基于报文哈希链的签名认证方法  被引量：3

作　　者：韩明轩 蒋文保[1] 郭阳楠 Han Mingxuan;Jiang Wenbao;Guo Yangnan(School of Information Management,Beijing Information Science&Technology University,Beijing 100192,China)

机构地区：[1]北京信息科技大学信息管理学院,北京100192

出　　处：《计算机应用研究》2022年第4期1183-1189,共7页Application Research of Computers

基　　金：国家重点研发计划资助项目(2018YFB1800100);科技创新服务能力建设—网络空间安全学科创新平台建设基金资助项目(77F1910917)。

摘　　要：针对TCP/IP协议缺乏内生安全机制引起的网络安全问题,以及IPSec等附加的安全增强技术存在效率低的问题,提出了一种基于报文哈希链的签名认证方法。该方法将所传输报文的哈希值通过迭代哈希形成一个关于报文序列的哈希链,通信双方通过报文哈希链确保报文序列的完整性;在进行报文签名认证时,通信双方只需按一定间隔对数据报文进行签名认证就能确保多个报文的完整性和不可抵赖性,并能显著提高报文安全传输的效率。通过实验证明,在相同网络环境以及通用软件实现方式下,基于报文哈希链的签名认证方法的平均比特率比IPSec逐包签名方法的平均比特率有显著提高,且这种签名认证方法能有效防范中间人攻击。Aiming at the network security problems caused by the lack of authentication mechanism in TCP/IP protocol and the low efficiency of additional security technologies such as IPSec,this paper proposed a signature and authentication method based on message hash chain.This method formed a message hash chain about the message sequence by means of iterative hash with the hash value of the transmitted message,and both sides of the communication ensured the integrity of the message sequence through the message hash chain.When carrying out data signature and authentication,both sides of the communication only needed to carry out signature and authentication according to a certain interval of data messages to ensure the integrity and non-repudiation of multiple messages and effectively improve the efficiency of message security transmission.Experiments show that the average bit rate of the message hash chain authentication method is significantly higher than that of packet by packet signature method of IPSec under the same network environment and the general software implementation mode.And this signature and authentication method can effectively defend against man-in-the-middle attacks.

关 键 词：网络安全 报文哈希链 数字签名 认证 中间人攻击 

分 类 号：TP309.2[自动化与计算机技术—计算机系统结构]