the authentication will be done only to identity and only once. And it belongs to a kind of static authentication and is implemented based on trust in hosts rather than in behavior. Because it is very possible that the programs in terminal hosts have been juggled and the legitimate identity has been filched by malicious entity, making sure that terminal hosts with legitimate identity will never damage to target systems becomes very impossible.
In order to make up the defect of traditional authentication, an authentication structure based on client/server is produced according to network connection TNC defined by TCG. In this authentication structure, all authentications are dynamic and consistent. Other than verifying once at the beginning of connections, it will evaluate each aspect of terminal host related to security and monitor the behaviors of terminal host. This new authentication structure is called Semantic Remote Authentication. In order to make it universal, the most popular Java Virtual Machine is adopted as the development platform which is independent to operation system. Moreover, Semantic Remote Authentication is not only useful on the platform of Trusted Computing but also useful on the platform of Untrusty Computing.
引文
[1] Trusted Computing Group(TCG), TCG Specification Architecture Overview Specification Revisionl. 2, 28 April 2004, pp. 2-4
[2] Jerome H. SMtzer and Michael D. Schroeder, The protection of information in computer systems, Proceedings of the IEEE, 63(9), September 1975, pp. 1278-1308
[3] Trusted Computing Group(TCG), TCG Infrastructure Working Group Security Qualities Schema Specification Specification Version 1.0 Revision 1.0, 17 November 2006 FINAL, pp. 10-14
[4] Trusted Computing Group(TCG), TPM Main Part 1 Design Principles Specification Version1.2 revision94, 29 Match 2006, pp. 16-26
[5] Trusted Computing Group(TCG), TPM Main Part 2 TPM Structures Specification Version1.2 revision94, 29 Match 2006: pp. 65-77
[6] Trusted Computing Group(TCG), TCG Software Stack (TSS) Specification Version 1.2, 6 January 2006: 29-30
[7] Carlisle Adams, Steve Lloyd,公开密钥基础设施一概念、标准和实施,北京:人民邮电出版社,2001,pp.3-98
[8] 陈云,高静,邓亚平,Kerberos认证协议的研究及其优化,重庆邮电学院学报(自然科学版),2006,1,pp.206-209
[9] Honslev. R., Polk, T. Planninn for PKI: Best Practices Guide for Deployinn Public Key Infrastructure. John Wiley and Son, 2001
[10] W Diffie, ME Hellman. New Directions in Cryptography, I EEE Trans. on. Info. Theory, 1976. 22(11), pp. 644-654
[11] 张丽娜,张家宏,陈建华,智能卡中RSA密钥生成的比较与研究,计算机应用,2006,26(6),PP.149-150
[12] Dillon Andrew, Scary messages and content creep: It's all in a daily digest, Bulletin of the American Society for Information Science and Technology, 2004, 31(1), pp. 28
[13] Stapleton Jeff, Doyle Paul, Esquire Steven Teppler, The digital signature paradox, Proceedings from the 6th Annual IEEE System, Man and Cybernetics Information Assurance Workshop, SMC 2005, 2005, pp. 456-457
[14] 梅云红,数字证书与网络安全,计算机与网络,2005,5,pp.43-45
[15] Tian Ye, Zhang Yujun, Li Zhongcheng, A survey of identity-based cryptography using pairing, Jisuanji Yanjiu yu Fazhan/Computer Research and Development, 2006, 43(10), pp.1810-1819
[16] Zhang Jian, Hu Cheng-Quan, Sun Ji-Gui, Ma Chun-Wang, Qi Hong, Research on PMI based on PKI, Jisuanji Jicheng Zhizao Xitong/Computer Integrated Manufacturing Systems, CIMS, 2005, 11 (6), pp. 881-884
[17] Chia Hsing Tung, Yi Quan Chen, Zhi Mou Chen, Shuoh Ren Tsai, Implementation of security mechanism for Adhoc wireless networks based on X.509 and IEEE 802.1X, Proceedings - IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing, 2006, 2, pp. 562-563
[18] 汪同庆,鲁军,华晋,倪水平,基于MD5算法和Schnorr协议的双因素身份认证系统,计算机应用研究,2004.12:PP.137-139
[19] 王同洋,李敏,吴俊军,基于多因素的网络身份认证,计算机应用与软件,2005,22(6),PP.100-104
[20] 张亮,指纹识别式鼠标,重庆:重庆大学学报,2002,2,PP.139-142
[21] 张金颖,郑宇,路献辉,何大可,基于智能卡和指纹的动态口令鉴别方案,计算机应用,2005,11,pp.2554-2556
[22] 李中献,詹榜华,杨义先,认证理论与技术的发展,电子学报,1999,27(1),pp.98-102
[23] 鲁军,汪同庆,任莉,身份认证系统的设计与实现,网络安全技术与应用,2004,2,ppt.24-26
[24] 卢开澄,计算机密码学,北京:清华大学出版社,2003,12,pp.215-226
[25] Trusted Computing Group(TCG), TCG Trusted Network Connect TNC Architecture for Interoperability Specification Version 1.1 Revision 2, 1 May 2006, pp. 10-16
[26] Trusted Computing Group(TCG), TCG Infrastructure Working Group Reference Architecture for Interoperability (Part Ⅰ) Specification Version 1.0 Revision 1, 16 June 2005, pp. 56-65
[27] Trusted Computing Group(TCG), TCG Trusted Network Connect TNC IF-IMC Specification Version 1.2 Revision 8 ,5 February 2007, pp. 16-32
[28] Trusted Computing Group(TCG), TCG Trusted Network Connect TNC IF-IMV Specification Version 1.2 Revision 8 ,5 February 2007, pp. 18-40
[29] Burdy Lilian, Pavlova Mariela, Java bytecode specification and verification, Proceedings of the ACM Symposium on Applied Computing. 2006, 2, pp.1835-1839
[30] Orlando, Salvatore, Russo, Stefano, Java virtual machine monitoring for dependability benchmarking, Proceedings - Ninth IEEE International Symposium on Object-Oriented Real-Time Distributed Computing, ISORC 2006, 2006, pp.433-440
[31] Tregar, Sam, Perl,VMWare,and virtual solutions, Dr. Dobb's Journal, January 2005, 30(1), pp.60-64
[32] Goesele Michael, Lensch Hendrik P.A., Lang Jochen, Fuchs Christian, Seidel Hans-Peter, DISCO-Acquisition of translucent objects, ACM Transactions on Graphics-Proceedings of ACM SIGGRAPH 2004, 2004, 23(4), pp.835-844
[33] Mousavi, MohammadReza, On the role of abstract non-interference in language-based security, Department of Computer Science, 2005, 3780, pp.418-433
[34] Mousavi, MohammadReza, Towards SOS Meta-Theory for Language-Based Security, Department of Computer Science, 2006, 162(1), pp.267-271
[2] Jerome H. SMtzer and Michael D. Schroeder, The protection of information in computer systems, Proceedings of the IEEE, 63(9), September 1975, pp. 1278-1308
[3] Trusted Computing Group(TCG), TCG Infrastructure Working Group Security Qualities Schema Specification Specification Version 1.0 Revision 1.0, 17 November 2006 FINAL, pp. 10-14
[4] Trusted Computing Group(TCG), TPM Main Part 1 Design Principles Specification Version1.2 revision94, 29 Match 2006, pp. 16-26
[5] Trusted Computing Group(TCG), TPM Main Part 2 TPM Structures Specification Version1.2 revision94, 29 Match 2006: pp. 65-77
[6] Trusted Computing Group(TCG), TCG Software Stack (TSS) Specification Version 1.2, 6 January 2006: 29-30
[7] Carlisle Adams, Steve Lloyd,公开密钥基础设施一概念、标准和实施,北京:人民邮电出版社,2001,pp.3-98
[8] 陈云,高静,邓亚平,Kerberos认证协议的研究及其优化,重庆邮电学院学报(自然科学版),2006,1,pp.206-209
[9] Honslev. R., Polk, T. Planninn for PKI: Best Practices Guide for Deployinn Public Key Infrastructure. John Wiley and Son, 2001
[10] W Diffie, ME Hellman. New Directions in Cryptography, I EEE Trans. on. Info. Theory, 1976. 22(11), pp. 644-654
[11] 张丽娜,张家宏,陈建华,智能卡中RSA密钥生成的比较与研究,计算机应用,2006,26(6),PP.149-150
[12] Dillon Andrew, Scary messages and content creep: It's all in a daily digest, Bulletin of the American Society for Information Science and Technology, 2004, 31(1), pp. 28
[13] Stapleton Jeff, Doyle Paul, Esquire Steven Teppler, The digital signature paradox, Proceedings from the 6th Annual IEEE System, Man and Cybernetics Information Assurance Workshop, SMC 2005, 2005, pp. 456-457
[14] 梅云红,数字证书与网络安全,计算机与网络,2005,5,pp.43-45
[15] Tian Ye, Zhang Yujun, Li Zhongcheng, A survey of identity-based cryptography using pairing, Jisuanji Yanjiu yu Fazhan/Computer Research and Development, 2006, 43(10), pp.1810-1819
[16] Zhang Jian, Hu Cheng-Quan, Sun Ji-Gui, Ma Chun-Wang, Qi Hong, Research on PMI based on PKI, Jisuanji Jicheng Zhizao Xitong/Computer Integrated Manufacturing Systems, CIMS, 2005, 11 (6), pp. 881-884
[17] Chia Hsing Tung, Yi Quan Chen, Zhi Mou Chen, Shuoh Ren Tsai, Implementation of security mechanism for Adhoc wireless networks based on X.509 and IEEE 802.1X, Proceedings - IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing, 2006, 2, pp. 562-563
[18] 汪同庆,鲁军,华晋,倪水平,基于MD5算法和Schnorr协议的双因素身份认证系统,计算机应用研究,2004.12:PP.137-139
[19] 王同洋,李敏,吴俊军,基于多因素的网络身份认证,计算机应用与软件,2005,22(6),PP.100-104
[20] 张亮,指纹识别式鼠标,重庆:重庆大学学报,2002,2,PP.139-142
[21] 张金颖,郑宇,路献辉,何大可,基于智能卡和指纹的动态口令鉴别方案,计算机应用,2005,11,pp.2554-2556
[22] 李中献,詹榜华,杨义先,认证理论与技术的发展,电子学报,1999,27(1),pp.98-102
[23] 鲁军,汪同庆,任莉,身份认证系统的设计与实现,网络安全技术与应用,2004,2,ppt.24-26
[24] 卢开澄,计算机密码学,北京:清华大学出版社,2003,12,pp.215-226
[25] Trusted Computing Group(TCG), TCG Trusted Network Connect TNC Architecture for Interoperability Specification Version 1.1 Revision 2, 1 May 2006, pp. 10-16
[26] Trusted Computing Group(TCG), TCG Infrastructure Working Group Reference Architecture for Interoperability (Part Ⅰ) Specification Version 1.0 Revision 1, 16 June 2005, pp. 56-65
[27] Trusted Computing Group(TCG), TCG Trusted Network Connect TNC IF-IMC Specification Version 1.2 Revision 8 ,5 February 2007, pp. 16-32
[28] Trusted Computing Group(TCG), TCG Trusted Network Connect TNC IF-IMV Specification Version 1.2 Revision 8 ,5 February 2007, pp. 18-40
[29] Burdy Lilian, Pavlova Mariela, Java bytecode specification and verification, Proceedings of the ACM Symposium on Applied Computing. 2006, 2, pp.1835-1839
[30] Orlando, Salvatore, Russo, Stefano, Java virtual machine monitoring for dependability benchmarking, Proceedings - Ninth IEEE International Symposium on Object-Oriented Real-Time Distributed Computing, ISORC 2006, 2006, pp.433-440
[31] Tregar, Sam, Perl,VMWare,and virtual solutions, Dr. Dobb's Journal, January 2005, 30(1), pp.60-64
[32] Goesele Michael, Lensch Hendrik P.A., Lang Jochen, Fuchs Christian, Seidel Hans-Peter, DISCO-Acquisition of translucent objects, ACM Transactions on Graphics-Proceedings of ACM SIGGRAPH 2004, 2004, 23(4), pp.835-844
[33] Mousavi, MohammadReza, On the role of abstract non-interference in language-based security, Department of Computer Science, 2005, 3780, pp.418-433
[34] Mousavi, MohammadReza, Towards SOS Meta-Theory for Language-Based Security, Department of Computer Science, 2006, 162(1), pp.267-271