CN105450502A - Software-defined network oriented email denial suppression system and suppression method thereof - Google Patents

Abstract

The invention discloses a software-defined network oriented email denial suppression system and a suppression method thereof. The software-defined network oriented email denial suppression system regards a traditional email interactive model as a data plane and a denial suppression as a control plane, achieves the suppression and management of email denial behaviors, and comprises an interactive evidence binding assembly, an interactive evidence management assembly, a denial behavior detection assembly, a sign-in behavior assessment assembly, a sign-in reliability management assembly and a denial behavior early-warning assembly. In an email denial suppression framework, the email interaction forms the closed-loop self-feedback denial suppression system through the whole process from denial early-warning before email interaction, denial management during the interaction process to the denial detection and sign-in reliability feedback after interaction, and the denial-free requirement of email interaction is satisfied. The software-defined network oriented email denial suppression system does not damage the traditional email interactive model, and can achieve denial suppression beforehand.

Description

The Email of software-oriented define grid denies suppression system and suppressing method thereof

Technical field

The present invention relates to network safety filed, the Email being specifically related to a kind of software-oriented define grid denies suppression system and suppressing method thereof.

Background technology

As cross-platform universal distributed system a kind of under heterogeneous network environment, Email has become one network application the most widely along with the universal of the Internet; But meanwhile, the extensive concern that problem causes industry just is successively denied in the transmitting-receiving concerned with safety of electronic mail, comprises mail sending and denies (malice transmit leg is denied afterwards and once sent this mail) and mail reception denial (malice recipient denies afterwards and once received this mail).In con-ventional post system, the conventional means suppressing mail to deny problem is for vital document (such as contract, contract, bidding documents, subpoena etc.) provides the postal value-added service being called vouchered postal material, postal operator, by providing mail to according to proving that mailer was sending this mail sometime, proving that this mail is successfully submitted by recipient's signing by hand receipt, is implemented to follow the trail of to deny behavior to mail transmission/reception afterwards.In CYBERSPACE, due to the disappearance of electronic communication system quoting ability, make PEM (PrivacyEnhancedMail), MOSS (MIMEObjectSecurityServices), S/MIME (Secure/MultipurposeInternetMailExtensions) and PGP (PrettyGoodPrivacy) although etc. safety of electronic mail agreement integrality, authentication property and confidentiality can be provided, non-repudiation cannot be provided; RFC2634 (EnhancedSecurityServicesforS/MIME, ESS-S/MIME) sign for by introducing in S/MIME the problem that evidence attempts to solve the undeniable disappearance of E-mail receiver/send, but this standard is based upon on honest addressee (recipient can return receipt surely) supposes, this usually cannot meet in real world.

The existing major technique of taking precautions against denial in the Email world signs for Email, and this technology by exchanging e-mail messages and resisting denying evidence liberally to ensure reviewing of transmitting-receiving denial behavior between mistrustful receiving-transmitting sides.As a challenge, since the people such as people and R.Deng such as J.Zhou in 1996 begin one's study and sign for e-mail technique, emerge over nearly 18 years and large quantities ofly sign for email solutions, representative work has: (1) is in protocol security character meets, KremerS. wait people to discuss the undeniable problem of information interaction first comprehensively, give the fundamental property that fair non-repudiation protocol must meet; The people such as JoseOnieva sign for email protocol for quick optimism and do not possess time-bounded problem, propose a kind of asynchronous time-bounded technology; The people such as ChangsheMa point out to use the RSA-CEMD of transparent TTP optimism to sign for email protocol to there is recipient and can recover signature ciphertext (verifying by all senders) by invalid the verifying of transmission and cheat transmit leg (recipient can successfully receive email message, and sender obtain less than signing for evidence) problem, propose a kind of improvement version, compensate for the fairness defect of former agreement; The people such as Min-HuaShao for numerous sign for email protocol exist malicious parties can by attack deception honesty side, thus the problem bringing fairness to lack (honesty side cannot obtain expected information), the general character signing for email solutions existence by analysis GG and OS these two is attacked, propose the corrective measure avoiding this type of safety problem, and sum up the guideline of evading the attack of this type of general character when email protocol is signed in design; The people such as JosepLluisFerrer-Gomilla are while summary signs for email protocol definition, character and demand, and emphasis has set forth the reason that associated safety character is repelled mutually.(2) at trusted third party (TrustedThirdParty, TTP) intervention aspect, the people such as MaciaMut-Puigserver sign for email protocol owing to depending on third party unduly for existing, thus there is the third-party problem of the necessary unconditional trust of user, propose to introduce third party alliance signing in email protocol, this alliance to be voted generation by all third party members, the fairness making a small amount of malicious third parties cannot destroy Email to put to the proof; Because alliance only gets involved when agreement execute exception, this reduces the probability that alliance becomes communication performance bottleneck undoubtedly; Consider that TTP can form the problem of communication performance bottleneck, the people such as GiuseppeAteniese propose a kind of distributed email solutions TRICERT that signs for, adopt distributed computing technology to divide (i.e. Distributed T TP) TTP task, reduce the degree of belief (half is credible) single TTP being needed to applying; The people such as AloisPaulin are for the existing problem signed for email protocol and cannot realize because using the transnational interoperability of scope of application finite sum that formed of TTP, propose and a kind ofly sign for e-mail system without the general of TTP, this system can provide the probability of justice undeniable, on the one hand, when agreement performs, addressee progressively obtains the blocks of data in encrypting messages block chain, be that each piece of generation receives evidence, another reverse side stops addressee can obtain its expected information before the execution of Permanent interruption agreement by encryption simultaneously.(3) mutual topological in, the people such as JianyingZhou sign for for existing the problem that email protocol is confined to topology one to one, propose two optimisms and in many ways sign for email protocol, transmit leg can implement mail simultaneously with multiple recipient mutual, and transmit leg and any recipient all can termination protocol run at any time; On this basis, the people such as OnievaJ. have set forth undeniable mechanism in many ways comprehensively, comprise requirement definition and security property.(4) in agreement can be disposed, the people such as MartinAbadi propose and a kind ofly use that the online TTP's of lightweight sign for email protocol, this protocol suite fail safe, autgmentability, easily realize, can be deployed in all over the body, e-mail recipient is outside mail reader and web browser, without the need to other specific software any, simultaneously also without the need to any PKIX; RolfOppliger signs for E-mail service architectural model with TTP involvement level for cutting point summarizes, and discusses the impact that performance, trust and infrastructure are disposed particular architecture model; The people such as GuilinWang are for the existing large expense signed for email solutions and bring owing to introducing complicated cryptography, thus the problem of the mobile radio network environment of resource-constrained cannot be applied to, propose a kind of only containing 3 message steps and 4 kinds of low overhead protocol operated; ArneTauber point out when current sign for that e-mail system is of a great variety, security property is not yet reached common understanding, the interoperability that e-mail system must put forth effort resolution system is signed in large scale deployment, with the security property such as fairness, non-repudiation for classification foundation, the difference assessing and discuss current large scale deployment signs for the difference and compatibling problem that standard email and system need when reaching interoperability target to make up; On this basis, propose the interoperability standard signing for e-mail system, and for European Union give can transnational interoperability sign for email solutions.

Sign for the suppression of Email to the behavior of denial to be positioned to detect afterwards, this means that the denial behavior be detected may prove effective already, perhaps harm is brought to honest user; From safeguarding that the angle of honest user mailing system is said, the denial behavior not yet proved effective is tackled in advance, the cost that more can reduce honest user is followed the trail of in detection after already proving effective than denial behavior, but all cannot provide this type of function to sign for the credible e-mail technique that Email is representative at present.Moreover, although early warning technology has obtained ripe utilization on the potential security threat in prevention information space, especially deny the research not appearance of behavior early warning at present for safety of electronic mail early warning.

Summary of the invention

Goal of the invention: the object of the invention is to solve the deficiencies in the prior art, the Email of a kind of software-oriented define grid is provided to deny suppression system and suppressing method thereof, outside the measuring ability of denial afterwards that denial suppressing method of the present invention not only can provide similar tradition to sign for e-mail system, before Email is mutual, just can also implement source to potential denial behavior and suppress.

Technical scheme: software defined network (SoftwareDefinedNetworking, SDN) proposed in next generation internet architectural study project by Stanford University CleanSlate scientific research group at first, as a kind of organization plan changing legacy interconnect net system, SDN is once proposing the active response obtaining rapidly the Internet giants such as Google, Facebook, Microsoft, Cisco and Juniper, there is promotion SDN standardized open network foundation (OpenNetworkFoundation, ONF) P thereupon.SDN difference and the core of legacy network are network control planes and being separated of datum plane.

The Email of a kind of software-oriented of the present invention define grid denies suppression system, comprise datum plane and control plane, described datum plane is conventional e-mail interaction models, and control plane is that the denial being additional to conventional e-mail interaction models suppresses unit.

Further, described denial suppresses unit to comprise mutual evidence bundled components, mutual evidence management assembly, denies behavioral value assembly, signs for behavior evaluation assembly, signs for reliability Management Unit and the behavior of denial early warning assembly;

Described mutual evidence bundled components utilizes undeniable technology to carry out the unique association binding of behavior-evidence to the interbehavior be based upon on conventional e-mail interaction models, and binding result is submitted to mutual evidence management assembly with the form of mutual evidence;

Described mutual evidence management assembly carries out chain type management to the mutual evidence from mutual evidence bundled components, submits history evidence to denial behavioral value assembly simultaneously;

Described denial behavioral value assembly utilize from mutual evidence management component retrieves to history evidence denials detection is carried out to E-mail receiver/send behavior, and testing result submitted to the form of the behavior of signing for sign for behavior evaluation assembly;

Described behavior evaluation assembly of signing for utilizes new person's assessment technology to carry out preliminary trust evaluation to the behavior of signing for denying detection components submission, and utilize the history from signing for this Email entity that reliability Management Unit retrieves to sign for reliability sequence on this basis, trust revaluation is carried out to the entry evaluation result of the behavior of signing for, and result is fed back to the form reliably signing for reliability signs for reliability Management Unit;

Described reliability Management Unit of signing for provides the history of relevant e-mail entity to sign for reliability sequence to signing for behavior evaluation assembly, receives from signing for reliably signing for reliability revaluation result, providing up-to-date reliability of signing for for denying the early warning decision of behavior to denial behavior early warning assembly of behavior evaluation assembly;

Described denial behavior early warning assembly is up-to-dately signed for reliability from what sign for reliability Management Unit retrieval relevant e-mail entity, denial early warning order is applied to traditional Email interaction models is carried out denying suppressing in advance.

The Email that the invention also discloses a kind of software-oriented define grid denies the suppressing method of suppression system, comprises the following steps:

(1) the denial early warning stage before Email is mutual, denial behavior early warning assembly currently treats that mutual the up-to-date of Email entity signs for reliability from signing for reliability Management Unit to retrieve, be about to Email entity the Email interbehavior that carries out according to this reliability implement to deny early warning, and it is mutual that result is acted on the form denying early warning order the Email that mail inter-entity is about to carry out;

(2) the denial management phase in Email reciprocal process, mutual evidence bundled components utilizes undeniable technology to implement electronic evidence binding to the interbehavior of mail entity, and binding result is submitted to evidence management assembly with the form of mutual evidence carries out timing management;

(3) the denial detection-phase after Email is mutual, deny behavioral value assembly from evidence management assembly with the electronic evidence of the form of history evidence retrieval with epicycle Email intercorrelation, the Email entity behavior utilizing the denial arbitration technique in undeniable service just to occur epicycle is on this basis implemented to deny and is detected, and testing result is submitted to the form of the behavior of signing for and signed for behavior evaluation assembly and carry out reliability assessment;

(4) after Email is mutual, sign for reliability feedback stage, sign for behavior evaluation assembly after the preliminary reliability assessment completing the behavior of signing for, utilize and sign for the preliminary reliability assessment result of reliability sequence pair carry out signing for reliability revaluation from signing for history that reliability Management Unit retrieves, its result is submitted to the form reliably signing for reliability and is signed for reliability Management Unit and carry out timing management, the denial behavior early warning before mutual for next round Email and next round Email mutual after sign for reliability feedback.

Further, the reliability of signing in described step (1) is the degree of recognition that in e-mail system, the public signs for behavior to Email physical mail; Denial early warning order is the preliminary treatment measure to the potential denial behavior of Email entity, difference according to granularity can have different preliminary treatment measures, such as forbid that Email entity sends mail, forbids that Email entity receives mail, forbids the mutual mail of Email inter-entity, and allow the mutual mail of Email inter-entity etc.

Further, the mutual evidence in described step (2) is the digital signature for the specific interbehavior of unique association Email entity.

Further, the history evidence in described step (3) is the digital signature of the previous interbehavior of unique association Email to be detected entity; And the deception that the behavior of signing for is Email entity to be showed in mail transmission/reception problem or dishonest behavior.

Further, the Evaluation of reliability that reliability is behavior of signing for Email entity is signed in described step (4); Ordered sets during to be Email entity on previous contiguous mutual wheel sign for reliability that history signs for reliability sequence; Reliably sign for reliability be use Email entity history to sign for the current preliminary reliability assessment result signing for behavior of reliability sequence pair Email entity carries out obtaining after revaluation calculates to the current final Evaluation of reliability signing for behavior.

Beneficial effect: compared with prior art, the present invention has the following advantages:

(1) the present invention compensate for existing mail technique of signing for and can only deny to Email the deficiency that behavior suppresses afterwards alternately, provide the suppression technology in advance of denial behavior innovatively, also achieve suppression in advance and working in coordination with of afterwards suppressing based on the principle of closed loop feedback simultaneously, ensure the interests of honest mail user to greatest extent;

(2) early warning is the key that denial behavior suppresses in advance, first the denial behavior of Email entity on mail transmission/reception and dishonest behavior Unify legislation are the behavior of signing for by the present invention for this reason, on this basis by reliability assessment technology, innovatively the behavior of signing for is quantified as Email physical mail transmitting-receiving denial degree can consistently be described sign for reliability, and this is signed for reliability denies early warning decision-making foundation as Email;

(3) the present invention does not destroy traditional Email interaction models to the suppression that Email denies behavior, this make based on the present invention realize system can be compatible well with the electronic mail network infrastructure of current widespread deployment, enormously simplify system dispose cost and complexity.

Accompanying drawing explanation

Fig. 1 is present system structure and process chart;

Fig. 2 is the network design figure of the embodiment of the present invention;

Fig. 3 is the denial behavior injection model schematic diagram of the embodiment of the present invention;

Fig. 4 signs for reliability susceptibility under situation is denied in the nothing collusion of the embodiment of the present invention to compare schematic diagram;

Fig. 5 signs for reliability susceptibility under situation is denied in the collusion of the embodiment of the present invention to compare schematic diagram;

Fig. 6 is that the collusion of the embodiment of the present invention is denied signing for reliability susceptibility influence power schematic diagram;

Fig. 7 is the denial behavior inhibition schematic diagram in advance of the embodiment of the present invention;

Fig. 8 is the denial behavior rejection ability schematic diagram in advance of the embodiment of the present invention.

Embodiment

Below technical solution of the present invention is described in detail in conjunction with the accompanying drawings and embodiments.

As shown in Figure 1, the Email of a kind of software-oriented of the present invention define grid denies suppression system, follow the software defined network thought controlling to peel off mutually with data, comprise datum plane and control plane, described datum plane is conventional e-mail interaction models, and control plane is that the denial being additional to conventional e-mail interaction models suppresses unit.

Wherein, deny suppression unit to comprise mutual evidence bundled components, mutual evidence management assembly, deny behavioral value assembly, sign for behavior evaluation assembly, sign for reliability Management Unit and the behavior of denial early warning assembly;

Mutual evidence bundled components utilizes undeniable technology to carry out the unique association binding of behavior-evidence to the interbehavior be based upon on conventional e-mail interaction models, and binding result is submitted to mutual evidence management assembly with the form of mutual evidence;

Mutual evidence management assembly carries out chain type management to the mutual evidence from mutual evidence bundled components, submits history evidence to denial behavioral value assembly simultaneously;

Deny behavioral value assembly utilize from mutual evidence management component retrieves to history evidence denials detection is carried out to E-mail receiver/send behavior, and testing result submitted to the form of the behavior of signing for sign for behavior evaluation assembly;

Signing for behavior evaluation assembly utilizes trust evaluation technology to carry out preliminary trust evaluation to the behavior of signing for denying detection components submission, and utilize the history from signing for this Email entity that reliability Management Unit retrieves to sign for reliability sequence on this basis, trust revaluation is carried out to the entry evaluation result of the behavior of signing for, and result is fed back to the form reliably signing for reliability signs for reliability Management Unit;

Sign for reliability Management Unit to provide the history of relevant e-mail entity to sign for reliability sequence to signing for behavior evaluation assembly, receive from signing for reliably signing for reliability revaluation result, providing up-to-date reliability of signing for for denying the early warning decision of behavior to denial behavior early warning assembly of behavior evaluation assembly;

Denial behavior early warning assembly is up-to-dately signed for reliability from what sign for reliability Management Unit retrieval relevant e-mail entity, denial early warning order is applied to traditional Email interaction models is carried out denying suppressing in advance.

Deny in suppression system at above-mentioned Email, denial management from the mutual front denial early warning of Email, reciprocal process, denial after mutual detects and signs for reliability feedback, whole process make Email become alternately a closed loop self feed back denial suppress system, meet Email mutual without denial demand.

The Email that the invention also discloses a kind of software-oriented define grid denies the suppressing method of suppression system, comprises the following steps:

(1) the denial early warning stage before Email is mutual, denial behavior early warning assembly currently treats that mutual the up-to-date of Email entity signs for reliability from signing for reliability Management Unit to retrieve, be about to Email entity the Email interbehavior that carries out according to this reliability implement to deny early warning, and it is mutual that result is acted on the form denying early warning order the Email that mail inter-entity is about to carry out;

Wherein, sign for reliability and refer to that in e-mail system, the public signs for the degree of recognition of behavior to Email physical mail; Denial early warning order refers to the preliminary treatment measure to the potential denial behavior of Email entity, difference according to granularity can have different preliminary treatment measures, such as forbid that Email entity sends mail, forbids that Email entity receives mail, forbids the mutual mail of Email inter-entity, and allow the mutual mail of Email inter-entity etc.;

(2) the denial management phase in Email reciprocal process, mutual evidence bundled components utilizes undeniable technology to implement electronic evidence binding to the interbehavior of mail entity, and binding result is submitted to evidence management assembly with the form of mutual evidence carries out timing management; This mutual evidence is the digital signature for the specific interbehavior of unique association Email entity;

(3) the denial detection-phase after Email is mutual, deny behavioral value assembly from evidence management assembly with the electronic evidence of the form of history evidence retrieval with epicycle Email intercorrelation, the Email entity behavior utilizing the denial arbitration technique in undeniable service just to occur epicycle is on this basis implemented to deny and is detected, and testing result is submitted to the form of the behavior of signing for and signed for behavior evaluation assembly and carry out reliability assessment; Wherein, history evidence refers to the digital signature of the previous interbehavior of unique association Email to be detected entity, and the deception that the behavior of signing for is Email entity to be showed in mail transmission/reception problem or dishonest behavior;

(4) after Email is mutual, sign for reliability feedback stage, sign for behavior evaluation assembly after the preliminary reliability assessment completing the behavior of signing for, utilize and sign for the preliminary reliability assessment result of reliability sequence pair carry out signing for reliability revaluation from signing for history that reliability Management Unit retrieves, its result is submitted to the form reliably signing for reliability and is signed for reliability Management Unit and carry out timing management, denial behavior early warning before mutual for next round Email and next round Email mutual after sign for reliability feedback, herein sign for the Evaluation of reliability that reliability is behavior of signing for Email entity, ordered sets during to be Email entity on previous contiguous mutual wheel sign for reliability that history signs for reliability sequence, reliably sign for reliability be use Email entity history to sign for the current preliminary reliability assessment result signing for behavior of reliability sequence pair Email entity carries out obtaining after revaluation calculates to the current final Evaluation of reliability signing for behavior.

Core link in said process is the binding of mutual evidence, denies behavioral value, signs for behavior evaluation and the behavior of denial early warning, and the specific works principle of these four core links is as follows:

(1) in mutual evidence binding, for supporting group sending of email (single-shot being considered as the special case mass-sended herein), the present invention adopts the in many ways undeniable evidence binding technology possessing one-to-many topological structure.The method of mutual evidence binding is: information to be sent is divided into two pieces: encryption key and ciphertext, is the mutual and cipher key interaction of ciphertext by mail reciprocal decomposition; First ciphertext and signature NRO (Non-RepudiationOrigin) are sent to recipient by transmit leg, concomitantly key and signature Sub (Submission) are sent to TTP (TrustThirdParty) simultaneously; Respond with signature NRR (Non-RepudiationReceipt) after recipient receives this ciphertext; It is published in public directory by TTP after receiving key together with signature Con (Confidence), and such recipient just can obtain key from TTP thus decrypt expressly, and transmit leg also can from retrieving Con and being preserved.

The symbol related to when describing mutual evidence binding procedure is described below:

X ╟/(╢) Y:[M] entity X to/(from) entity Y transmission/(acquisition) information M;

S, R, R ', Ri e-mail sending, recipient's set, recipient's subclass, recipient member;

Entity public key set in uRi, uRRi PKI, R;

SigB _xB(M), MB _iBx implements signature, s for sending to the specific mail of Ri expressly to mail M;

C=EB _kB(M), M=DB _kB(C) with key K encrypting messages M obtain ciphertext C, deciphering C obtain plaintext M;

H (), EB _rB() one-way hash function, group's encryption function (its ciphertext can only be deciphered by member in R).Concrete mutual evidence binding, as shown in process 1, is described below:

Process 1.BbindE//behavior-evidence binding procedure

Input: s, R={RB _iB| l≤i≤| R|}, M={MB _iB| l≤i≤| R|}, TTP;

Export: behavior-evidence binding result;

begin

// step 1-5 is system initialization

1.s and each Ri initialization counter CounterB separately _sB← 0 and CounterB _riB← 0;

2.s and each Ri select time section tB separately _sBand tB _riB, preserve SubB for definition of T TP _kBand NRRB _iBtime limit;

3.TTP selects information announcement duration tB _0B;

4.s is that each Ri selects random number nB _iB, and calculate xB _iB← EB _uRiB(nB _iB);

5.s selects key K, for each Ri calculates and cB _iB← EB _kiB(MB _iB);

// step 6-9 is for implementing binding

6.s ╟ Ri:[Ri, tB _sB, lB _iB, cB _iB, xB _iB, uRi, NROB _iB]; // in R entity mass-sending ciphertext, can with step 6' concurrence performance

6'.s ╟ TTP:[R, tB _sB, L, EB _rB(K), NRO, CounterB _sB++, SubB _kB]; // submit key to

7.Ri ╟ TTP:[s, lB _iB, xB _iB, uRi, tB _riB, NROB _iB, CounterB _riB++, NRRB _iB]; // application receives key

8.s ╢ TTP:[s, R ', L ', T, tB _sB, tSetB _{r ' B}, EB _{r ' B}(EB _rB(K)), NRR, ConB _kB]; // retrieval key receives evidence

9.Ri ╢ TTP:[s, R ', L ', T, tB _sB, tSetB _{r ' B}, EB _{r ' B}(EB _rB(K)), NRR, ConB _kB]; // obtain key

// step 10 is binding result feedback

10. homing behavior evidence binding result.

end

Relevant field information is described below:

lB _iB＝h(s,Ri,TTP,h(cB _iB),h(K))，L＝{lB _iB|Ri∈R∧l≤i≤|R|}，L′＝{lB _iB|Ri∈R′∧l≤i≤|R′|}

NROB _iB＝SigB _sB(Ri,lB _iB,xB _iB,uRi,tB _sB,h(cB _iB))，NRO＝{NROB _iB|Ri∈R∧1≤i≤|R|}

NRRB _iB＝SigB _RiB(s,lB _iB,xB _iB,uRi,tB _RiB,cB _iB,NRO,CounterB _RiB)，

SubB _KB＝SigB _sB(R,L,tB _sB,EB _RB(K),NRO,CounterB _sB)，tSetB _{R′ B}＝{tB _RjB|1≤j≤|R′|}

ConB _KB＝SigB _TTPB(s,R′,L′,T,tB _sB,tSetB _R′B,EB _R’B(EB _RB(K)),NRO,NRR)

Said process can guarantee that mail transmission/reception Fang Junneng obtains behavior of the signing for evidence of the other side, and namely s obtains the mail reception evidence { NRRB of Ri _iB, ConB _kB, Ri obtains the mail sending evidence { NROB of s _iB, ConB _kB.

(2) on denial behavioral value, the transmission for Email is denied behavior and is received denial behavior, and the present invention can adopt the following two kinds detection algorithm to investigate respectively:

Detection algorithm is denied in algorithm 1Check-Origin//transmission

Input: ConB _kB, NROB _iB, TTP, Ri, s, CounterB _sB, CounterB _riB, cB _iB, MB _iB, K, lB _iB

Export: isOrigin//whether deny transmission

begin

1.Kfroms←0；cB _iBfroms←0；legreceiver←0；noreplay←0；legrnd←0；rightcipher←0；isOrigin←0；

2.ifConB _kBthe signature thenKfromsB of isTTP _b← 1; //s submitted K to TTP

3.ifNROB _iBthe signature thencB of iss _iBfromsB _b← 1; The cB that //Ri receives _iBsent by s

4.ifRibelongstoR ' thenlegreceiver ← 1; //Ri is effective recipient

5.ifCounterB _riB==CounterB _sBthennoreplay ← 1; //s and Ri does not all reset the other side's message

6.iflB _iB==h (s, Ri, TTP, h (cB _iB), h (K)) thenlegrnd ← 1; //lB _iBit is legal agreement wheel mark

7.ifcB _iB==EB _kiB(MB _iB) thenrightcipher ← 1; //cB _iBit is correct ciphertext

8.ifKfromsB _b* cB _iBfromsB _b* legreceiver*noreplay*legrnd*rightcipherthenisOrigin ← 1; //s sent MB _iBto Ri

9.returnisOrigin；

end

Detection algorithm is denied in algorithm 2Check-Receipt//reception

Input: ConB _kB, NROB _iB, NRRB _iB, TTP, Ri, s, CounterB _sB, CounterB _riB, cB _iB, MB _iB, K, lB _iB

Export: isReceipt//whether deny reception

begin

1.cangetK←0；getcipher←0；truecipher←0；legreceiver←0；noreplay←0；legrnd←0；rightcipher←0；isReceipt←0；

2.ifConB _kBthe signature thencangetKB of isTTP _b← 1; //Ri can obtain ki

3.ifNRRB _iBsignature thengetcipher ← 1 of isRi; //Ri receives cB _iBand be willing to obtain ki from TTP

4.ifNROB _iBsignature thentruecipher ← 1 of iss; //cB _iBgenuine

5.ifRibelongstoR ' thenlegreceiver ← 1; //Ri is effective recipient

6.ifCounterB _riB==CounterB _sBthennoreplay ← 1; // there is not message-replay

7.iflB _iB==h (s, Ri, TTP, h (cB _iB), h (K)) thenlegrnd ← 1; // agreement wheel is legal

8.ifcB _iB==EB _kiB(MB _iB) thenrightcipher ← 1; //cB _iBit is correct ciphertext

9.ifKfromsB _b* cB _iBfromsB _b* legreceiver*noreplay*legrnd*rightcipherthenisReceipt ← 1; //Ri received the MB that s sends _iB

10.returnisReceipt；

end

(3) signing in behavior evaluation, the present invention uses and signs for reliability to carry out unified quantization.

In the present invention, the assessment of signing for reliability is carried out in two steps, comprise and initially sign for reliability calculating and sign for reliability revaluation.

One, initially signs for reliability CRB _tBcalculate, assess according to denying testing result, subscript t is for identifying the assessment moment;

Its two, reliability TVB is signed in revaluation _tBcalculate, in order to make to sign for, reliability approaches entity to be assessed truly signs for behavior, adopts herein and signs for reliability revaluation model as follows to initially signing for reliability RB _tBimplement revaluation:

TVB _tB=α * CRB _tB+ β * HB _tB+ γ * DB _tB+ δ * DB _tB* | SDB _tB| (formula 1)

As shown in Equation 1, the present invention utilizes four kinds of data (initially to sign for reliability CRB _tB, history signs for reliability HB _tB, sign for reliability fluctuation ratio DB _tB, sign for reliability fluctuation tendency SDB _tB) come CRB _tBcarry out revaluation, what make revaluation reliability more approach entity from 5 angles truly signs for behavior, and first is by γ * DB _tBweighted calculation measures the burst fluctuation (from jumping as denying without denying, jumping as nothing is denied from denial) of the behavior of signing for; Second is by β * HB _tB+ γ * DB _tB+ δ * DB _tB* | SDB _tB| weighted calculation distinguishes improvement (being tending towards without denying) and the deterioration (being tending towards denying) that entity signs for behavior; 3rd is by α * CRB _tB+ β * HB _tBweighted calculation tolerates unconscious wrong denial behavior, and consistently reflect entity truly sign for behavior; 4th is by γ * DB _tB+ δ * DB _tB* | SDB _tB| weighted calculation strengthens signs for the ageing of reliability assessment.Weight coefficient α in formula 1, beta, gamma and δ all between 0 and 1, component HB _tB, DB _tB, SDB _tBcomputational methods as follows:

${\mathrm{HB}}_{\mathrm{tB}}=\frac{1}{\mathrm{LH}}*\underset{t-\mathrm{LH}}{\overset{t-1}{\∫}}{\mathrm{CR}}_x{d}_x\≈\underset{k=t-\mathrm{LH}}{\overset{t-1}{\mathrm{\Σ}}}{\mathrm{CR}}_k*{\mathrm{\ρ}}^{t-(k+1)}/\underset{i=t-\mathrm{LH}}{\overset{t-1}{\mathrm{\Σ}}}{\mathrm{\ρ}}^{t-(i+1)}$ (formula 2)

In above-mentioned formula 2, ρ (0< ρ≤1) and LH is respectively the concern Summing Factor previously signing for reliability and pays close attention to number of time slots.

${\mathrm{DB}}_{\mathrm{tB}}=\sqrt{\underset{k=t-\mathrm{LH}}{\overset{t-1}{\mathrm{\&Sigma;}}}{({\mathrm{CR}}_k-\underset{i=t-\mathrm{LH}}{\overset{t-1}{\mathrm{\&Sigma;}}}{\mathrm{CR}}_i/\mathrm{LH})}^2/\mathrm{LH}}\&ap;{\mathrm{CRB}}_{\mathrm{tB}}-{\mathrm{HB}}_{\mathrm{tB}}$ (formula 3)

${\mathrm{SDB}}_{\mathrm{tB}}=\sqrt{\underset{k=t-\mathrm{LDH}}{\overset{t-1}{\mathrm{\&Sigma;}}}{(D_k-\underset{i=t-\mathrm{LDH}}{\overset{t-1}{\mathrm{\&Sigma;}}}{D}_i/\mathrm{LDH})}^2/\mathrm{LDH}}\&ap;{\mathrm{DB}}_t$ ${\mathrm{}}_B-\underset{k=t-\mathrm{LDH}}{\overset{t-1}{\mathrm{\&Sigma;}}}{D}_k*{\mathrm{\&theta;}}^{t-(k+1)}/\underset{i=t-\mathrm{LDH}}{\overset{t-1}{\mathrm{\&Sigma;}}}{\mathrm{\&theta;}}^{t-(i+1)}$ (formula 4)

In above-mentioned formula 4, θ (0< θ≤1) and LDH is respectively the concern Summing Factor previously signing for reliability fluctuation ratio and pays close attention to number of time slots.

LH in formula 2, LDH in formula 4, and α in formula 1, beta, gamma and δ arrange as follows respectively:

1) LH and LDH is set to the vibration time slot size that malious email entity strategy denies behavior usually;

2) beta/alpha is proportional to LH usually;

3) arrange $\mathrm{\&gamma;}=\left\{\begin{array}{cc}{\mathrm{\&gamma;}}_1,& D_t\&GreaterEqual;0\\ {\mathrm{\&gamma;}}_2,& D_t<0\end{array}\right.;{\mathrm{\&gamma;}}_1\&le;{\mathrm{\&gamma;}}_2$ (formula 5)

4) arrange $\mathrm{\&delta;}=\left\{\begin{array}{cc}{\mathrm{\&delta;}}_1,& D_t*{\mathrm{SD}}_t<0\\ {\mathrm{\&delta;}}_2,& D_t*{\mathrm{SD}}_t\&GreaterEqual;0\end{array}\right.;{\mathrm{\&delta;}}_1\&le;{\mathrm{\&delta;}}_2$ (formula 6)

(4) in denial behavior early warning, the present invention carries out early warning decision according to signing for reliability,

Sign in the present invention reliability threshold values (CertifiedReputationThreshold, CRT) refer to Email entity x t take turns Email mutual in sign for reliability threshold values, and CRTB _tB(x) be Email entity patient the minimum of other Email entity sign for reliability.

Suppose TVB _tB(x) and CRTB _tBx () is signing for reliability and signing for reliability threshold values of the mutual front mail entity x of t wheel respectively, s is e-mail sending, R={RB _1B, RB _2B..., RB _{| R|B}be the set of mail reception side, then the denial prediction policy that the present invention uses is:

(formula 7)

In above formula, PI, IS, PR and II represent respectively and can normally mutual, transmission deny, receive denial, transmitting-receiving denial.

Embodiment:

For setting forth the actual inhibition of the present invention to the behavior of denial further, set up a real Email in the present embodiment and deny suppression system RIMail, building of this system employs Open-Source Tools OpenFlow, and uses Email of the present invention denial suppressing method to carry out denial suppression.

As shown in Figure 2, the structure of the RIMail system in the present embodiment relates to 5 PC, wherein: pc0 is as OpenFlow controller (installation increase income POX controller), run RIMail controller (denial namely in the present invention suppresses unit) thereon, be responsible to define Email and deny suppression strategy alternately, and Policy Result is distributed OpenFlow switch by OpenFlow agreement by escape way; Pc1 and pc2 is as OpenFlow switch (install Mininet and OpenvSwitch), and the Email distributed according to controller is denied suppression strategy alternately and formed e-mail data and pass alternating-current meter, and exchange e-mails data accordingly; Pc3 is as email client (installing the e-mail client software NRMail of customization), and main task has two, and one is smtp and the pop3 client functionality realizing Traditional E-mail System; Two is the SOCKET communication of intercepting and capturing conventional e-mail data interaction, and it is submitted to RIMail controller by control channel; Pc4, as mail service end (installing winmail5.1.1 mail service), provides smtp and pop3 to serve simultaneously.

In the present embodiment, the experiment parameter of RIMail system arranges as follows:

A, mail entity total amount are 1025, and wherein honest entity is 4:1 with the ratio of malicious entities quantity; Honest entity is not denied, is not conspired, do not calumniate other people with other people; Malicious entities can show tactful denial behavior, can implement collusion each other because of private interests, and the honest entity that spreads vicious gossip;

B, initially sign for reliability RB _tBsimple computation is, if testing result is for denying, then and RB _tB=0.1, otherwise RB _tB=1;

The strategy of C, honest entity and malicious entities denies behavior injection model as shown in Figure 3, and vibration time slot is set to 10 timeslices (being namely set to 20 timeslices cycle of oscillation);

D, setting sign for reliability calculating parameter α=0.2, β=0.8, γ B _1B=0.05, γ B _2B=0.2, δ B _1B=0.05, δ B _2B=0.2, LH=LDH=10.

RIMail service data 1---sign for the sensitivity analysis of reliability to the behavior of denial:

Based on the denial behavior injection model shown in Fig. 3, Fig. 4 gives and denies honest entity under situation without collusion in RIMail system and sign for reliability (calumniated and without calumny) and malicious entities signs for reliability ([ρ=1, θ=1], [ρ=1, θ=0.75], [ρ=0.75, θ=1] and [ρ=0.75, θ=0.75]) fluctuation situation; Correspond, Fig. 5 gives malicious entities collusion and denies honest entity under situation and malicious entities signs for reliability fluctuation situation, can find out, what the existence of malicious entities libel action on the one hand can reduce honest entity signs for reliability; Although on the other hand under four kinds of history attention rates malicious entities make a profit (namely abuse sign for reliability have an eye to the main chance and recovery sign for reliability pay the difference of cost) substantially equal, but ρ less (namely reducing the attention rate to previously initially signing for reliability) and θ comparatively greatly (namely improving the attention rate to previously signing for reliability fluctuation ratio) time, sign for reliability more responsive to denial behavior.

Fig. 6 analyzes malicious entities collusion further and denies impact on signing for reliability susceptibility and causing, can find out, four groups of ([ρ=1, θ=1], [ρ=1, θ=0.75], [ρ=0.75, θ=1] and [ρ=0.75, θ=0.75]) under different attention rate, the enforcement of collusion all can make: (1) susceptibility when behavior worsens reduces; (2) when behavior improves, susceptibility improves; (3) malicious entities profit can promote.

RIMail service data 2---deny behavior inhibition analysis in advance:

With sign for compared with e-mail model, the valuable feature of EmRIM is can detect denial behavior in advance and implements source and suppresses, for this reason, the present embodiment with history attention rate [ρ=1, θ=0.75] for example is evaluated and tested the denial inhibition in advance of RIMail system.To arrange threshold coefficient be 0.8 (namely sign for reliability threshold values=sign for reliability * 0.8), and Fig. 7 gives mail mutual total amount when rising to 10000 times from 0 time by step-length 20, send in RIMail deny, receive deny, transmitting-receiving denies and without denial situation.From overall trend, having/[nothing] conspire and have/under [nothing] calumniates four kinds of occasions, along with the carrying out that denial behavior suppresses in advance, send denial in RIMail, receive denial and receive and dispatch the proportion denied and sharply reduce, sharply rise without denying mutual proportion, this shows EmRIM Be very effective on denial behavior suppresses in advance, greatly can promote the mutual credibility of Email.

RIMail service data 3---deny behavior rejection ability analysis in advance:

Suppress the analysis of denial ability to intend the three kinds of gauges adopting assessment grader conventional to EmRIM: recall ratio (Recall), precision ratio (Precision) and harmonic-mean (F-measure) in advance.

If in mail interbehavior sample to be detected, TP is the sample number be correctly validated as denying behavior, and FN is the sample number being mistaken for dishonest behavior, and FP is the sample number being mistaken for denial behavior, then three conventional tolerance are respectively:

(1) behavior recall ratio is denied: R=TP/ (TP+FN);

(2) behavior precision ratio is denied: P=TP/ (TP+FP);

(3) harmonic-mean: F=2*P*R/ (P+R).

ρ=1 is set, θ=0.75, threshold coefficient be 0.8, Fig. 8 analyze EmRIM having/[nothing] conspire and have/[nothing] calumniate denial behavior rejection ability in advance under four kinds of occasions.Can find out, although recall ratio mean value maintains about 0.4 (under-enumeration part will be detected) in advance afterwards, but precision ratio is high in advance, and obtain good harmonic-mean, this shows that EmRIM possesses certain denial behavior rejection ability in advance.

Claims (7)

1. the Email of a software-oriented define grid denies suppression system, it is characterized in that: comprise datum plane and control plane, described datum plane is conventional e-mail interaction models, and control plane is that the denial being additional to conventional e-mail interaction models suppresses unit.

2. the Email of software-oriented according to claim 1 define grid denies suppression system, it is characterized in that: described denial suppresses unit to comprise mutual evidence bundled components, mutual evidence management assembly, denies behavioral value assembly, signs for behavior evaluation assembly, signs for reliability Management Unit and the behavior of denial early warning assembly;

Described mutual evidence bundled components utilizes undeniable technology to carry out the unique association binding of behavior-evidence to the interbehavior be based upon on conventional e-mail interaction models, and binding result is submitted to mutual evidence management assembly with the form of mutual evidence;

Described mutual evidence management assembly carries out chain type management to the mutual evidence from mutual evidence bundled components, submits history evidence to denial behavioral value assembly simultaneously;

Described denial behavioral value assembly utilize from mutual evidence management component retrieves to history evidence denials detection is carried out to E-mail receiver/send behavior, and testing result submitted to the form of the behavior of signing for sign for behavior evaluation assembly;

Described behavior evaluation assembly of signing for utilizes reliability assessment technology to carry out preliminary trust evaluation to the behavior of signing for denying detection components submission, and utilize the history from signing for this Email entity that reliability Management Unit retrieves to sign for reliability sequence on this basis, trust revaluation is carried out to the entry evaluation result of the behavior of signing for, and result is fed back to the form reliably signing for reliability signs for reliability Management Unit;

Described reliability Management Unit of signing for provides the history of relevant e-mail entity to sign for reliability sequence to signing for behavior evaluation assembly, receives from signing for reliably signing for reliability revaluation result, providing up-to-date reliability of signing for for denying the early warning decision of behavior to denial behavior early warning assembly of behavior evaluation assembly;

Described denial behavior early warning assembly is up-to-dately signed for reliability from what sign for reliability Management Unit retrieval relevant e-mail entity, denial early warning order is applied to traditional Email interaction models is carried out denying suppressing in advance.

3. the Email of the software-oriented define grid as described in claim 1 and 2 any one denies a suppressing method for suppression system, it is characterized in that: comprise the following steps:

(1) the denial early warning stage before Email is mutual, denial behavior early warning assembly currently treats that mutual the up-to-date of Email entity signs for reliability from signing for reliability Management Unit to retrieve, be about to Email entity the Email interbehavior that carries out according to this reliability implement to deny early warning, and it is mutual that result is acted on the form denying early warning order the Email that mail inter-entity is about to carry out;

(2) the denial management phase in Email reciprocal process, mutual evidence bundled components utilizes undeniable technology to implement electronic evidence binding to the interbehavior of mail entity, and binding result is submitted to evidence management assembly with the form of mutual evidence carries out timing management;

(3) the denial detection-phase after Email is mutual, deny behavioral value assembly from evidence management assembly with the electronic evidence of the form of history evidence retrieval with epicycle Email intercorrelation, the Email entity behavior utilizing the denial arbitration technique in undeniable service just to occur epicycle is on this basis implemented to deny and is detected, and testing result is submitted to the form of the behavior of signing for and signed for behavior evaluation assembly and carry out reliability assessment;

(4) after Email is mutual, sign for reliability feedback stage, sign for behavior evaluation assembly after the preliminary reliability assessment completing the behavior of signing for, utilize and sign for the preliminary reliability assessment result of reliability sequence pair carry out signing for reliability revaluation from signing for history that reliability Management Unit retrieves, its result is submitted to the form reliably signing for reliability and is signed for reliability Management Unit and carry out timing management, the denial behavior early warning before mutual for next round Email and next round Email mutual after sign for reliability feedback.

4. the Email of software-oriented according to claim 3 define grid denies the suppressing method of suppression system, it is characterized in that: the reliability of signing in described step (1) is the degree of recognition that in e-mail system, the public signs for behavior to Email physical mail; Denial early warning order is the preliminary treatment measure to the potential denial behavior of Email entity, and the difference according to granularity can have different preliminary treatment measures.

5. the Email of software-oriented according to claim 3 define grid denies the suppressing method of suppression system, it is characterized in that: the mutual evidence in described step (2) is the digital signature for the specific interbehavior of unique association Email entity.

6. the Email of software-oriented according to claim 3 define grid denies the suppressing method of suppression system, it is characterized in that: the history evidence in described step (3) is the digital signature of the previous interbehavior of unique association Email to be detected entity; And the deception that the behavior of signing for is Email entity to be showed in mail transmission/reception problem or dishonest behavior.

7. the Email of software-oriented according to claim 3 define grid denies the suppressing method of suppression system, it is characterized in that: sign for the Evaluation of reliability that reliability is behavior of signing for Email entity in described step (4); Ordered sets during to be Email entity on previous contiguous mutual wheel sign for reliability that history signs for reliability sequence; Reliably sign for reliability be use Email entity history to sign for the current preliminary reliability assessment result signing for behavior of reliability sequence pair Email entity carries out obtaining after revaluation calculates to the current final Evaluation of reliability signing for behavior.