CN105450502B - The Email that software-oriented defines network denies suppression system and its suppressing method - Google Patents

The Email that software-oriented defines network denies suppression system and its suppressing method Download PDF

Info

Publication number
CN105450502B
CN105450502B CN201410482740.3A CN201410482740A CN105450502B CN 105450502 B CN105450502 B CN 105450502B CN 201410482740 A CN201410482740 A CN 201410482740A CN 105450502 B CN105450502 B CN 105450502B
Authority
CN
China
Prior art keywords
email
reliability
behavior
evidence
interaction
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201410482740.3A
Other languages
Chinese (zh)
Other versions
CN105450502A (en
Inventor
韩志耕
陈耿
王良民
朱玉全
谢晴晴
景波
刘林源
王瑜
韩冰青
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
NANJING AUDIT UNIVERSITY
Original Assignee
NANJING AUDIT UNIVERSITY
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by NANJING AUDIT UNIVERSITY filed Critical NANJING AUDIT UNIVERSITY
Priority to CN201410482740.3A priority Critical patent/CN105450502B/en
Publication of CN105450502A publication Critical patent/CN105450502A/en
Application granted granted Critical
Publication of CN105450502B publication Critical patent/CN105450502B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Information Transfer Between Computers (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present invention, which discloses a kind of software-oriented and defines the Email of network, denies suppression system and its suppressing method, traditional Email interaction models are considered as data plane, inhibit unit as control plane using denying, to realize that Email is denied can inhibit of behavior, can be managed, including interaction evidence bundled components, interaction evidence management component, behavioral value component denied, sign for behavior evaluation component, sign for reliability management assembly, and denies behavior early warning component.It denies and inhibiting in frame in the Email, the denial management denied in early warning, interactive process before Email interaction, denial after to interaction detects and signs for reliability feedback, whole process make Email interaction as a closed loop self feed back denial suppression system, meet Email interaction without denial demand.The present invention neither destroys traditional Email interaction models, and can accomplish that denial in advance inhibits.

Description

The Email that software-oriented defines network denies suppression system and its suppressing method
Technical field
The present invention relates to network safety fileds, and in particular to a kind of software-oriented defines the Email denial inhibition of network System and its suppressing method.
Background technology
As a kind of cross-platform universal distributed system under heterogeneous network environment, Email is along with the general of internet And have become a kind of most commonly used network application;But problem is denied in the transmitting-receiving at the same time, to concern with safety of electronic mail Just causing the extensive concern of industry successively, including mail send deny (malice sender denies and was once transmitted across the mail afterwards) and Mail reception is denied (malice recipient denies and once received the mail afterwards).In con-ventional post system, mail is inhibited to deny The conventional means of problem is that the postal increasing for being known as vouchered postal material is provided for vital document (contract, contract, bidding documents, subpoena etc.) Value service, postal operator prove that mailer sent the mail, by connecing in sometime point by providing mail to evidence It receives human hand to sign to prove that the mail is successfully submitted, implements tracking to deny behavior to mail transmission/reception afterwards.In electronics In the world, due to the missing of electronic communication system quoting ability so that PEM (Privacy Enhanced Mail), MOSS (MIME Object Security Services)、S/MIME(Secure/Multipurpose Internet Mail Extensions it) is although capable of providing integrality with the safety of electronic mail agreement such as PGP (Pretty Good Privacy), recognizes Card property and confidentiality, but non-repudiation can not be provided;RFC 2634(Enhanced Security Services for S/MIME, ESS-S/MIME) by S/MIME introduce sign for evidence attempt solve E-mail receiver/send undeniably lack The problem of, but the standard is established on honest addressee (recipient can return to receipt surely) assumes, and this leads in real world Often it cannot be satisfied.
The existing major technique that denial is taken precautions against in the Email world is to sign for Email, and the technology is by distrusting Receiving-transmitting sides between liberally exchange e-mail messages and resisting denying evidence and traced with ensureing to receive and dispatch denial behavior.As one A challenge, since J.Zhou in 1996 et al. and R.Deng et al. have begun one's study since signing for e-mail technique, closely Emerged over 18 years it is large quantities of sign for email solutions, representing sex work has:(1) in terms of protocol security property satisfaction, Kremer S. et al. discuss the undeniable problem of information exchange comprehensively for the first time, and it is necessary to give fair non-repudiation protocol The fundamental property of satisfaction;Jose Onieva et al. sign for email protocol for quick optimism and do not have time-bounded problem, Propose a kind of asynchronous time-bounded technology;Changshe Ma et al. point out to sign for electronics using the RSA-CEMD optimisms of transparent TTP There are recipients can restore ciphertext (being verified by all senders) of signing by invalid can verify that is sent for mail protocol The problem of cheating sender's (recipient can be properly received email message, and sender obtains less than signing for evidence), to propose one Kind modified version, compensates for the fairness defect of former agreement;Min-Hua Shao et al. sign for email protocol for numerous There are malicious parties to cheat honesty side by attack, and (honesty side can not obtain expected letter the problem of to bring fairness to lack Breath), by analysis GG and OS, the two sign for general character attack existing for email solutions, it is proposed that avoid such safety problem Corrective measure, and sum up the guideline that design signs for evading when email protocol such general character attack;Josep While summary signs for email protocol definition, property and demand, emphasis illustrates Lluis Ferrer-Gomilla et al. Associated safety property mutually exclusive reason.(2) in the intervention side trusted third party (Trusted Third Party, TTP) Face, Macia Mut-Puigserver et al. are directed to existing email protocol of signing for due to depending on third party unduly, to deposit It must unconditionally trust third-party problem in user, propose to introduce third party alliance, the connection in signing for email protocol Alliance is voted by all third party members and is generated so that a small amount of malicious third parties can not destroy the fairness of Email proof;By It is only intervened when agreement executes abnormal in alliance, this, which undoubtedly reduces alliance, becomes the probability of communication performance bottleneck;In view of TTP can shape The problem of at communication performance bottleneck, Giuseppe Ateniese et al., which are proposed, a kind of distributed signs for email solutions TRICERT is divided (i.e. Distributed T TP) to TTP tasks using distributed computing technology, reduces and need to apply to single TTP Degree of belief (half is credible);Alois Paulin et al. make for existing email protocol of signing for because using TTP to be formed by With the problem of cannot achieve with transnational interoperability that be limited in scope, it is proposed that a kind of the general of no TTP signs for e-mail system, should It is undeniable that system is capable of providing fair probability, on the one hand, addressee gradually obtains in encryption message blocks chain when agreement executes Block number evidence, while for each block generate receive evidence, another reverse side by encryption prevent addressee can be in Permanent interruption agreement Its expected information is obtained before executing.(3) in terms of interaction topology, Jianying Zhou et al. sign for Email for existing Agreement is confined to the problem of one-to-one topology, it is proposed that two optimisms sign for email protocol in many ways, sender can simultaneously with Multiple recipients implement mail interaction, and sender and arbitrary recipient termination protocol can run at any time;In this base On plinth, Onieva J. et al. elaborate multi-party undeniable mechanism, including requirement definition and security property comprehensively.(4) in agreement Can dispose aspect, Martin Abadi et al. propose it is a kind of signing for email protocol using the online TTP of lightweight, the association View integrate safety, autgmentability, easily realize, can dispose, e-mail recipient except mail reader and web browser, Without any other specific software, while without any Public Key Infrastructure;Rolf Oppliger are with TTP involvement levels It is summarized for point of penetration and signs for E-mail service architectural model, discuss performance, trust and infrastructure to particular volume The influence of architecture model deployment;Guilin Wang et al. are for existing email solutions of signing for due to introducing complicated password Large overhead caused by art, the problem of to which resource limited mobile radio network environment can not be applied to, it is proposed that it is a kind of only Low overhead agreement containing 3 message steps and 4 kinds of operations;Arne Tauber point out that sign for e-mail system type numerous current In the case that more, security property is not yet reached common understanding, e-mail system is signed in large scale deployment must put forth effort solution system Current large scale deployment is assessed and discussed to interoperability using security properties such as fairness, non-repudiations as classification foundation Difference sign for standard email and system and need the difference that makes up and compatibling problem when reaching interoperability target;In this base On plinth, it is proposed that sign for the interoperability standard of e-mail system, and give by taking European Union as an example can transnational interoperability sign for Email solutions.
It signs for Email and subsequent detection is positioned to the inhibition for denying behavior, it means that the denial behavior being detected It may prove effective already, harm is perhaps had resulted in honest user;From safeguarding in mailing system that the angle of honest user says, to still The denial behavior not proved effective is intercepted in advance, and the detection tracking after proving effective already than denial behavior can more reduce honest user's Cost, however at present such function can not be provided as the credible e-mail technique of representative to sign for Email.Furthermore though Right early warning technology has obtained ripe utilization on the potential security threat in prevention information space, but is directed to safety of electronic mail early warning at present The research for especially denying behavior early warning does not occur.
Invention content
Goal of the invention:It is an object of the invention to solve the deficiencies in the prior art, it is fixed to provide a kind of software-oriented The Email of adopted network, which denies suppression system and its suppressing method, denial suppressing method of the invention, can not only provide similar Tradition is signed for outside the subsequent denial detection function of e-mail system, additionally it is possible to just to potentially supporting before Email interaction Behavior is relied to implement source inhibition.
Technical solution:Software defined network (Software Defined Networking, SDN) is initially big by Stamford It learns Clean Slate scientific researches groups to propose in next generation internet architectural study project, be interconnected as a kind of change tradition The organization plan of net system, SDN obtain Google, Facebook, Microsoft, Cisco and Juniper rapidly once proposition , there are standardized open network foundation (the Open Network of promotion SDN therewith in the active response of equal internets giant Foundation, ONF) P.It is the separation of network control planes and data plane that SDN, which is distinguished with the core of traditional network,.
The Email that a kind of software-oriented of the present invention defines network denies suppression system, including data plane and control Plane, the data plane are conventional e-mail interaction models, and control plane is to be additional to conventional e-mail interaction models Denial inhibit unit.
Further, the denial inhibits unit to include interaction evidence bundled components, interaction evidence management component, deny row For detection components, behavior evaluation component is signed for, reliability management assembly is signed for and denies behavior early warning component;
The interactive evidence bundled components are using undeniable technology to establishing on conventional e-mail interaction models Interbehavior carries out the unique association binding of behavior-evidence, and binding result is submitted to interactive card in the form of interacting evidence According to management assembly;
The interactive evidence management component carries out chain type management to the interaction evidence from interaction evidence bundled components, simultaneously History evidence is submitted to behavioral value component is denied;
The behavioral value component of denying utilizes the history evidence retrieved from interaction evidence management component to Email Transmitting-receiving behavior carries out denial detection, and testing result is submitted in the form of the behavior of signing for and signs for behavior evaluation component;
The behavior evaluation component of signing for is carried out using new person's assessment technology to denying the behavior of signing for that detection components are submitted Preliminary trust evaluation, and utilized on this basis from the history label for signing for the Email entity that reliability management assembly retrieves Collection of letters degree series carry out trust revaluation to the entry evaluation result for the behavior of signing for, and by result in the form of reliably signing for reliability It feeds back to and signs for reliability management assembly;
The reliability management assembly of signing for is signed for the history for signing for behavior evaluation component offer relevant e-mail entity Reliability sequence receives and reliable sign for reliability revaluation result from sign for behavior evaluation component, carries to denying behavior early warning component For the newest early warning decision for signing for reliability for denying behavior;
The denial behavior early warning component is signed for from reliability management assembly retrieval the newest of relevant e-mail entity is signed for Reliability will deny early warning order and be applied to traditional Email interaction models and denied and inhibit in advance.
The Email that network is defined the invention also discloses a kind of software-oriented denies the suppressing method of suppression system, packet Include following steps:
(1) the denial early warning stage before Email interaction denies behavior early warning component from signing for reliability management group Current the newest of Email entity to be interacted is retrieved in part signs for reliability, it will be into Email entity according to the reliability Capable Email interbehavior is implemented to deny early warning, and result is acted in the form of denying early warning order between mail entity The Email interaction that will be carried out;
(2) the denial management phase in Email interactive process, interaction evidence bundled components utilize undeniable skill Art implements electronic evidence binding to the interbehavior of mail entity, and binding result is submitted to evidence in the form of interacting evidence Management assembly carries out timing management;
(3) the denial detection-phase after Email interaction denies behavioral value component from evidence management component The electronic evidence of retrieval and epicycle Email intercorrelation in the form of history evidence utilizes undeniably clothes on this basis Denial arbitration technique in business is implemented to deny detection to the Email entity behavior that epicycle has just occurred, and testing result is to sign for going For form submit to sign for behavior evaluation component carry out reliability assessment;
(4) reliability feedback stage is signed for after Email interaction, signs for behavior evaluation component and completes to sign for going For the assessment of preliminary reliability after, commented using from signing for the history that reliability management assembly retrieves and sign for the preliminary reliability of reliability sequence pair Estimate result and sign for reliability revaluation, result is submitted in the form of reliably signing for reliability when signing for reliability management assembly and carrying out Sequence management signs for letter after the denial behavior early warning and the interaction of next round Email before being interacted for next round Email Degree feedback.
Further, in the step (1) sign for reliability be in e-mail system the public to Email entity postal Part signs for the degree of recognition of behavior;It is the pretreatment measure to the potential denial behavior of Email entity, foundation to deny early warning order The difference of granularity can have different pretreatment measures, such as Email entity is forbidden to send mail, forbid Email real Body receives mail, forbids interacting mail between Email entity, and allows to interact mail etc. between Email entity.
Further, the interaction evidence in the step (2) is to be used for the specific interactive row of unique association Email entity For digital signature.
Further, the history evidence in the step (3) is that unique association Email entity to be detected previously interacted The digital signature of behavior;And the behavior of signing for is the deception or honesty that Email entity is showed in mail transmission/reception problem Behavior.
Further, the reliability of signing in the step (4) is that the Evaluation of reliability of behavior is signed for Email entity;It goes through It is when signing for reliability ordered sets of the Email entity on previously neighbouring interaction wheel that history, which signs for reliability sequence,;Reliably sign for reliability It is to sign for the preliminary reliability assessment knot that reliability sequence pair Email entity currently signs for behavior using Email entity history Fruit carries out the final Evaluation of reliability to currently signing for behavior obtained after revaluation calculating.
Advantageous effect:Compared with prior art, the present invention has the following advantages:
(1) present invention compensates for existing mail technique of signing for and can only afterwards inhibit not to Email interaction denial behavior Foot, innovatively provides the suppression technology in advance of denial behavior, while the also principle based on closed loop feedback realizes and presses down in advance System is cooperateed with what is inhibited afterwards, has ensured the interests of honest mail user to the maximum extent;
(2) early warning is the key that denial behavior inhibits in advance, and the present invention first receives Email entity in mail thus Denial behavior and dishonest behavior Unify legislation on hair are to sign for behavior, innovative on this basis by reliability assessment technology The behavior of signing for is quantified as consistently describing that Email physical mail receives and dispatches denial degree signs for reliability by ground, and should Sign for the decision-making foundation that reliability denies early warning as Email;
(3) to the inhibition of Email denial behavior without destroying traditional Email interaction models, this makes the present invention Can be with the electronic mail network infrastructure of current widespread deployment compatible with significantly based on the system realized of the present invention Simplify the cost and complexity of system deployment.
Description of the drawings
Fig. 1 is present system structure and process chart;
Fig. 2 is the network deployment diagram of the embodiment of the present invention;
Fig. 3 is the denial behavior injection model schematic diagram of the embodiment of the present invention;
Fig. 4 is that being denied without collusion for the embodiment of the present invention signs for reliability susceptibility comparison schematic diagram under situation;
Fig. 5 is denied for the collusion of the embodiment of the present invention and is signed for reliability susceptibility comparison schematic diagram under situation;
Fig. 6 is that the collusion of the embodiment of the present invention is denied to signing for reliability susceptibility influence power schematic diagram;
Fig. 7 is the denial behavior inhibition schematic diagram in advance of the embodiment of the present invention;
Fig. 8 is the denial behavior rejection ability schematic diagram in advance of the embodiment of the present invention.
Specific implementation mode
Technical solution of the present invention is described in detail in conjunction with the accompanying drawings and embodiments below.
As shown in Figure 1, the Email that a kind of software-oriented of the present invention defines network denies suppression system, it then follows control The software defined network thought mutually removed with data, including data plane and control plane, the data plane are conditional electronic Mail interaction models, control plane are to be additional to the denial inhibition unit of conventional e-mail interaction models.
Wherein, it denies and unit is inhibited to include interaction evidence bundled components, interaction evidence management component, deny behavioral value group Part signs for behavior evaluation component, signs for reliability management assembly and denies behavior early warning component;
Interaction evidence bundled components are using undeniable technology to establishing the interaction on conventional e-mail interaction models Behavior carries out the unique association binding of behavior-evidence, and binding result is submitted to interactive evidence pipe in the form of interacting evidence Manage component;
Interaction evidence management component to from interaction evidence bundled components interaction evidence carry out chain type management, while to Behavioral value component is relied to submit history evidence;
Denying behavioral value component utilizes the history evidence retrieved from interaction evidence management component to E-mail receiver/send Behavior carries out denial detection, and testing result is submitted in the form of the behavior of signing for and signs for behavior evaluation component;
Behavior evaluation component is signed for carry out tentatively to denying the behavior of signing for that detection components are submitted using trust evaluation technology Trust evaluation, and utilized on this basis from the history for signing for the Email entity that reliability management assembly retrieves and sign for letter Degree series carry out trust revaluation to the entry evaluation result for the behavior of signing for, and result are fed back in the form of reliably signing for reliability To signing for reliability management assembly;
It signs for reliability management assembly and signs for reliability to the history for signing for behavior evaluation component offer relevant e-mail entity Sequence receives and reliable sign for reliability revaluation result from sign for behavior evaluation component, provides most to denying behavior early warning component The new early warning decision for signing for reliability for denying behavior;
Denial behavior early warning component from sign for reliability management assembly retrieve relevant e-mail entity it is newest sign for reliability, Early warning order will be denied and be applied to traditional Email interaction models and denied and inhibited in advance.
Denied in suppression system in above-mentioned Email, from before Email interaction denial early warning, in interactive process Deny management, to interaction after denial detection and sign for reliability feedback, whole process make Email interaction closed as one The denial suppression system of ring self feed back, meet Email interaction without denial demand.
The Email that network is defined the invention also discloses a kind of software-oriented denies the suppressing method of suppression system, packet Include following steps:
(1) the denial early warning stage before Email interaction denies behavior early warning component from signing for reliability management group Current the newest of Email entity to be interacted is retrieved in part signs for reliability, it will be into Email entity according to the reliability Capable Email interbehavior is implemented to deny early warning, and result is acted in the form of denying early warning order between mail entity The Email interaction that will be carried out;
Wherein, it refers to the approval that the public signs for Email physical mail behavior in e-mail system to sign for reliability Degree;It refers to the pretreatment measure to the potential denial behavior of Email entity to deny early warning order, and the difference according to granularity can be with There is different pretreatment measures, such as Email entity is forbidden to send mail, Email entity is forbidden to receive mail, forbid Interaction mail etc. between interaction mail between Email entity, and permission Email entity;
(2) the denial management phase in Email interactive process, interaction evidence bundled components utilize undeniable skill Art implements electronic evidence binding to the interbehavior of mail entity, and binding result is submitted to evidence in the form of interacting evidence Management assembly carries out timing management;The interaction evidence is the number label for the specific interbehavior of unique association Email entity Name;
(3) the denial detection-phase after Email interaction denies behavioral value component from evidence management component The electronic evidence of retrieval and epicycle Email intercorrelation in the form of history evidence utilizes undeniably clothes on this basis Denial arbitration technique in business is implemented to deny detection to the Email entity behavior that epicycle has just occurred, and testing result is to sign for going For form submit to sign for behavior evaluation component carry out reliability assessment;Wherein, history evidence refers to unique association electricity to be detected The digital signature of the sub- previous interbehavior of mail entity, and the behavior of signing for is Email entity institute's table in mail transmission/reception problem Reveal the deception come or dishonest behavior;
(4) reliability feedback stage is signed for after Email interaction, signs for behavior evaluation component and completes to sign for going For the assessment of preliminary reliability after, commented using from signing for the history that reliability management assembly retrieves and sign for the preliminary reliability of reliability sequence pair Estimate result and sign for reliability revaluation, result is submitted in the form of reliably signing for reliability when signing for reliability management assembly and carrying out Sequence management signs for letter after the denial behavior early warning and the interaction of next round Email before being interacted for next round Email Degree feedback, reliability of signing for herein is that the Evaluation of reliability of behavior is signed for Email entity;It is electricity that history, which signs for reliability sequence, When signing for reliability ordered sets of the sub- mail entity on previously neighbouring interaction wheel;Reliable reliability of signing for is to use Email entity History sign for reliability sequence pair Email entity currently sign for behavior preliminary reliability assessment result carry out revaluation calculating after obtain The final Evaluation of reliability to currently signing for behavior obtained.
Core link in the above process is that interaction evidence is bound, denies behavioral value, signing for behavior evaluation and deny row Concrete operating principle for early warning, this four core links is as follows:
(1) in interaction evidence binding, to support group sending of email (special case that single-shot is considered as to mass-sending), this hair herein It is bright to use the multi-party undeniable evidence binding technology for having a pair of of multiple topology.Interacting the method that evidence is bound is:It will wait for It sends information and is divided into two pieces:Mail reciprocal decomposition is ciphertext interaction and cipher key interaction by encryption key and ciphertext;It sends first Ciphertext and signature NRO (Non-Repudiation Origin) are sent to recipient by side, while concomitantly by key and signature Sub (Submission) is sent to TTP (Trust Third Party);Recipient uses signature NRR (Non- after receiving the ciphertext Repudiation Receipt) it is responded;TTP issues itself and signature Con (Confidence) after receiving key together Into public directory, such recipient can obtain key to decrypt in plain text from TTP, and sender also can be from retrieving Con is simultaneously preserved.
The symbol being related to when description interaction evidence binding procedure is described below:
X╟/(╢)Y:[M] entity X is to/(from) entity Y transmission/(acquisition) information M;
S, R, R ', Ri e-mail sending, recipient's set, recipient's subclass, recipient member;
Entity public key set in uRi, uR Ri public keys, R;
SigBXB(M),MBiBX implements mail M the specific mail plaintext of signature, s Ri to be sent to;
C=EBKB(M), M=DBKB(C) with key K encryptions message M obtains ciphertext C, decryption C obtains plaintext M;
h(),EBRB() one-way hash function, group's encryption function (its ciphertext can only be decrypted by member in R).Tool The interaction evidence of body is bound as shown in process 1, is described as follows:
Process 1.BbindE//behavior-evidence binding procedure
Input:S, R={ RBiB| l≤i≤| R | }, M={ MBiB|l≤i≤|R|},TTP;
Output:Behavior-evidence binding result;
begin
// step 1-5 is system initialization
The respective initialization counter CounterB of 1.s and each RisB← 0 and CounterBRiB←0;
2.s and each Ri respectively select time period t BsBAnd tBRiB, SubB is preserved for defining TTPKBAnd NRRBiBPhase Limit;
3.TTP selects information announcement duration tB0B
4.s is that each Ri selects random number nBiB, and calculate xBiB←EBuRiB(nBiB);
5.s selects key K, is calculated for each RiAnd cBiB←EBkiB(MBiB);
// step 6-9 is to implement to bind
6.s╟Ri:[Ri,tBsB,lBiB,cBiB,xBiB,uRi,NROBiB];// into R, entity mass-sends ciphertext, it can be with step 6' is concurrently executed
6'.s╟TTP:[R,tBsB,L,EBRB(K),NRO,CounterBsB++,SubBKB];// submit key
7.Ri╟TTP:[s,lBiB,xBiB,uRi,tBRiB,NROBiB,CounterBRiB++,NRRBiB];// application receives close Key
8.s╢TTP:[s,R′,L′,T,tBsB,tSetBR′B,EBR’B(EBRB(K)),NRR,ConBKB];// retrieval key connects Receive evidence
9.Ri╢TTP:[s,R′,L′,T,tBsB,tSetBR′B,EBR’B(EBRB(K)),NRR,ConBKB];// obtain key
// step 10 is fed back for binding result
10. homing behavior evidence binding result
end
Relevant field information is described as follows:
lBiB=h (s, Ri, TTP, h (cBiB), h (K)), L={ lBiB| Ri ∈ R ∧ l≤i≤| R | }, L '={ lBiB|Ri∈ R′∧l≤i≤|R′|}
NROBiB=SigBsB(Ri,lBiB,xBiB,uRi,tBsB,h(cBiB)), NRO={ NROBiB|Ri∈R∧1≤i≤|R |}
NRRBiB=SigBRiB(s,lBiB,xBiB,uRi,tBRiB,cBiB,NRO,CounterBRiB),
SubBKB=SigBsB(R,L,tBsB,EBRB(K),NRO,CounterBsB), tSetBR′B={ tBRjB|1≤j≤|R′ |}
ConBKB=SigBTTPB(s,R′,L′,T,tBsB,tSetBR′B,EBR’B(EBRB(K)),NRO,NRR)
The above process can ensure that mail transmission/reception Fang Junneng acquisition other side's signs for behavior evidence, i.e. the mail that s obtains Ri connects Receive evidence { NRRBiB,ConBKB, the mail that Ri obtains s sends evidence { NROBiB,ConBKB}。
(2) on denying behavioral value, the transmission for Email denies behavior and receives denial behavior, and the present invention can The following two kinds detection algorithm is respectively adopted to be investigated:
Detection algorithm is denied in algorithm 1Check-Origin//transmission
Input:ConBKB,NROBiB,TTP,Ri,s,CounterBsB,CounterBRiB,cBiB,MBiB,K,lBiB
Output:IsOrigin//whether deny transmission
begin
1.Kfroms←0;cBiBfroms←0;legreceiver←0;noreplay←0;legrnd←0; rightcipher←0;isOrigin←0;
2.if ConBKBThe signature then KfromsB of is TTPB←1;//s submitted K to TTP
3.if NROBiBThe signature then cB of is siBfromsB B←1;The cB that //Ri is receivediBIt is sent by s
4.if Ri belongs to R′then legreceiver←1;//Ri is effective recipient
5.if CounterBRiB==CounterBsBthen noreplay←1;//s and Ri does not reset other side's message
6.if lBiB==h (s, Ri, TTP, h (cBiB),h(K))then legrnd←1;//lBiBIt is legal agreement Wheel mark
7.if cBiB==EBkiB(MBiB)then rightcipher←1;//cBiBIt is correct ciphertext
8.if KfromsB B*cBiBfromsB B*legreceiver*noreplay*legrnd*rightcipher then isOrigin←1;//s is transmitted across MBiBTo Ri
9.return isOrigin;
end
Detection algorithm is denied in algorithm 2Check-Receipt//reception
Input:ConBKB,NROBiB,NRRBiB,TTP,Ri,s,CounterBsB,CounterBRiB,cBiB,MBiB,K,lBiB
Output:IsReceipt//whether deny reception
begin
1.cangetK←0;getcipher←0;truecipher←0;legreceiver←0;noreplay←0; legrnd←0;rightcipher←0;isReceipt←0;
2.if ConBKBThe signature then cangetKB of is TTPB←1;//Ri can get ki
3.if NRRBiBGetcipher ← 1 signature then of is Ri;//Ri receives cBiBAnd it is willing to obtain ki from TTP
4.if NROBiBTruecipher ← 1 signature then of is s;//cBiBIt is genuine
5.if Ri belongs to R′then legreceiver←1;//Ri is effective recipient
6.if CounterBRiB==CounterBsBthen noreplay←1;// message-replay is not present
7.if lBiB==h (s, Ri, TTP, h (cBiB),h(K))then legrnd←1;// agreement wheel is legal
8.if cBiB==EBkiB(MBiB)then rightcipher←1;//cBiBIt is correct ciphertext
9.if KfromsB B*cBiBfromsB B*legreceiver*noreplay*legrnd*rightcipher then isReceipt←1;//Ri received the MB of s transmissionsiB
10.return isReceipt;
end
(3) in signing for behavior evaluation, the present invention carries out unified quantization using reliability is signed for.
The assessment for signing for reliability is carried out in two steps in the present invention, including initially signs for reliability and calculates and sign for reliability weight Estimate.
First, initially signing for reliability CRBtBIt calculates, gives and assess according to denial testing result, subscript t is assessed for identifying Moment;
Second, reliability TVB is signed in revaluationtBIt calculates, approaching the true of entity to be assessed to make to sign for reliability signs for behavior, It uses herein and signs for reliability revaluation model to initially signing for reliability RB as followstBImplement revaluation:
TVBtB=α * CRBtB+β*HBtB+γ*DBtB+δ*DBtB*|SDBtB| (formula 1)
As shown in Equation 1, the present invention (initially signs for reliability CRB using four kinds of datatB, history signs for reliability HBtB, sign for letter Spend stability bandwidth DBtB, sign for reliability fluctuation tendency SDBtB) come to CRBtBRevaluation is carried out, makes revaluation reliability more from 5 angles It approaches the true of entity and signs for behavior, first is by γ * DBtBWeighted calculation come measure the behavior of signing for burst fluctuation (from It is to deny without jump is denied, from jump is denied for without denial);Second is by β * HBtB+γ*DBtB+δ*DBtB*|SDBtB| weighted calculation Improvement (tending to without denial) and the deterioration (tending to deny) of behavior are signed for distinguish entity;Third is by α * CRBtB+β*HBtB Weighted calculation tolerates unconscious wrong denial behavior, and consistently the true of reflection entity signs for behavior;4th is logical Cross γ * DBtB+δ*DBtB*|SDBtB| weighted calculation signs for the timeliness of reliability assessment to enhance.Weight coefficient α, β, γ in formula 1 And δ is between 0 and 1, component HBtB,DBtB,SDBtBComputational methods it is as follows:
(formula 2)
In above-mentioned formula 2, ρ (0<ρ≤1) and LH respectively previously signed for reliability the concern factor and concern number of time slots.
(formula 3)
(formula 4)
θ (0 in above-mentioned formula 4<θ≤1) and LDH respectively previously signed for the concern factor and concern time slot of reliability stability bandwidth Number.
LH in formula 2, α in LDH and formula 1 in formula 4, beta, gamma and δ are respectively set as follows:
1) LH and LDH is usually arranged as the oscillation time slot size that malious email entity strategy denies behavior;
2) beta/alpha is generally in proportion to LH;
3) it is arranged(formula 5)
4) it is arranged(formula 6)
(4) on denying behavior early warning, the present invention carries out early warning decision according to reliability is signed for,
It refers to Email that reliability threshold values (Certified Reputation Threshold, CRT) is signed in the present invention Entity x signs for reliability threshold values in t wheel Email interactions, and CRTBtB(x) it is that Email entity institute is patient other The minimum of Email entity signs for reliability.
Assuming that TVBtB(x) and CRTBtB(x) it is that mail entity x signs for reliability and signs for reliability valve before t wheel interactions respectively Value, s is e-mail sending, R={ RB1B,RB2B,...,RB|R|BBe that mail reception side gathers, then the denial that the present invention uses is pre- It whips a horse on slightly:
(formula 7)
PI, IS, PR and II are indicated normally to interact respectively, are sent denial, receive and deny, receive and dispatch and deny in above formula.
Embodiment:
For the present invention is further explained to denying the practical inhibition of behavior, a true electricity is established in the present embodiment Sub- mail denies suppression system RIMail, and building for the system has used Open-Source Tools OpenFlow, and uses the electricity of the present invention Sub- mail denies suppressing method and carries out denial inhibition.
As shown in Fig. 2, the structure of the RIMail systems in the present embodiment is related to 5 PC, wherein:Pc0 conducts OpenFlow controllers (installation increase income POX controllers) run (the denial inhibition i.e. in the present invention of RIMail controllers on it Unit), be responsible to define Email interaction deny inhibit strategy, and by Policy Result by OpenFlow agreements by leading to safely Road distributes OpenFlow interchangers;Pc1 and pc2 as OpenFlow interchangers (installation Mininet and Open vSwitch), The Email interaction denial distributed according to controller inhibits the tactful e-mail data that formed to submit flow table, and interaction is electric accordingly Sub- mail data;For pc3 as email client (the e-mail client software NRMail of installation customization), main task has two It is a, first, realizing smtp the and pop3 client functionalities of Traditional E-mail System;It is handed over second is that intercepting and capturing conventional e-mail data Mutual SOCKET communications, and it is submitted into RIMail controllers by control channel;Pc4 is as (the installation of mail service end Winmail5.1.1 mail services), while smtp and pop3 services being provided.
In the present embodiment, the experiment parameter setting of RIMail systems is as follows:
A, mail entity total amount is 1025, wherein honest entity is 4 with malicious entities ratio of number:1;Honest entity does not support Rely, not with other people conspire, do not calumniate other people;Malicious entities can show tactful denial behavior because of private interests, can implement each other altogether Scheme, and the honest entity that spreads vicious gossip;
B, initially reliability RB is signed fortBSimple computation is, if testing result is to deny, RBtB=0.1, otherwise RBtB=1;
C, honest entity and the tactful denial behavior injection model of malicious entities are as shown in figure 3, oscillation time slot is set as 10 Timeslice (i.e. cycle of oscillation is set as 20 timeslices);
D, reliability calculating parameter α=0.2, β=0.8, γ B are signed in setting1B=0.05, γ B2B=0.2, δ B1B=0.05, δ B2B=0.2, LH=LDH=10.
RIMail operation datas 1 --- sign for sensitivity analysis of the reliability to denial behavior:
Based on denial behavior injection model shown in Fig. 3, Fig. 4 gives in RIMail systems and is denied under situation really without collusion Entity signs for reliability (calumniated and without calumny) and malicious entities sign for reliability ([ρ=1, θ=1], [ρ=1, θ=0.75], [ρ=0.75, θ=1] and [ρ=0.75, θ=0.75]) fluctuation situation;It corresponds, Fig. 5 gives malicious entities collusion and supports Honest entity and malicious entities under situation is relied to sign for reliability fluctuation situation, it can be seen that one side malicious entities libel action Presence can reduce honest entity sign for reliability;Although on the other hand malicious entities are made a profit (i.e. excessively under four kinds of history attention rates With signing for, reliability is had an eye to the main chance and the difference of the paid cost of reliability is signed in recovery) it is of substantially equal, but (reduce to previous ρ is smaller The initial attention rate for signing for reliability) and when θ larger (improving the attention rate to previously signing for reliability stability bandwidth), sign for reliability pair Denial behavior is more sensitive.
Fig. 6 further analyzes malicious entities collusion and denies the influence caused by signing for reliability susceptibility, it can be seen that Four groups ([ρ=1, θ=1], [ρ=1, θ=0.75], [ρ=0.75, θ=1] and [ρ=0.75, θ=0.75]) different concern Under degree, the implementation of collusion can make:(1) when behavior deteriorates, susceptibility reduces;(2) when behavior improves, susceptibility improves; (3) malicious entities profit can be promoted.
RIMail operation datas 2 --- denying behavior, inhibition is analyzed in advance:
Compared with signing for e-mail model, the valuable feature of EmRIM is that denial behavior can be detected in advance and implements source Head inhibits, for this purpose, the present embodiment is to inhibit the denial in advance of RIMail systems for history attention rate [ρ=1, θ=0.75] Effect is evaluated and tested.Setting threshold coefficient is 0.8 (signs for reliability threshold values=sign for reliability * 0.8), and Fig. 7 gives mail friendship Denial, reception denial, transmitting-receiving is denied and nothing is supported from being sent when rising to 10000 times by step-length 20 0 time, in RIMail for mutual total amount Rely situation.From the point of view of overall trend, have/[nothing] collusion and have/[nothing] calumniate four kinds of occasions under, as denial behavior presses down in advance The progress of system sends in RIMail and denies, receives and deny and proportion that transmitting-receiving is denied drastically is reduced, and no proportion for denying interaction is anxious Play is soaring, this shows that EmRIM inhibits upper significant effect in advance in denial behavior, can greatly promote the credible of Email interaction Property.
RIMail operation datas 3 --- denying behavior, rejection ability is analyzed in advance:
Inhibit the analysis of denial ability quasi- using the assessment common three kinds of gauges of grader in advance to EmRIM:It looks into complete Rate (Recall), precision ratio (Precision) and harmonic-mean (F-measure).
If in mail interbehavior sample to be detected, TP is the sample number for being correctly identified as denial behavior, FN be by It is mistaken for the sample number of dishonest behavior, FP is the sample number for being mistaken for denial behavior, then three common measurements are respectively:
(1) behavior recall ratio is denied:R=TP/ (TP+FN);
(2) behavior precision ratio is denied:P=TP/ (TP+FP);
(3) harmonic-mean:F=2*P*R/ (P+R).
ρ=1 is set, θ=0.75, threshold coefficient 0.8, Fig. 8 analyze EmRIM have/[nothing] collusion and have/[nothing] slander Denial behavior under four kinds of occasions of slander rejection ability in advance.As can be seen that although recall ratio average value maintains 0.4 or so in advance (under-enumeration part will be detected afterwards), but precision ratio is high in advance, and preferable harmonic-mean is obtained, this table Bright EmRIM has certain denial behavior rejection ability in advance.

Claims (6)

1. the Email that a kind of software-oriented defines network denies suppression system, it is characterised in that:Including data plane and control Plane processed, the data plane are conventional e-mail interaction models, and control plane is to be additional to conventional e-mail to interact mould The denial of type inhibits unit;The denial inhibits unit to include interaction evidence bundled components, interaction evidence management component, deny row For detection components, behavior evaluation component is signed for, reliability management assembly is signed for and denies behavior early warning component;
The interactive evidence bundled components are using undeniable technology to establishing the interaction on conventional e-mail interaction models Behavior carries out the unique association binding of behavior-evidence, and binding result is submitted to interactive evidence pipe in the form of interacting evidence Manage component;
The interactive evidence management component to from interaction evidence bundled components interaction evidence carry out chain type management, while to Behavioral value component is relied to submit history evidence;
The behavioral value component of denying utilizes the history evidence retrieved from interaction evidence management component to E-mail receiver/send Behavior carries out denial detection, and testing result is submitted in the form of the behavior of signing for and signs for behavior evaluation component;
The behavior evaluation component of signing for is carried out tentatively using reliability assessment technology to denying the behavior of signing for that detection components are submitted Trust evaluation, and utilize signed for from the history for signing for the relevant e-mail entity that reliability management assembly retrieves on this basis Reliability sequence carries out trust revaluation to the entry evaluation result for the behavior of signing for, and result is anti-in the form of reliably signing for reliability It feeds and signs for reliability management assembly;
The reliability management assembly of signing for signs for reliability to the history for signing for behavior evaluation component offer relevant e-mail entity Sequence receives and reliable sign for reliability revaluation result from sign for behavior evaluation component, provides most to denying behavior early warning component The new early warning decision for signing for reliability for denying behavior;
The denial behavior early warning component from sign for reliability management assembly retrieve relevant e-mail entity it is newest sign for reliability, Early warning order will be denied and be applied to traditional Email interaction models and denied and inhibited in advance.
2. a kind of software-oriented as described in claim 1 defines the suppressing method of the Email denial suppression system of network, It is characterized in that:Include the following steps:
(1) the denial early warning stage before Email interaction denies behavior early warning component from signing in reliability management assembly Current the newest of Email entity to be interacted of retrieval signs for reliability, will be carried out to Email entity according to the reliability Email interbehavior is implemented to deny early warning, and result is acted in the form of denying early warning order between Email entity The Email interaction that will be carried out;
(2) the denial management phase in Email interactive process, interaction evidence bundled components utilize undeniable technology pair The interbehavior of Email entity implements electronic evidence binding, and binding result is submitted to evidence in the form of interacting evidence Management assembly carries out timing management;
(3) the denial detection-phase after Email interaction denies behavioral value component from evidence management component to go through The electronic evidence of the form retrieval and epicycle Email intercorrelation of history evidence, on this basis using in undeniably service The Email entity behavior that epicycle has just been occurred of denial arbitration technique implement to deny detection, testing result is with the behavior of signing for Form, which is submitted to, signs for the progress reliability assessment of behavior evaluation component;
(4) reliability feedback stage is signed for after Email interaction, signs for behavior evaluation component and completes to sign for behavior After preliminary reliability assessment, the preliminary reliability assessment knot of reliability sequence pair is signed for using from signing for the history that reliability management assembly retrieves Fruit carries out signing for reliability revaluation, and result is submitted in the form of reliably signing for reliability signs for reliability management assembly progress sequential pipe Reason, denials behavior early warning and next round Email before being interacted for next round Email interact after to sign for reliability anti- Feedback.
3. software-oriented according to claim 2 defines the suppressing method of the Email denial suppression system of network, It is characterized in that:Reliability of signing in the step (1) is that the public signs for going to Email physical mail in e-mail system For degree of recognition;It is the pretreatment measure to the potential denial behavior of Email entity to deny early warning order, not according to granularity It is same to have different pretreatment measures.
4. software-oriented according to claim 2 defines the suppressing method of the Email denial suppression system of network, It is characterized in that:Interaction evidence in the step (2) is the number for the specific interbehavior of unique association Email entity Signature.
5. software-oriented according to claim 2 defines the suppressing method of the Email denial suppression system of network, It is characterized in that:History evidence in the step (3) is the number of the unique association previous interbehavior of Email entity to be detected Word is signed;And the behavior of signing for is the deception or dishonest behavior that Email entity is showed in mail transmission/reception problem.
6. software-oriented according to claim 2 defines the suppressing method of the Email denial suppression system of network, It is characterized in that:Reliability of signing in the step (4) is that the Evaluation of reliability of behavior is signed for Email entity;History signs for letter Degree series are when signing for reliability ordered sets of the Email entity on previously neighbouring interaction wheel;Reliable reliability of signing for is using electricity Sub- mail entity history sign for reliability sequence pair Email entity currently sign for behavior preliminary reliability assessment result carry out weight The final Evaluation of reliability to currently signing for behavior that estimation obtains after calculating.
CN201410482740.3A 2014-09-19 2014-09-19 The Email that software-oriented defines network denies suppression system and its suppressing method Expired - Fee Related CN105450502B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410482740.3A CN105450502B (en) 2014-09-19 2014-09-19 The Email that software-oriented defines network denies suppression system and its suppressing method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410482740.3A CN105450502B (en) 2014-09-19 2014-09-19 The Email that software-oriented defines network denies suppression system and its suppressing method

Publications (2)

Publication Number Publication Date
CN105450502A CN105450502A (en) 2016-03-30
CN105450502B true CN105450502B (en) 2018-10-09

Family

ID=55560304

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410482740.3A Expired - Fee Related CN105450502B (en) 2014-09-19 2014-09-19 The Email that software-oriented defines network denies suppression system and its suppressing method

Country Status (1)

Country Link
CN (1) CN105450502B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105827521B (en) * 2016-06-02 2019-07-05 南京审计大学 E-mail based on SDN denies source and inhibits system and its suppressing method

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1852316A (en) * 2006-04-10 2006-10-25 北京航空航天大学 Anti-denial method between UA and MTA based on anti-denial protocol
CN101714957A (en) * 2009-10-30 2010-05-26 北京航空航天大学 System for managing nonrepudiative evidence of mass mails by third party
CN102170407A (en) * 2011-04-18 2011-08-31 南京审计学院 Method for realizing electronic mail credibility management on the basis of anti-fraud control logic unit
CN103684922A (en) * 2013-12-23 2014-03-26 蓝盾信息安全技术股份有限公司 Outlet information privacy checking detection platform system based on SDN (self-defending network) and detection method

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8327442B2 (en) * 2002-12-24 2012-12-04 Herz Frederick S M System and method for a distributed application and network security system (SDI-SCAM)

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1852316A (en) * 2006-04-10 2006-10-25 北京航空航天大学 Anti-denial method between UA and MTA based on anti-denial protocol
CN101714957A (en) * 2009-10-30 2010-05-26 北京航空航天大学 System for managing nonrepudiative evidence of mass mails by third party
CN102170407A (en) * 2011-04-18 2011-08-31 南京审计学院 Method for realizing electronic mail credibility management on the basis of anti-fraud control logic unit
CN103684922A (en) * 2013-12-23 2014-03-26 蓝盾信息安全技术股份有限公司 Outlet information privacy checking detection platform system based on SDN (self-defending network) and detection method

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
多方不可否认协议时限性分析与改进;韩志耕等;《电子学报》;20090228;第37卷(第2期);第377-381页 *

Also Published As

Publication number Publication date
CN105450502A (en) 2016-03-30

Similar Documents

Publication Publication Date Title
US8737624B2 (en) Secure email communication system
CN102780698A (en) User terminal safety communication method in platform of Internet of Things
CN105227570B (en) A kind of safe e-mail system of integrated campaign
CN101843030B (en) The middle transmit leg of use safety RTP data retransmission and method
CN101977111B (en) Anti-spam method based on privacy protection
Castiglione et al. E-mail-based covert channels for asynchronous message steganography
CN103973714A (en) E-mail account generating method and system
CN102170407B (en) Method for realizing electronic mail credibility management on the basis of anti-fraud control logic unit
CN107104888B (en) Safe instant messaging method
CN105450502B (en) The Email that software-oriented defines network denies suppression system and its suppressing method
Chaeikar et al. Secure SMS transmission based on social network messages
CN103780380A (en) Asymmetric mail security encryption realization method
CN102843356A (en) Controllable exchange method for symmetric key-encrypted file
EP4030687A1 (en) Authenticating anonymous information
CN104796311B (en) A kind of method, client, server and the system for sending information of transmission information
CN111654859A (en) Mobile block chain resource allocation method and device
CN105743647B (en) The cross-domain broadcast authentication method of spatial information net
Yazdanpanah et al. Secure SMS Method Based on Social Networks
CN105827521B (en) E-mail based on SDN denies source and inhibits system and its suppressing method
Shirode et al. Webvibe: A Secure Webchat Application
CN118337531A (en) Mail tamper-proof encryption, decryption and processing method
Yanping et al. Multi-party non-repudiation protocol with different message exchanged
Li et al. An improved non-repudiation protocol and its security analysis
Rothmeyer The SMS Chaum Mix
Mukherjee et al. An improved certified email protocol using an offline TTP

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20180530

Address after: 210000 No. 86, Yushan West Road, Jiangpu street, Pukou District, Nanjing, Jiangsu.

Applicant after: Nanjing Audit University

Address before: 210017 607, room 3, Lake heart garden, 207 Shui Xi Men street, Jianye District, Nanjing, Jiangsu.

Applicant before: Chen Geng

Applicant before: Han Zhigeng

GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20181009