本文選題：可信計算 + 可信計算模塊　； 參考：《北京交通大學(xué)》2016年碩士論文

【摘要】：伴隨數(shù)字時代的到來,電子商務(wù)、電子政務(wù)、網(wǎng)絡(luò)購物、網(wǎng)絡(luò)社交等越來越多的應(yīng)用在網(wǎng)絡(luò)上廣泛展開,計算機(jī)與網(wǎng)絡(luò)已滲透到社會的各個領(lǐng)域,越來越深入我們的生活,并成為普通民眾日常生活中的重要組成部分。大數(shù)據(jù)時代的到來似乎將為人類帶來更多的便捷,但是大數(shù)據(jù)對網(wǎng)絡(luò)隱私的負(fù)面影響逐漸引起了更多的人們思考�？尚庞嬎�(Trusted Computing,TC)技術(shù)是由可信計算組織(Trusted Computing Group, TCG)提出,以確保計算機(jī)的行為像人們期望的那樣的安全可靠。遠(yuǎn)程證明是TCG標(biāo)準(zhǔn)中的一個主要功能,它提供了兩個交互雙方之間的完整性配置的證據(jù)。在TCG標(biāo)準(zhǔn)v1.2中提出了一種匿名認(rèn)證協(xié)議來保護(hù)用戶隱私,被稱為直接匿名認(rèn)證(Direct Anonymous Attestation, DAA)。該直接匿名證明方案一方面容易受到偽裝攻擊,另一方面不易于在現(xiàn)有的網(wǎng)絡(luò)協(xié)議架構(gòu)中實際部署實施。本文全面分析了可信計算在隱私保護(hù)上設(shè)計的直接匿名證明方案的安全性,重點解決直接匿名證明存在的問題,提出了一種在運行性能方面與安全性方面上有一定優(yōu)勢的解決方案--基于直接匿名證明協(xié)議和安全傳輸層協(xié)議(Transport Layer Security, TLS)的遠(yuǎn)程匿名證明協(xié)議。在可信平臺模塊(Trusted Platform Module, TPM)的基礎(chǔ)上,將身份匿名證明,平臺完整性驗證和密鑰交換協(xié)議相結(jié)合,在交互雙端之間構(gòu)建出一條能夠匿名認(rèn)證身份與驗證平臺完整性的可信信道。改進(jìn)方案滿足以下七個安全需求：匿名性、不可偽造性、不可克隆性和用戶可控連接性、前向安全性、抵抗重放攻擊性和抵抗偽裝攻擊性。設(shè)計的協(xié)議兼容擴(kuò)展的TLS協(xié)議架構(gòu),便于部署。另外協(xié)議支持橢圓曲線ECC算法,運輸速度快,存儲空間小,具有更高的使用性能。在協(xié)議安全性分析方面,本文在Dolev-Yao模型下進(jìn)行理論分析,使用高級協(xié)議規(guī)范語言(High-Level Protocol Specification Language, HLPSL)對設(shè)計的協(xié)議進(jìn)行建模,在SPAN模型檢測工具的幫助下,模擬協(xié)議交互流程,自動地檢測可能存在的攻擊路徑,分析協(xié)議設(shè)計方案的安全性。最后利用開源算法庫OpenSSL在Linux環(huán)境下對設(shè)計方案模擬實現(xiàn),在銀聯(lián)迷你付的支付環(huán)境下,適應(yīng)性地將新的遠(yuǎn)程匿名證明協(xié)議應(yīng)用到其中。
[Abstract]:With the advent of the digital age, e-commerce, e-government, online shopping, network social networking and other more and more widely used in the network, computers and networks have penetrated into all areas of society, more and more deep into our lives, And become an important part of ordinary people's daily life. The advent of the big data era seems to bring more convenience to mankind, but the negative impact of big data on Internet privacy has gradually aroused more people to think. Trusted Computing TCs are proposed by trusted Computing Group, TCG) to ensure that computers behave as safely and reliably as people expect. Remote certification is a major function of the TCG standard, which provides evidence of integrity configuration between two interactive parties. In the TCG standard v1.2, an anonymous authentication protocol is proposed to protect the privacy of users. It is called Direct Anonymous Attestation. On the one hand, the scheme is vulnerable to camouflage attack, on the other hand, it is difficult to deploy in the existing network protocol architecture. In this paper, the security of the direct anonymous proof scheme designed by trusted computing in privacy protection is analyzed, and the problem of direct anonymous proof is solved. In this paper, a solution with advantages in performance and security is proposed, which is based on Direct Anonymous Authentication Protocol and secure Transport layer Protocol, which is based on remote Anonymous Authentication Protocol. Based on trusted Platform Module, TPM), a trusted channel which can authenticate identity anonymously and verify the integrity of platform is constructed by combining anonymous authentication, platform integrity verification and key exchange protocol. The improved scheme meets the following seven security requirements: anonymity, unforgeability, non-cloning and user controllable connectivity, forward security, resistance to replay aggression and camouflage aggression. The designed protocol is compatible with the extended TLS protocol architecture for easy deployment. In addition, the protocol supports elliptic curve ECC algorithm, which has the advantages of fast transportation speed, small storage space and higher performance. In the aspect of protocol security analysis, this paper carries on the theoretical analysis under the Dolev-Yao model, uses the high-level protocol specification language High-Level Protocol Specification Language, HLPSL) to carry on the modeling to the designed protocol, with the help of the SPAN model checking tool, simulates the protocol interaction flow. The possible attack path is automatically detected and the security of the protocol design is analyzed. Finally, the open source algorithm library OpenSSL is used to simulate the design scheme in Linux environment. In the payment environment of UnionPay Mini payment, the new remote anonymous certification protocol is applied to it adaptively.
【學(xué)位授予單位】：北京交通大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2016
【分類號】：TP309

【相似文獻(xiàn)】

相關(guān)期刊論文 前10條

1 鄧帆;鄧少鋒;張文政;;安全協(xié)議的規(guī)范化設(shè)計[J];計算機(jī)工程與應(yīng)用;2011年18期

2 來學(xué)嘉;基于挑戰(zhàn)-響應(yīng)的認(rèn)證協(xié)議安全的必要條件(英文)[J];中國科學(xué)院研究生院學(xué)報;2002年03期

3 李莉;張煥國;王張宜;;一種安全協(xié)議的形式化設(shè)計方法[J];計算機(jī)工程與應(yīng)用;2006年11期

4 趙軍;;移動IPv6協(xié)議安全機(jī)制優(yōu)化[J];淮陰工學(xué)院學(xué)報;2008年01期

5 陶志紅,Hans KleineBu，

本文編號：1879250