云环境下基于代理盲签名的高效异构跨域认证方案  被引量：4

作　　者：江泽涛[1] 徐娟娟 JIANG Ze-tao;XU Juan-juan(Key Laboratory of Image and Graphic Intelligent Processing in Guangxi,Guilin University of Electronic Technology,Guilin,Guangxi 541004,China)

机构地区：[1]桂林电子科技大学广西图像图形与智能处理重点实验室,广西桂林541004

出　　处：《计算机科学》2020年第11期60-67,共8页Computer Science

基　　金：国家自然科学基金(61876049,61762066,61572147);广西科技计划项目(AC16380108);广西图像图形智能处理重点实验项目(GIIP201701,GIIP201801,GIIP201802,GIIP201803);广西研究生教育创新计划资助项目(2019YCXS043)。

摘　　要：针对现有不同体系公钥基础设施(Public Key Infrastructure,PKI)和无证书公钥密码体系(CertificateLess public key Cryptography,CLC)的跨域身份认证方案不能满足身份盲化性以及高效的异构跨域认证问题,提出代理盲签名的高效异构跨域认证方案。该方案重新构造了一个高效、安全的跨域身份认证模型并结合代理签名和盲签名的优点,在云间引入一个可信认证中心CA给予第三方合法代理者可信的代理权限来执行代理盲签名操作。此代理者不仅减少了云间认证中心CA的通信负载,实现不同域授权代理盲签名用户和请求代理盲签用户之间的信息交互,还满足了双向实体身份同步认证的盲化性以及代理盲签名的可识别性,提高了认证安全性。分析结果表明,该方案基于数学困难性问题满足抗替换性攻击、抵抗重放攻击、抗中间人攻击和身份不可追踪性等性能,完成了异域用户之间高效、高安全性的跨域身份认证。In order to solve the problem of identity blindness and efficient heterogeneous cross-domain authentication,an efficient heterogeneous cross-domain authentication scheme based on proxy blind signature is proposed.The scheme reconstructs an efficient and secure cross-domain identity authentication model.Combined with the advantages of proxy signature and blind signature,a trusted certification authority CA is introduced in the cloud to give the third party legal agent the trusted agency authority to perform the proxy blind signature operation.This agent not only reduces the communication load of the inter-cloud certification authority CA,realizes the information interaction between the authorized agent blind signer in different domains and the requesting agent blind signer,but also satisfies the blindness of bidirectional entity identity synchronous authentication and the identi-fiability of the proxy blind signature,and improves the authentication security.The results show that based on the mathematical difficulty,the scheme can meet the performance of anti-substitution attack,resist replay attack,man-in-the-middle attack,identity untraceability and so on,and complete the cross-domain identity authentication with high efficiency and security between foreign users.

关 键 词：异构体系跨域认证 代理盲签名 盲化性 可识别 跨域身份认证模型 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]