本文選題：移動(dòng)安全 + 隱私保護(hù)　； 參考：《北京交通大學(xué)》2014年博士論文

【摘要】：隨著移動(dòng)通信和計(jì)算機(jī)網(wǎng)絡(luò)的飛速發(fā)展,移動(dòng)的無處不在性逐漸成為現(xiàn)實(shí),能夠通過移動(dòng)IP實(shí)現(xiàn)不同無線網(wǎng)絡(luò)之間的無縫漫游,使人們可以隨時(shí)隨地接入網(wǎng)絡(luò)。在移動(dòng)網(wǎng)絡(luò)蓬勃發(fā)展的同時(shí),嚴(yán)峻的安全挑戰(zhàn)也隨之而來。接入認(rèn)證為移動(dòng)網(wǎng)絡(luò)安全提供關(guān)鍵技術(shù)防線,其核心問題是確保用戶安全地接入網(wǎng)絡(luò)。然而受到密碼學(xué)、無線開放性、移動(dòng)注冊等因素的影響,接入認(rèn)證容易遭受各種類型的攻擊。其中隱私攻擊尤為突出,攻擊者能從認(rèn)證交互過程中獲知用戶身份等私密信息,與用戶的隱私保護(hù)愿望相違背。因此,移動(dòng)網(wǎng)絡(luò)接入認(rèn)證的隱私保護(hù)研究對保障移動(dòng)網(wǎng)絡(luò)的整體安全性具有重要意義。 在移動(dòng)網(wǎng)絡(luò)接入認(rèn)證中,簽名有著廣泛應(yīng)用,是實(shí)現(xiàn)隱私保護(hù)的重要技術(shù)之一。在移動(dòng)過程中,漫游認(rèn)證方法是接入認(rèn)證的主要實(shí)現(xiàn)形式,它的設(shè)計(jì)直接關(guān)系到隱私保護(hù)強(qiáng)度。同時(shí)移動(dòng)IP為下一代移動(dòng)網(wǎng)絡(luò)提供全球性移動(dòng)解決方案,其接入認(rèn)證還涉及一個(gè)注冊過程,這使得移動(dòng)注冊認(rèn)證的隱私保護(hù)問題處于特殊地位。因此,本文研究了移動(dòng)網(wǎng)絡(luò)接入認(rèn)證的隱私保護(hù)問題,主要包括簽名算法、漫游認(rèn)證及移動(dòng)注冊認(rèn)證,主要研究成果和創(chuàng)新點(diǎn)如下： 1.提出了一種新的高效無證書聚合簽名算法。簽名是實(shí)現(xiàn)移動(dòng)接入認(rèn)證隱私保護(hù)的重要技術(shù)之一,而無證書聚合簽名解決了證書開銷和密鑰托管問題,且能壓縮多個(gè)簽名為一個(gè),進(jìn)行高效驗(yàn)證,是一種可行的技術(shù)。基于共享狀態(tài)信息機(jī)制,新算法無需進(jìn)行信息交互,聚合簽名只需2個(gè)群元素,聚合驗(yàn)證只需4個(gè)雙線性對,并在普通安全模型下,基于計(jì)算性Diffie-Hellman難題證明了新算法的不可偽造性。對比分析表明新算法在傳輸效率和簽名驗(yàn)證的計(jì)算性能上有明顯優(yōu)勢。 2.提出一種新的高安全性無證書聚合簽名算法。在支持超級簽名查詢的強(qiáng)安全模型下,證明了新算法的不可偽造性,也證明了該算法的高安全性。對比分析表明新算法犧牲一定計(jì)算性能以達(dá)到了更高的安全強(qiáng)度,可以滿足高安全需求的應(yīng)用場景。 3.給出了一種統(tǒng)一的隱私保護(hù)漫游認(rèn)證方法,這個(gè)方法是基于無證書聚合簽名實(shí)現(xiàn)的。新方法在實(shí)際認(rèn)證過程中只需要移動(dòng)節(jié)點(diǎn)和接入服務(wù)器,具有統(tǒng)一性的特點(diǎn),簡化了傳統(tǒng)的三方認(rèn)證。新方法滿足強(qiáng)隱私安全性,尤其是通過預(yù)裝載別名保證了用戶隱匿性和不可追蹤性以及通過頒發(fā)部分私鑰解決了密鑰托管問題,并采用協(xié)議組合邏輯對新方法安全性進(jìn)行了形式化證明,對比分析表明新方法具有更多的安全屬性,提供更高的安全級。新方法設(shè)計(jì)了一種聚合驗(yàn)證機(jī)制,使服務(wù)器能夠批驗(yàn)證多個(gè)簽名,提高了認(rèn)證效率,對比分析表明新方法支持較低的計(jì)算和通信開銷。 4.提出了一種隱私保護(hù)注冊認(rèn)證方法,這種方法基于本地驗(yàn)證撤銷群簽名技術(shù),能夠進(jìn)行撤銷或非撤銷用戶的差別移動(dòng)注冊認(rèn)證。首先,新方法主要應(yīng)用于移動(dòng)IP,可以同時(shí)滿足認(rèn)證、多種攻擊抵御、用戶隱匿、動(dòng)態(tài)撤銷等隱私保護(hù)需求,并基于協(xié)議組合邏輯進(jìn)行了形式化證明,對比分析表明新方法支持更強(qiáng)的安全性。新方法設(shè)計(jì)了并發(fā)機(jī)制,使用戶認(rèn)證和移動(dòng)注冊并發(fā)執(zhí)行,提高了通信效率。其次,除了移動(dòng)IP,新方法也可以應(yīng)用于其它有連接的網(wǎng)絡(luò),尤其是向量網(wǎng),能夠在移動(dòng)時(shí),預(yù)先建立注冊路徑,提前傳遞認(rèn)證參數(shù),進(jìn)一步提高注冊認(rèn)證效率。
[Abstract]:With the rapid development of mobile communication and computer network, the ubiquity of mobile is becoming a reality. It can realize seamless roaming between different wireless networks through mobile IP, so that people can access the network anytime and anywhere. While the mobile network is booming, the severe security challenge is followed. The access authentication is a mobile network. The key problem of the network security is to ensure the security of the network. However, the access authentication is vulnerable to various types of attacks, such as cryptology, wireless openness, and mobile registration. The privacy attacks are particularly prominent, and the attacker can learn the privacy of the user from the authentication interaction. Interest is contrary to the user's desire for privacy protection. Therefore, the study of privacy protection for mobile network access authentication is of great significance for ensuring the overall security of the mobile network.
In mobile network access authentication, the signature is widely used, it is one of the important technologies to realize privacy protection. In the mobile process, the roaming authentication method is the main realization form of the access authentication. Its design is directly related to the privacy protection intensity. At the same time, mobile IP provides a global mobile solution for the next generation mobile network, which is connected to the next generation mobile network Authentication also involves a registration process, which makes the privacy protection of mobile registration authentication in a special position. Therefore, this paper studies the privacy protection of mobile network access authentication, mainly including signature algorithm, roaming authentication and mobile registration authentication, the main research results and innovation points are as follows:
1. a new efficient certificateless aggregation signature algorithm is proposed. Signature is one of the important technologies for realizing privacy protection of mobile access authentication, and certificate free aggregation signature solves certificate overhead and key escrow problem, and it can compress multiple signatures as one and perform efficient verification. It is a feasible technique based on shared state information mechanism. The new algorithm needs no information interaction, the aggregation signature only needs 2 group elements, the aggregation verification only needs 4 bilinear pairs, and under the common security model, the unforgability of the new algorithm is proved based on the computational Diffie-Hellman problem. The comparative analysis shows that the new algorithm has obvious advantages in the transmission efficiency and the signature verification performance.
2. a new high security certificateless aggregation signature algorithm is proposed. Under the strong security model supporting the super signature query, the new algorithm is proved to be non forgery, and the high security of the algorithm is proved. The contrast analysis shows that the new algorithm can achieve higher security strength at the expense of certain computing performance and can meet the high security requirements. Application scene.
3. a unified privacy protection roaming authentication method is presented. This method is based on the certificate free aggregation signature. The new method only needs mobile node and access server in the actual authentication process. It has the characteristics of unity and simplifies the traditional three party authentication. The new method satisfies the strong privacy security, especially by preloading the load. The name guarantees the user's concealment and untraceability and solves the key trusteeship problem by issuing some private keys, and uses the protocol combination logic to formally prove the security of the new method. The contrast analysis shows that the new method has more security properties and provides higher security level. It enables the server to batch verify multiple signatures and improve the authentication efficiency. Comparative analysis shows that the new method supports lower computation and communication overhead.
4. a new method of privacy protection registration authentication is proposed. This method is based on local verification of revocation of group signature technology and can carry out revocation or non revoking users' differential mobile registration authentication. First, the new method is mainly applied to mobile IP, which can meet the requirements of privacy protection, such as authentication, multiple attacks, concealment, dynamic revocation and so on. A formal proof based on protocol combination logic is carried out, and the contrast analysis shows that the new method supports stronger security. The new method designs concurrent mechanism, uses user authentication and mobile registration to execute concurrent execution, and improves communication efficiency. Secondly, in addition to mobile IP, the new method can also be applied to other connected networks, especially vector networks. When moving, the registration path is pre established, and the authentication parameters are passed ahead of schedule to further improve the efficiency of registration and authentication.
【學(xué)位授予單位】：北京交通大學(xué)
【學(xué)位級別】：博士
【學(xué)位授予年份】：2014
【分類號】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前9條

1 田子建,王繼林,伍云霞;一個(gè)動(dòng)態(tài)的可追蹤匿名認(rèn)證方案[J];電子與信息學(xué)報(bào);2005年11期

2 彭華熹;;一種基于身份的多信任域認(rèn)證模型[J];計(jì)算機(jī)學(xué)報(bào);2006年08期

3 田野;張玉軍;張瀚文;李忠誠;;移動(dòng)IPv6網(wǎng)絡(luò)基于身份的層次化接入認(rèn)證機(jī)制[J];計(jì)算機(jī)學(xué)報(bào);2007年06期

4 范永健;陳紅;張曉瑩;;無線傳感器網(wǎng)絡(luò)數(shù)據(jù)隱私保護(hù)技術(shù)[J];計(jì)算機(jī)學(xué)報(bào);2012年06期

5 陸海軍;于秀源;謝琪;;可證安全的常數(shù)長度無證書聚合簽名方案[J];上海交通大學(xué)學(xué)報(bào);2012年02期

6 彭春江,沈金龍;移動(dòng)IP安全性分析與研究[J];中國數(shù)據(jù)通信;2002年12期

7 朱建明,馬建峰;一種高效的具有用戶匿名性的無線認(rèn)證協(xié)議[J];通信學(xué)報(bào);2004年06期

8 周濤;徐靜;;改進(jìn)的基于漫游場景的認(rèn)證密鑰交換協(xié)議[J];通信學(xué)報(bào);2009年S2期

9 姜奇;馬建峰;李光松;劉宏月;;基于身份的異構(gòu)無線網(wǎng)絡(luò)匿名漫游協(xié)議[J];通信學(xué)報(bào);2010年10期

相關(guān)博士學(xué)位論文 前4條

1 侯惠芳;異構(gòu)無線融合網(wǎng)絡(luò)中的認(rèn)證技術(shù)研究[D];解放軍信息工程大學(xué);2010年

2 李亞暉;異構(gòu)無線網(wǎng)絡(luò)安全協(xié)議研究[D];西安電子科技大學(xué);2009年

3 宋梅;未來移動(dòng)通信系統(tǒng)中多網(wǎng)絡(luò)融合的關(guān)鍵技術(shù)研究[D];北京郵電大學(xué);2009年

4 劉雪峰;隱私安全協(xié)議研究[D];西安電子科技大學(xué);2013年

，

本文編號：2116897