基于可信计算的匿名通信系统方案研究  被引量：3

作　　者：莫家庆[1] 胡忠望[1] 林瑜华[2] 

机构地区：[1]肇庆学院计算机学院,广东肇庆526061 [2]肇庆学院教育技术与计算机中心,广东肇庆526061

出　　处：《计算机应用与软件》2016年第12期84-88,178,共6页Computer Applications and Software

基　　金：国家自然科学基金项目(61379041)

摘　　要：匿名通信系统在互联网中得到广泛应用,在保障通信安全和用户隐私方面发挥了重要作用,然而也存在被恶意用户隐藏保护自身信息、逃避安全部门对其网络调查的隐患。针对这一问题,提出在匿名通信系统中引入可信计算进行改进的方案。改进后的系统中参与通信的各节点首先以可信计算直接匿名认证方法进行身份认证,然后通信发起方通过可信度量的方式逐步将可信匿名链路扩展至目标节点,通信过程中匿名通信链上每个节点发送给下一节点时运用签密以防止攻击者对数据包的篡改,还运用恶意行为评估机制以使接收方能发现恶意用户的攻击行为。安全性分析表明,改进后的系统在保持匿名性的同时,还具有可信性和更高的安全性,解决了匿名通信系统的安全隐患;同时模拟分析表明,引入改进的直接匿名认证和签密技术是可行的,在足够安全强度下它们的计算效率对系统的延时影响很小。Anonymous communication system is widely used in the Internet, and plays an important role in the protection of communication security and users privacy. However the anonymous communication system is also used by the malicious users to hide and protect their own information and to avoid network survey tracking by security department. In order to solve this hidden trouble, we put forward the scheme of introducing trusted computing into anonymous communication system. In the improved system, first the nodes involved in the communication should be authenticated in the way of direct anonymous attestation with trusted computation, and then the initiator of communication gradually extends the trusted anonymous link to target nodes by means of trusted measurement. In the process of communication, when each node in the chain of anonymous communication sends packets to the next node, the signcryption is adopted in order to prevent the attacker to tamper packets. The scheme also provides malicious behaviors evaluating mechanism so that the recipients can track the attack behavior from malicious users. Security analysis of the scheme shows that the improved system has credibility and higher security while maintaining the anonymity, and eliminates the security risks of the anonymous communication system. And simulation experiment has also shown at the same time that it is feasible to introduce the improved direct anonymous attestation and signcryption, they have less influence on the time delay of the system when the security strength is enough.

关 键 词：匿名通信 可信计算 匿名认证 签密 网络安全 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]