大规模监视下安全性定义再分析  被引量：1

作　　者：李耕 刘建伟 张宗洋 LI Geng;LIU Jian-Wei;ZHANG Zong-Yang(School of Cyber Science and Technology,Beihang University,Beijing 100083,China;Key Laboratory of Aerospace Network Security,Ministry of Industry and Information Technology,Beijing 100083,China)

机构地区：[1]北京航空航天大学网络空间安全学院,北京100083 [2]空天网络安全工业和信息化部重点实验室,北京100083

出　　处：《密码学报》2020年第3期326-341,共16页Journal of Cryptologic Research

基　　金：国家自然科学基金(61972017,61972018,61932014);北京市自然科学基金(4182033);国家密码发展基金(MMJJ20180215);中央高校基本科研业务费(YWF-20-BJ-J-1039)。

摘　　要："棱镜门"等一系列相关事件显示,部分国家的情报机构能通过颠覆攻击的手段窃取用户隐私信息.目前,密码体制具有抗颠覆性主要以无隐写性作为标准,该标准要求较高,使得大部分现有防御方法可行性较低.针对这一问题,本文提出了一种新的针对颠覆攻击的安全定义-抗颠覆安全保留性.相比于无隐写性,抗颠覆安全保留性不再要求监视者无法区分颠覆执行的输出与算法说明的输出,而仅要求所有能通过黑盒测试的颠覆执行仍然能够实现某种具体的安全性,因此要求低于无隐写性;并且能够更加直观地反映现实颠覆威胁下的安全需求,能够为设计抗颠覆密码体制提供更多的思路和空间.在此安全定义下,本文提出了算法隔离运行的防御方法,在"分割-融合模型"的基础上,对分割后的部分算法进行隔离,使之无法获取密码系统的业务数据,具有更高的现实可行性;分别在部分颠覆模型和完全颠覆模型下,设计了基于算法隔离运行的满足抗颠覆安全保留性的对称加密体制构造方法.The PRISM and some related events showed that the intelligence agencies of some countries can compromise the security of cryptosystem and get users’privacy by subversion attack.Currently,researchers generally take the stego-freeness as the security definition when analysing subversion attacks.However,given that the stego-freeness is considerably strict,most of the defending strategies against subversion which satisfy the stego-freeness are unpractical in reality.To solve this problem,this paper proposes a new security definition named security-preservation based on relative research.In contrast to the stego-freeness,the security-preservation does not pursue that the output of implementation and specification are indistinguishable to the surveillant,instead,it only requires that all the implementations can still reach certain level of security as long as they pass the blackbox test.The goal of the security-preservation against subversion is lower than that of the stego-freeness,however,it captures the reality in a more direct way.Thus,in the case where the defending strategies which satisfy the stego-freeness are lacking,the security-preservation against subversion provides us more space for designing of defending strategies.This paper proposes a defending strategy named isolated operation,which prohibits certain algorithms to access to business data of users,based on the"decomposition and amalgamation"model.Comparing to most of the existing defending strategies,the isolated operation is more practical.Symmetric encryption schemes satisfying security-preservation against subversion in partial subversion model and in complete subversion model are designed respectively.

关 键 词：后斯诺登密码学 cliptography 颠覆攻击 对称加密体制 

分 类 号：TP309.2[自动化与计算机技术—计算机系统结构]