CN104506532B - A kind of remote certification method suitable for emergency relief platform - Google Patents

A kind of remote certification method suitable for emergency relief platform Download PDF

Info

Publication number
CN104506532B
CN104506532B CN201410818444.6A CN201410818444A CN104506532B CN 104506532 B CN104506532 B CN 104506532B CN 201410818444 A CN201410818444 A CN 201410818444A CN 104506532 B CN104506532 B CN 104506532B
Authority
CN
China
Prior art keywords
terminal
group
metric
signature
credible
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201410818444.6A
Other languages
Chinese (zh)
Other versions
CN104506532A (en
Inventor
杨永民
周敏
丁宇征
公备
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
BEIJING SHIPBUILDING INFORMATION TECHNOLOGY Co Ltd
BEIJING BUSINESS INTELLIGENCE AND COMMUNICATIONS TECH Co Ltd
Original Assignee
BEIJING SHIPBUILDING INFORMATION TECHNOLOGY Co Ltd
BEIJING BUSINESS INTELLIGENCE AND COMMUNICATIONS TECH Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by BEIJING SHIPBUILDING INFORMATION TECHNOLOGY Co Ltd, BEIJING BUSINESS INTELLIGENCE AND COMMUNICATIONS TECH Co Ltd filed Critical BEIJING SHIPBUILDING INFORMATION TECHNOLOGY Co Ltd
Priority to CN201410818444.6A priority Critical patent/CN104506532B/en
Publication of CN104506532A publication Critical patent/CN104506532A/en
Application granted granted Critical
Publication of CN104506532B publication Critical patent/CN104506532B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Abstract

The present invention provides a kind of remote certification method suitable for emergency relief platform, including:Prove that terminal sends ID authentication request to the group administrator;Group administrator is to proving that the identity of terminal is verified, if the verification passes, it was demonstrated that the metric of platform where terminal acquires itself, then, after proving that terminal signs to metric using group signature scheme, the metric after signature is sent to inquiry terminal;Address inquires to terminal by group's proof scheme verification signature it is whether effective and, whether credible inquire metric to group administrator, only when verifying that the signature is effective, also, when the metric is credible, the inquiry terminal just confirms the proof trusted end-user.It has the following advantages:It can effectively solve the problems, such as the credible proof of terminal, ensure the authenticity of data and the safe transmission of data, while the present invention has proof trackability, can effectively resist identity forgery attack and dolus malus attack.

Description

A kind of remote certification method suitable for emergency relief platform
Technical field
The invention belongs to field of information security technology, and in particular to a kind of remote proving side suitable for emergency relief platform Method.
Background technology
In order to enhance the safety of computer, immunity of the terminal system to virus and wooden horse is fundamentally improved, this is just It is required that trusted computation environment, trust computing must be built from Computer Architecture, operating system and network architecture etc. Thus it comes into being, and one of important development direction for becoming information security field.
Under trust computing alliance (TCG) pushes energetically, the credible calculating platform that has been born, trusted storage and trustable network Etc. related industry standards, technology be by credible platform module (Trusted embedded on PC, PDA and embedded platform Platform Module:TPM), the foundation of credible calculating platform trust is solved as system root of trust using TPM/TPCM and proof is asked Topic.
Remote proving is a kind of platform can be allowed to report the configuration information of itself to long-range platform so that it can to flat The essential information and authenticity of platform are verified.Remote proving is one of hot spot of current Research on Trusted Computing, to prove to be Remote proving for the purpose of system platform credible is even more the favor for receiving domestic scientific research mechanism and manufacturer.
Remote proving is current, and mainly there are three research directions:Remote proving based on platform configuration, based on platform properties Remote proving and semantic-based remote proving.Wherein, the remote proving based on platform configuration is:By the way that platform credible is matched Confidence breath is sent to verifier, and so as to prove the credible of platform, but the proof scheme has revealed the configuration information of system, thus may be used It can cause the attack to platform;Remote proving scheme based on attribute, by the way that platform configuration information is mapped as association attributes, The program will not reveal the configuration information of platform, but due in open environment, the increase of platform software-hardware configuration information amount, this When system whole configuration information is mapped to platform properties difficulty it is very big, while the revocation of attribute is also extremely difficult;Based on language The remote proving scheme of justice theoretically can more accurately complete proof procedure, but due to the security strategy of current system Numerous and complicated results in the inefficient of program actual motion.
Trust computing alliance (TCG) also proposed the remote proving scheme of oneself, TCG remote provings refer to local platform to One remote entity proves the integrality of oneself, which is also referred to as referred to as integrity report.TCG remote provings are suitable for A variety of different application scenarios, such as complete control of the client to network access by carrying out credible measurement to client. But the remote proving mechanism autgmentability of TCG is poor, it is difficult to adapt to the operating system of user and application program frequently upgrades, and And TCG schemes it is maximum the problem of be the configuration information that may reveal platform, at present to the attack option of TCG remote proving schemes Such loophole of TCG schemes is exactly utilized.
Terminal in emergency relief platform needs to transmit data in real time during the work time, the safety to data transmission It is very high with rapidity requirement, however, existing all kinds of remote proving schemes, generally low limited with safety with computational efficiency The problems such as, so as to be difficult to meet requirement of the emergency relief platform to safety and speed.
Invention content
In view of the defects existing in the prior art, the present invention provides a kind of remote proving side suitable for emergency relief platform Method can effectively solve the above problems.
The technical solution adopted by the present invention is as follows:
The present invention provides a kind of remote certification method suitable for emergency relief platform, applied to by proof terminal, inquiry In the system architecture that terminal and group administrator are formed, include the following steps:
S1, when it is described proof terminal need to it is described inquiry terminal remote prove that itself is credible when, it is described proof terminal to The group administrator sends ID authentication request;Wherein, the ID authentication request carries the identity ID for proving terminal;
S2, the group administrator verifies the identity for proving terminal, if the verification passes, then performs S3;
S3, the metric for proving terminal and acquiring itself place platform, then, the proof terminal uses group ranking After scheme signs to the metric, the metric after signature is sent to the inquiry terminal;
Wherein, the metric for proving terminal and acquiring itself place platform, specifically includes:
S3.1, the staticametric information for proving terminal and acquiring itself place platform, obtains static abstract value;
Specially:The first static credible metric is calculated in the MCF values proved when terminal acquires initial start;
Described to prove that terminal measures the metric of n process be configured in an unloaded condition, obtaining the second static state can Reliability magnitude;
The digest value for proving terminal joint and calculating the described first static credible metric and two static credible metrics, The digest value is the static abstract value;
S3.2, the dynamic measurement information for proving terminal and acquiring itself place platform, obtains dynamic abstract value;
Specially:It is described to prove that terminal measures the metric of n process be configured under load condition, obtain dynamic Credible metric, and the digest value of the dynamic credible metric is calculated, which is the dynamic abstract value;
S3.3, the static abstract value and the dynamic abstract value are combined as the metric;
S4, it is described inquiry terminal by group's proof scheme verify it is described signature whether it is effective and, to the group administrator Whether credible inquire the metric, it is described only when the verification signature is effective, also, the metric is credible It addresses inquires to terminal and just confirms the proof trusted end-user;
Wherein, whether the inquiry terminal is credible to the group administrator inquiry metric, specially:
S4.1, the inquiry terminal parse the static abstract value and the dynamic abstract value from the metric;
S4.2, the inquiry terminal send to the group administrator and the credible inquiry of static abstract value progress are asked It asks;Wherein, the name information of the various components corresponding to the static abstract value is carried in the request of the inquiry;
S4.3, the name information of the group administrator based on various components, obtains the standard degree magnitude of various components, so Afterwards, it compares the static abstract value and whether the standard digest value is consistent, if unanimously, the group administrator is to the matter It askes terminal and returns to believable query result;
S4.4, the inquiry terminal is further sent to the group administrator carries out credible inquiry to the dynamic abstract value Request;
S4.5, the group administrator define Malice [n]={ malice [1], malice [2] ... .malice [n] }, wherein, Malice represents the malice index of each process, shares n process;
The group administrator is obtained to proving that the authority set of terminal profile is combined into PR, PR=(pr1,pr2....pru), In, priDifferent permissions is represented, shares u permission;
It is a four-tuple that the group administrator, which defines malice, Malice [i]={ ep, pri, np, obn }, wherein, ep The permission that expression process tries to, priFor the permission of user inherently, np represents that process attempts to scan it and do not have permission visit Ask the number of port, obn represents that process attempts the number of the Subjective and Objective object set of unauthorized access;
The group administrator defines MRrealFor measurement results function, it is described as follows:
The group administrator parses the dynamic abstract value, obtains ep, pr of each processi, np and obn, then, be based on The practical MR for proving terminal is calculated in the measurement results functionreal, give a threshold value MRsp, compare MRrealWith MRspIf MRreal< MRsp, then to the query result of the inquiry terminal return dynamic measurement credible result.
Preferably, it is described proof terminal signed using group signature scheme to the metric and, the inquiry Terminal verifies whether the signature is effective, and idiographic flow is by group's proof scheme:
Define 1:Bilinear map
Group G1=< g1> and group G2=< g2> is the cyclic group of two p ranks, and p is a Big prime, group G2And G1On Discrete logarithm is difficult to resolve, and φ is crowd G2To G1Reconstruct, group G can be calculated1,G2It is following and if only if meeting for a pair of of Bilinear Groups Property:
1. computable bilinearity:There are computable mapping e:G1 × G2 → G3, wherein, G3 is also that a rank is p Cyclic group so that arbitrary η ∈ G1, γ ∈ G2, all there are e (ηab)=e (η, γ)ab
2. non-degeneracy:For the generation member g on group1,g2, e (g1,g2)≠1;
Define 2 computational Diffie-Hellman problems
Give grouping G=< g >, it is known that g, ga,gb, give a, b ∈ Zp, under a, b unknown situations, calculate gabComplexity It is non-polynomial time complexity.
Define 3 Decisional Diffie-Hellman assumptions
It is the cyclic group of exponent number p to grouping G=< g >, gives w, x, y, z ∈RG, for α, β ∈RZp, for all Probabilistic polynomial algorithm A, Pr [A (w, x, y, wα,xb,ya+b)]-Pr[A(w,x,y,wα,xb, z)]≤ε, wherein ε be negligible 's;
The group signature scheme includes the following steps:
Step 1, systematic parameter are established:
If (G1,G2) it is a pair of of Bilinear Groups, give the cyclic group (G of Big prime P and P a rank1,+), (G2), If bilinear map is e:G1×G2→G2, give H1:{0,1}*→G1, H1:{0,1}*→Zp *For collisionless Hash functions, choosing Select bilinear map e:G1×G1→G2If g is G1Generation member, wherein g1,g2,g3∈G1, group administrator selection α123RZP, calculate h1=g1 α1g3 α3,h2=g1 α2g3 α3, wherein, I=e (g1,g1), select collisionless hash function H { 0,1 }*→Zp *, Select s ∈ Zp *For group's private key, ks=g1 sFor group's public key, then it is (G that group, which discloses parameter,1,G2,G3,g1,g2,g3,P,ks,H,I);
Step 2, it was demonstrated that terminal is added in as newcomer:
Prove that terminal is denoted as participant i, participant i random selection few members' private keys xi∈Zp *, enable ku=g1 xiAs ginseng With few members' public key of person i;
Group administrator is according to group's private key s, g1,g2And the ID ∈ { 0,1 } of participant i*, calculate M=H1(ID), so as to obtain Go out few members' private key d=g of participant i2 sM, then group administrator select r ∈ Zp *, calculateWill (d, R, σ) participant i is sent to by the channel of safety;
After participant i receives (d, r, σ), equation is verifiedIt is whether true, if It sets up, participant i receiving portions member's private key d=g2 sM, then calculateIt is k finally to obtain member public keyu= g1 xiWithMember's private key is (d, xi);Participant i is so far successfully joined group, and participant i is changed into group members i;
Step 3, the generation of group ranking:
Step 4, verification signature:
For Δ=(U, ε, B1,B2,B3,B4,T,d1,d2,d3,d4), signer identity ID addresses inquires to terminal according to following step The correctness of rapid verification signature:
3) terminal authentication U=e (ε, g are addressed inquires to1)e(ku,T)hIt is whether true, if set up, verify that signature is effective;If It is invalid, then verify that signature is invalid.
Preferably, it after step 4, further includes:
Step 5, signature are opened:
Group administrator discloses parameter (G according to group1,G2,G3,g1,g2,g3,P,ks, H, I) and signature Δ=(U, ε, B1, B2,B3,B4,T,d1,d2,d3,d4), after the validation verification to signature is completed, group administrator is according to α123RZP, calculate Γi=B4/(B1 α1B2 α2B3 α3), wherein, ΓiWith group members identity ID bind, then, group administrator according to user into Member's list is tracked to the true identity of signer.
Remote certification method provided by the invention suitable for emergency relief platform has the following advantages:
(1) it can effectively solve the problems, such as the credible proof of terminal, ensure the authenticity of data and the safe transmission of data, The present invention, which has, simultaneously proves trackability, can effectively resist identity forgery attack and dolus malus attack.
(2) a kind of efficient short message group signature scheme is provided, program computational efficiency is efficient, can realize quick label Name and verification, key management is simple, more safety and practicability, easy Project Realization;It, can be real-time using the signature scheme Various accidents are responded, meet the needs of emergency relief platform is to transmission speed.
Description of the drawings
Fig. 1 is the Organization Chart of the remote certification method provided by the invention suitable for emergency relief platform.
Specific embodiment
Below in conjunction with attached drawing, the present invention is described in detail:
The characteristics of emergency relief platform, is to need high speed, real-time and safe transmission data, therefore trusted end-user is demonstrate,proved Bright necessary rapid and safety, remote certification method proposed by the present invention, calculating is efficient, easy to implement, can effectively judge end Credible, the effective terminal for finding malice and the effectively terminal of retrospect malice at end, so that it is guaranteed that the terminal of transmission data is all It is believable, the present invention can be as the safety guarantee basis of data transmission in emergency relief platform.
Remote certification method provided by the invention suitable for emergency relief platform, flow can probably be described as:
For the present invention from the remote proving of the complete paired terminal of believable essence, terminal first need to be to group administrator progress body Part certification, if when authentication by after, then just carry out credible measurement, metric is stored respectively in terminal and group manages In member.Specific proof procedure is as follows:
1st, it proves that terminal carries out authentication to group administrator, if proving that terminal is legal terminal, performs lower walk;
2nd, prove that terminal carries out credible measurement;
Herein, it was demonstrated that for terminal in a manner that staticametric and dynamic measurement are combined, having the spies such as can monitor, is expansible Point can effectively find the proof terminal of malice, improve the availability of system.
3rd, prove that terminal is sent to inquiry terminal after metric is signed;
4th, terminal-pair signature verification is addressed inquires to by rear, credible inquiry is carried out to group administrator, proves that terminal is so as to confirm It is no credible.
Specifically, as shown in Figure 1, the present invention provides a kind of remote certification method suitable for emergency relief platform, application In the system architecture being made of proof terminal, inquiry terminal and group administrator, include the following steps:
S1, when it is described proof terminal need to it is described inquiry terminal remote prove that itself is credible when, it is described proof terminal to The group administrator sends ID authentication request;Wherein, the ID authentication request carries the identity ID for proving terminal;
S2, the group administrator verifies the identity for proving terminal, if the verification passes, then performs S3;
S3, the metric for proving terminal and acquiring itself place platform, then, the proof terminal uses group ranking After scheme signs to the metric, the metric after signature is sent to the inquiry terminal;
Wherein, the metric for proving terminal and acquiring itself place platform, is mutually tied for staticametric with dynamic measurement The mode of conjunction, specifically includes:
S3.1, the staticametric information for proving terminal and acquiring itself place platform, obtains static abstract value;
Specially:The first static credible metric is calculated in the MCF values proved when terminal acquires initial start;
Described to prove that terminal measures the metric of n process be configured in an unloaded condition, obtaining the second static state can Reliability magnitude;
The digest value for proving terminal joint and calculating the described first static credible metric and two static credible metrics, The digest value is the static abstract value;
Static abstract value can be obtained by MCF files, wherein, MCF is measurement configuration file (Measurements Configuration File) abbreviation, deposit on boot partition, for preserve guiding module needs measure file row Table.This document list include kernel file list, initial disk listed files, O/S kernel start after and OS dynamic measurements module not The listed files of verification and the digest value of above-mentioned all files are needed before starting.
Data in MCF files are formed by following form:
File hash value+file name (complete trails)
File hash value+file name (complete trails)
……
Wherein, file name is the absolute path form of carrying device information, the form that should use GRUB that can identify, i.e.,: Labelling Regions (such as (hd0,0))+file fullpath, file hash value length is depending on the requirement of finally determining digest algorithm (SM3 algorithms are 256 bits.The staticametric information of end user includes MCF and base measures value, MCF and base measures value point It is not stored in terminal and group administrator.
S3.2, the dynamic measurement information for proving terminal and acquiring itself place platform, obtains dynamic abstract value;
Specially:It is described to prove that terminal measures the metric of n process be configured under load condition, obtain dynamic Credible metric, and the digest value of the dynamic credible metric is calculated, which is the dynamic abstract value;
Specifically, dynamic measurement information of the present invention is completed by the real-time status of n process of measurement proof terminal, Since the process of malice is there are some general character, for example, the unauthorized access of wooden horse, virus self-replacation and tamper with a document, worm Network attack etc..Real-time dynamic measurement can investigate the malice degree for proving terminal operating process, be proved eventually so as to confirm Hold real-time status whether credible, can represent the malice index of process with Malice, define Malice [n]=malice [1], Malice [2] ... .malice [n] }, represent the malice index of each process, group administrator is to the permission of terminal profile Collection is combined into PR, PR=(pr1,pr2....pru), priRepresent different permissions.
Then:Malice is a four-tuple, Malice [i]={ ep, pri, np, obn }, wherein ep represents that process attempts to obtain The permission taken, priFor the permission of user inherently, np represents that process attempts to scan it and do not have the number of permission access port, Obn represents that process attempts the number of the Subjective and Objective object set of unauthorized access;
Define MRrealFor measurement results function, it is described as follows:
Give a threshold value MRspIf MRreal< MRsp, then it is assumed that terminal measurement results are met with trustable network strategy pipe The security strategy at reason person end.
This partial content in the follow-up process, can also have a detailed description.
S3.3, the static abstract value and the dynamic abstract value are combined as the metric;
S4, it is described inquiry terminal by group's proof scheme verify it is described signature whether it is effective and, to the group administrator Whether credible inquire the metric, it is described only when the verification signature is effective, also, the metric is credible It addresses inquires to terminal and just confirms the proof trusted end-user;
Wherein, whether the inquiry terminal is credible to the group administrator inquiry metric, specially:
S4.1, the inquiry terminal parse the static abstract value and the dynamic abstract value from the metric;
S4.2, the inquiry terminal send to the group administrator and the credible inquiry of static abstract value progress are asked It asks;Wherein, the name information of the various components corresponding to the static abstract value is carried in the request of the inquiry;
S4.3, the name information of the group administrator based on various components, obtains the standard degree magnitude of various components, so Afterwards, it compares the static abstract value and whether the standard digest value is consistent, if unanimously, the group administrator is to the matter It askes terminal and returns to believable query result;
S4.4, the inquiry terminal is further sent to the group administrator carries out credible inquiry to the dynamic abstract value Request;
S4.5, the group administrator define Malice [n]={ malice [1], malice [2] ... .malice [n] }, wherein, Malice represents the malice index of each process, shares n process;
The group administrator is obtained to proving that the authority set of terminal profile is combined into PR, PR=(pr1,pr2....pru), In, priDifferent permissions is represented, shares u permission;
It is a four-tuple that the group administrator, which defines malice, Malice [i]={ ep, pri, np, obn }, wherein, ep The permission that expression process tries to, priFor the permission of user inherently, np represents that process attempts to scan it and do not have permission visit Ask the number of port, obn represents that process attempts the number of the Subjective and Objective object set of unauthorized access;
The group administrator defines MRrealFor measurement results function, it is described as follows:
The group administrator parses the dynamic abstract value, obtains ep, pr of each processi, np and obn, then, be based on The practical MR for proving terminal is calculated in the measurement results functionreal, give a threshold value MRsp, compare MRrealWith MRspIf MRreal< MRsp, then to the query result of the inquiry terminal return dynamic measurement credible result.
In above process, it was demonstrated that terminal signed using group signature scheme to the metric and, the matter It askes terminal and verifies whether the signature is effective, and idiographic flow is by group's proof scheme:
Define 1:Bilinear map
Group G1=< g1> and group G2=< g2> is the cyclic group of two p ranks, and p is a Big prime, group G2And G1On Discrete logarithm is difficult to resolve, and φ is crowd G2To G1Reconstruct, group G can be calculated1,G2It is following and if only if meeting for a pair of of Bilinear Groups Property:
1. computable bilinearity:There are computable mapping e:G1 × G2 → G3, wherein, G3 is also that a rank is p Cyclic group so that arbitrary η ∈ G1, γ ∈ G2, all there are e (ηab)=e (η, γ)ab
2. non-degeneracy:For the generation member g on group1,g2, e (g1,g2)≠1;
Define 2 computational Diffie-Hellman problems
Give grouping G=< g >, it is known that g, ga,gb, give a, b ∈ Zp, under a, b unknown situations, calculate gabComplexity It is non-polynomial time complexity.
Define 3 Decisional Diffie-Hellman assumptions
It is the cyclic group of exponent number p to grouping G=< g >, gives w, x, y, z ∈RG, for α, β ∈RZp, for all Probabilistic polynomial algorithm A, Pr [A (w, x, y, wα,xb,ya+b)]-Pr[A(w,x,y,wα,xb, z)]≤ε, wherein ε be negligible 's;
The group signature scheme includes the following steps:
Step 1, systematic parameter are established:
If (G1,G2) it is a pair of of Bilinear Groups, give the cyclic group (G of Big prime P and P a rank1,+), (G2), If bilinear map is e:G1×G2→G2, give H1:{0,1}*→G1, H1:{0,1}*→Zp *For collisionless Hash functions, choosing Select bilinear map e:G1×G1→G2If g is G1Generation member, wherein g1,g2,g3∈G1, group administrator selection α123RZP, calculate h1=g1 α1g3 α3,h2=g1 α2g3 α3, wherein, I=e (g1,g1), select collisionless hash function H { 0,1 }*→Zp *, Select s ∈ Zp *For group's private key, ks=g1 sFor group's public key, then it is (G that group, which discloses parameter,1,G2,G3,g1,g2,g3,P,ks,H,I);
Step 2, it was demonstrated that terminal is added in as newcomer:
Prove that terminal is denoted as participant i, participant i random selection few members' private keys xi∈Zp *, enable ku=g1 xiAs ginseng With few members' public key of person i;
Group administrator is according to group's private key s, g1,g2And the ID ∈ { 0,1 } of participant i*, calculate M=H1(ID), so as to obtain Go out few members' private key d=g of participant i2 sM, then group administrator select r ∈ Zp *, calculateWill (d, R, σ) participant i is sent to by the channel of safety;
After participant i receives (d, r, σ), equation is verifiedIt is whether true, if It sets up, participant i receiving portions member's private key d=g2 sM, then calculateIt is k finally to obtain member public keyu=g1 xi WithMember's private key is (d, xi);Participant i is so far successfully joined group, and participant i is changed into group members i;
Step 3, the generation of group ranking:
Step 4, verification signature:
For Δ=(U, ε, B1,B2,B3,B4,T,d1,d2,d3,d4), signer identity ID addresses inquires to terminal according to following step The correctness of rapid verification signature:
3) terminal authentication U=e (ε, g are addressed inquires to1)e(ku,T)hIt is whether true, if set up, verify that signature is effective;If It is invalid, then verify that signature is invalid.
3rd, the remote certification method according to claim 2 suitable for emergency relief platform, which is characterized in that step After four, further include:
Step 5, signature are opened:
Group administrator discloses parameter (G according to group1,G2,G3,g1,g2,g3,P,ks, H, I) and signature Δ=(U, ε, B1, B2,B3,B4,T,d1,d2,d3,d4), after the validation verification to signature is completed, group administrator is according to α123RZP, calculate Γi=B4/(B1 α1B2 α2B3 α3), wherein, ΓiWith group members identity ID bind, then, group administrator according to user into Member's list is tracked to the true identity of signer.
Therefore, the remote certification method provided by the invention suitable for emergency relief platform, has the following advantages:
(1) it can effectively solve the problems, such as the credible proof of terminal, ensure the authenticity of data and the safe transmission of data, The present invention, which has, simultaneously proves trackability, can effectively resist identity forgery attack and dolus malus attack.
(2) a kind of efficient short message group signature scheme is provided, program computational efficiency is efficient, can realize quick label Name and verification, key management is simple, more safety and practicability, easy Project Realization;It, can be real-time using the signature scheme Various accidents are responded, meet the needs of emergency relief platform is to transmission speed.
The above is only the preferred embodiment of the present invention, it is noted that for the ordinary skill people of the art For member, various improvements and modifications may be made without departing from the principle of the present invention, these improvements and modifications also should Depending on protection scope of the present invention.

Claims (3)

1. a kind of remote certification method suitable for emergency relief platform, which is characterized in that applied to whole by proof terminal, inquiry In the system architecture that end and group administrator are formed, include the following steps:
S1, when the proof terminal needs to prove that itself is credible to the inquiry terminal remote, the proof terminal is to described Group administrator sends ID authentication request;Wherein, the ID authentication request carries the identity ID for proving terminal;
S2, the group administrator verifies the identity for proving terminal, if the verification passes, then performs S3;
S3, the metric for proving terminal and acquiring itself place platform, then, the proof terminal uses group signature scheme After the metric of platform is signed where acquiring itself to the proof terminal, the metric after signature is sent to institute State inquiry terminal;
Wherein, the metric for proving terminal and acquiring itself place platform, specifically includes:
S3.1, the staticametric information for proving terminal and acquiring itself place platform, obtains static abstract value;
Specially:The first static credible metric is calculated in the MCF values proved when terminal acquires initial start;Wherein, MCF Chinese meaning is measurement configuration file;
It is described to prove that terminal measures the metric of n process be configured in an unloaded condition, obtain the second static confidence level Magnitude;
The digest value for proving terminal joint and calculating the described first static credible metric and the second static credible metric, should Digest value is the static abstract value;
S3.2, the dynamic measurement information for proving terminal and acquiring itself place platform, obtains dynamic abstract value;
Specially:It is described to prove that terminal measures the metric of n process be configured under load condition, obtain dynamic credible Metric, and the digest value of the dynamic credible metric is calculated, which is the dynamic abstract value;
S3.3, the static abstract value and the dynamic abstract value are combined as the degree of platform where the proof terminal acquires itself Measure information;
S4, it is described inquiry terminal by group's proof scheme verify it is described signature whether it is effective and, to the group administrator inquire Whether the metric of platform is credible where the proof terminal acquires itself, only when the verification signature is effective, also, institute State prove terminal acquire platform where itself metric it is credible when, the inquiry terminal, which just confirms, described proves that terminal can Letter;
Wherein, the terminal of addressing inquires to is to the group administrator inquiry metric for proving terminal and acquiring itself place platform It is whether credible, specially:
S4.1, it is described address inquires to the metric that terminal acquires platform where itself from the proof terminal and parse the static state pluck It is worth and the dynamic abstract value;
S4.2, the terminal of addressing inquires to send the request that credible inquiry is carried out to the static abstract value to the group administrator;Its In, the name informations of the various components corresponding to the static abstract value is carried in the request of the inquiry;
S4.3, the name information of the group administrator based on various components, obtains the standard degree magnitude of various components, then, than It is whether consistent to the static abstract value and the standard degree magnitude, if unanimously, the group administrator addresses inquires to eventually to described End returns to believable query result;
S4.4, the inquiry terminal further send to the group administrator and the credible inquiry of dynamic abstract value progress are asked It asks;
S4.5, the group administrator define Malice [n]={ malice [1], malice [2] ..., malice [n] }, Wherein, malice represents the malice index of each process, shares n process;
The group administrator is obtained to proving that the authority set of terminal profile is combined into PR, PR=(pr1,pr2,....,pru), wherein, pr1,pr2,....,pruDifferent permissions is represented, shares u permission;
It is a four-tuple that the group administrator, which defines malice,Malice [j]={ ep, prj,np,obn}, wherein, j=1, 2 ..., n, ep represent the permission that process tries to, prjFor the permission of user inherently, np represents that process attempts to scan It does not have the number of permission access port, and obn represents that process attempts the number of the Subjective and Objective object set of unauthorized access;
The group administrator defines MRrealFor measurement results function, it is described as follows:
The group administrator parses the dynamic abstract value, obtains ep, pr of each processj, np and obn, then, based on described The practical MR for proving terminal is calculated in measurement results functionreal, give a threshold value MRsp, compare MRrealAnd MRsp, If MRreal<MRsp, then to the query result of the inquiry terminal return dynamic measurement credible result.
2. the remote certification method according to claim 1 suitable for emergency relief platform, which is characterized in that the proof Terminal signed using the metric that group signature scheme acquires platform where itself to the proof terminal and, it is described It addresses inquires to terminal and verifies whether the signature is effective, and idiographic flow is by group's proof scheme:
Define 1:Bilinear map
Group G1=<g1>With group G2=<g2>It is the cyclic group of two p ranks, p is a Big prime, group G2And G1On discrete logarithm It is difficult to resolve, φ is crowd G2To G1Reconstruct, group G can be calculated1,G2For a pair of of Bilinear Groups, and if only if meeting following property:
1. computable bilinearity:There are computable mapping e:G1×G2→G3, wherein, G3It is also the cyclic group that a rank is p, Cause arbitrary η ∈ G1, γ ∈ G2, all there are e (ηab)=e (η, γ)ab
2. non-degeneracy:For the generation member g on group1,g2, e (g1,g2)≠1;
Define 2 computational Diffie-Hellman problems
Give grouping G=<g>, it is known that g, ga,gb, give a, b ∈ Zp, under a, b unknown situations, calculate gabComplexity be non-multi Item formula time complexity;
Define 3 Decisional Diffie-Hellman assumptions
Give grouping G=<g>It is the cyclic group of exponent number p, gives w, x, y, z ∈RG, for α, β ∈RZp, it is more for all probability Item formula algorithm A, Pr [A (w, x, y, wα,xb,ya+b)]-Pr[A(w,x,y,wα,xb, z)]≤ε, wherein ε be insignificant;
The group signature scheme includes the following steps:
Step 1, systematic parameter are established:
If (G1,G2) it is a pair of of Bilinear Groups, give the cyclic group (G of Big prime P and P a rank1,+), (G2), if double Linear Mapping is e:G1×G2→G2, give H1:{0,1}*→G1, H1:{0,1}*→Zp *For collisionless Hash functions, selection pair Linear Mapping e:G1×G1→G2If g is G1Generation member, wherein g1,g2,g3∈G1, group administrator selection α123RZP, Calculate h1=g1 α1g3 α3,h2=g1 α2g3 α3, wherein, I=e (g1,g1), select collisionless Hash functions H { 0,1 }*→Zp *, choosing Select s ∈ Zp *For group's private key, ks=g1 sFor group's public key, then it is (G that group, which discloses parameter,1,G2,G3,g1,g2,g3,P,ks,H,I);
Step 2, it was demonstrated that terminal is added in as newcomer:
Prove that terminal is denoted as participant i, participant i random selection few members' private keys xi∈Zp *, enable ku=g1 xiAs participant i Few members' public key;
Group administrator is according to group's private key s, g1、g2And the ID ∈ { 0,1 } of participant i*, calculate M=H1(ID), it is participated in so as to obtain Few members' private key d=g of person i2 sM, then group administrator select r ∈ Zp *, calculate(d, r, σ) is logical It crosses safe channel and is sent to participant i;
After participant i receives (d, r, σ), equation is verifiedIt is whether true, if into It is vertical, participant i receiving portions member's private key d=g2 sM, then calculate Γi=g1 1/s+xi, it is k finally to obtain member public keyu=g1 xi And Γi=g1 1/s+xi, member's private key is (d, xi);Participant i is so far successfully joined group, and participant i is changed into group members i;
Step 3, the generation of group ranking:
Group members i calculates U=Id, then select γ1234RZP, group members i calculating B1=g1 γ1,B2=g2 γ2,B3 =g3 γ1+γ2,B4iT1 γ1T2 γ2, complete to B1,B2,B3,B4After calculating, group members i selections δ12345RZP, Then it calculates Group members i selects γ123RZP, metric h (i) that then group members i to prove it calculates T=(B1||B2|| B3||B4||U1||U2||U3||U4| | h (i)), d11+Tγ1,d22+Tγ2,d33+Tγ3, d44+Tγ4, finally Calculate ε=dg1- hxT, then, group members i generation group rankings △=(U, ε, B1,B2,B3,B4,T,d1,d2,d3,d4,);
Step 4, verification signature:
For △=(U, ε, B1,B2,B3,B4,T,d1,d2,d3,d4), signer identity ID addresses inquires to terminal and is tested according to following steps The correctness of signed certificate name:
1) terminal is addressed inquires to calculate
2) terminal authentication is addressed inquires toIt is whether true, if invalid, refuse Signature;If set up, perform 3)
3) terminal authentication U=e (ε, g are addressed inquires to1)e(ku,T)hIt is whether true, if set up, verify that signature is effective;If not into It is vertical, then verify that signature is invalid.
3. the remote certification method according to claim 2 suitable for emergency relief platform, which is characterized in that step 4 it Afterwards, it further includes:
Step 5, signature are opened:
Group administrator discloses parameter (G according to group1,G2,G3,g1,g2,g3,P,ks, H, I) and signature △=(U, ε, B1,B2,B3, B4,T,d1,d2,d3,d4), after the validation verification to signature is completed, group administrator is according to α123RZP, calculate Γi=B4/(B1 α1B2 α2B3 α3), wherein, ΓiIt is bound with group members identity ID, then, group administrator chases after according to user members list Track to signer true identity.
CN201410818444.6A 2014-12-24 2014-12-24 A kind of remote certification method suitable for emergency relief platform Expired - Fee Related CN104506532B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410818444.6A CN104506532B (en) 2014-12-24 2014-12-24 A kind of remote certification method suitable for emergency relief platform

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410818444.6A CN104506532B (en) 2014-12-24 2014-12-24 A kind of remote certification method suitable for emergency relief platform

Publications (2)

Publication Number Publication Date
CN104506532A CN104506532A (en) 2015-04-08
CN104506532B true CN104506532B (en) 2018-06-26

Family

ID=52948247

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410818444.6A Expired - Fee Related CN104506532B (en) 2014-12-24 2014-12-24 A kind of remote certification method suitable for emergency relief platform

Country Status (1)

Country Link
CN (1) CN104506532B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105608386B (en) * 2016-03-11 2018-09-07 成都三零嘉微电子有限公司 A kind of credible computing terminal integrity measurement, method of proof and device
WO2018205263A1 (en) * 2017-05-12 2018-11-15 深圳大学 Sybil attack defense method and system
CN110096887B (en) 2019-03-22 2020-06-30 阿里巴巴集团控股有限公司 Trusted computing method and server
CN110635904B (en) * 2019-09-16 2020-07-31 绍兴文理学院 Remote attestation method and system for software-defined Internet of things node

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101043338A (en) * 2007-04-27 2007-09-26 中国科学院软件研究所 Safety requirement based remote proving method and system thereof
CN101477602A (en) * 2009-02-10 2009-07-08 浪潮电子信息产业股份有限公司 Remote proving method in trusted computation environment
CN101951388A (en) * 2010-10-14 2011-01-19 中国电子科技集团公司第三十研究所 Remote attestation method in credible computing environment
CN102291396A (en) * 2011-08-01 2011-12-21 杭州信雅达数码科技有限公司 Anonymous authentication algorithm for remote authentication between credible platforms

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090239503A1 (en) * 2008-03-20 2009-09-24 Bernard Smeets System and Method for Securely Issuing Subscription Credentials to Communication Devices

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101043338A (en) * 2007-04-27 2007-09-26 中国科学院软件研究所 Safety requirement based remote proving method and system thereof
CN101477602A (en) * 2009-02-10 2009-07-08 浪潮电子信息产业股份有限公司 Remote proving method in trusted computation environment
CN101951388A (en) * 2010-10-14 2011-01-19 中国电子科技集团公司第三十研究所 Remote attestation method in credible computing environment
CN102291396A (en) * 2011-08-01 2011-12-21 杭州信雅达数码科技有限公司 Anonymous authentication algorithm for remote authentication between credible platforms

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
A Trusted Measurement Scheme Suitable for the Clients in the Trusted Network;公备等;《China Communications》;20140430(第04期);第143-153页 *
Behavior Measurement Model Based on Prediction and Control of Trusted Network;公备等;《China Communication》;20120930;第9卷(第5期);第123-134页 *
一种远程证明协议转换模型及通用安全协议研究;施光源等;《计算机应用研究》;20100630;第27卷(第6期);第2309-2320页 *

Also Published As

Publication number Publication date
CN104506532A (en) 2015-04-08

Similar Documents

Publication Publication Date Title
Stokkink et al. Deployment of a blockchain-based self-sovereign identity
WO2020048241A1 (en) Blockchain cross-chain authentication method and system, and server and readable storage medium
Jarecki et al. Outsourced symmetric private information retrieval
CN103501303B (en) Active remote attestation method for measurement of cloud platform virtual machine
JP4896537B2 (en) Method and system for asymmetric key security
Chen et al. Property-based attestation without a trusted third party
CN105721158A (en) Cloud safety privacy and integrity protection method and cloud safety privacy and integrity protection system
Kogan et al. T/key: second-factor authentication from secure hash chains
CN104506532B (en) A kind of remote certification method suitable for emergency relief platform
CN106330865A (en) Property base keyword searching method supporting efficient revocation in cloud environment
CN110602099B (en) Privacy protection method based on verifiable symmetric searchable encryption
Sarier Comments on biometric-based non-transferable credentials and their application in blockchain-based identity management
Goodrich et al. Athos: Efficient authentication of outsourced file systems
CN113487042A (en) Federated learning method and device and federated learning system
CN106487786A (en) A kind of cloud data integrity verification method based on biological characteristic and system
Fan et al. Verifiable attribute-based multi-keyword search over encrypted cloud data in multi-owner setting
Miao et al. Blockchain assisted multi-copy provable data possession with faults localization in multi-cloud storage
Obiri et al. Personal health records sharing scheme based on attribute based signcryption with data integrity verifiable
Chen et al. Bpvse: Publicly verifiable searchable encryption for cloud-assisted electronic health records
Lee et al. Privacy-preserving identity management system
Xu et al. Secure fuzzy identity-based public verification for cloud storage
De Salve et al. Selective disclosure in self-sovereign identity based on hashed values
Wang et al. Cryptanalysis of a public authentication protocol for outsourced databases with multi-user modification
Feng et al. A new public remote integrity checking scheme with user privacy
JPWO2020135853A5 (en)

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20180626

Termination date: 20201224