位置信息端云可信传输方案设计  

作　　者：张璐 屠晨阳[1] 苗张旺 甘静鸿 ZHANG Lu;TU Chenyang;MIAO Zhangwang;GAN Jinghong(State Key Laboratory of Information Security,Institute of Information Engineering,Chinese Academy of Sciences,Beijing 100085,China;School of Cyber Security,University of Chinese Academy of Sciences,Beijing 100049,China;The State Information Center,Beijing 100045,China;School of Information Network Security,People’s Public Security University of China,Beijing 100038,China;Zhangzhou Public Security Bureau Taiwan Business Investment Zone Branch,Zhangzhou 363000,China)

机构地区：[1]中国科学院信息工程研究所信息安全国家重点实验室,北京100085 [2]中国科学院大学网络空间安全学院,北京100049 [3]国家信息中心,北京100045 [4]中国人民公安大学信息网络安全学院,北京100038 [5]漳州市公安局台商投资区分局,漳州363000

出　　处：《信息网络安全》2023年第10期39-47,共9页Netinfo Security

基　　金：国家重点研发计划[2022YFB3903900]。

摘　　要：由于北斗导航技术与大众消费级应用的深度融合发展,位置信息的重要性愈加凸显,但大多应用未对位置信息进行充分保护,计算复杂性高的传统密码学方案不能直接用于资源受限的北斗导航应用环境,且终端的软件执行环境也并不安全。因此文章基于专用的北斗导航芯片,在芯片内部利用密码与通信模块实现轻量级的位置信息端云可信传输机制,基于TLS(Transport Layer Security)的协议思路保护位置信息在传输中的真实性、完整性与机密性。文章所提方案尽可能少地使用复杂的计算、验证与证书管理,在保证数据处理性能的同时抵御中间人攻击、重放攻击、拒绝服务等攻击,具有一定的安全性与鲁棒性。Due to the deep integration and development of BeiDou navigation technology and mass consumer applications,the importance of location information has become increasingly prominent,but most applications have not fully protected the location information.The traditional Cryptography solutions with high computational complexity cannot be directly used in the resource constrained BeiDou navigation application environment,and the software execution environment of the terminal is not safe.This article was based on a dedicated BeiDou navigation chip,which utilized cryptographic and communication modules to achieve a lightweight end-to-cloud trusted transmission mechanism for location information within the chip.The mechanism protected the authenticity,integrity,and confidentiality of location information during transmission based on the TLS(Transport Layer Security)protocol concept.This solution not only minimizes the use of complex calculations,verification,and certificate management to ensure data processing performance,but also resists attacks such as man in the middle,replay,and denial of service,with a certain degree of security and robustness.

关 键 词：北斗 位置保护 安全通信 端云可信传输 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]