基于椭圆曲线密码体制的高效虚拟企业跨域认证方案

doi:10.3969/j.issn.0372-2112.2014.06.010

电子学报 ›› 2014, Vol. 42 ›› Issue (6): 1095-1102.DOI: 10.3969/j.issn.0372-2112.2014.06.010

基于椭圆曲线密码体制的高效虚拟企业跨域认证方案

张文芳^1,2, 王小敏¹, 郭伟^1,2, 何大可^1,2

1. 西南交通大学信息科学与技术学院, 四川成都 610031;
2. 西南交通大学信息安全与国家计算网格四川省重点实验室, 四川成都 610031

收稿日期:2013-01-23 修回日期:2013-07-16 出版日期:2014-06-25
- 作者简介:
- 张文芳 女，1978年生于山西太原，西南交通大学副教授，博士，硕士生导师.研究方向为密码学与信息安全、分布式网络安全.E-mail：wfzhang@swjtu.edu.cn；王小敏 男，1974年生于江西萍乡，西南交通大学教授，博士，博士生导师.研究方向为信息安全、轨道交通安全工程.E-mail：xmwang@swjtu.edu.cn；郭伟男，1980年生于四川峨眉，西南交通大学讲师，博士.研究方向为信息安全，混沌密码设计与分析.；何大可 男，1944年生于重庆，西南交通大学教授，博士生导师.研究方向为密码学与信息安全.
- 基金资助:
- 国家自然科学基金 (No.61003245，No.60903202，No.61371098）; 四川省杰出青年学术带头人培育计划 (No.2011JQ0027）; 铁道部重大项目 (No.2012X004-A）; 中央高校基本科研业务费专项资金 (No.SWJTU12CX099，No.SWJTU11CX041）

An Efficient Inter-Enterprise Authentication Scheme for VE Based on the Elliptic Curve Cryptosystem

ZHANG Wen-fang^1,2, WANG Xiao-min¹, GUO Wei^1,2, HE Da-ke^1,2

1. School of Information Science and Technology, Southwest Jiaotong University, Chengdu, Sichuan 610031, China;
2. Key Laboratory of Information Security and National Computing Grid, Southwest Jiaotong University, Chengdu, Sichuan 610031, China

Received:2013-01-23 Revised:2013-07-16 Online:2014-06-25 Published:2014-06-25
- Supported by:
- National Natural Science Foundation of China (No.61003245, No.60903202, No.61371098); Outstanding Youth Academic Leader Cultivation Plan of Sichuan Province (No.2011JQ0027); Key Program of Ministry of Railways (No.2012X004-A); Fundamental Research Funds for the Central Universities (No.SWJTU12CX099, No.SWJTU11CX041)

摘要/Abstract

摘要：

针对虚拟企业的敏捷、动态、低成本、组织模式多样等特点利用无可信中心椭圆曲线门限签名和可变多方协议提出一个基于虚拟桥CA的高效的广义虚拟企业跨域认证方案.方案借助虚拟桥CA的分布式创建和运行提供了灵活的跨域认证策略并避免实体桥CA的维护成本，可适应虚拟企业不同的组织模式及其动态变化，具备比特安全性高、计算量和通信量小、信任链短、抗合谋攻击等优点，能更好的满足虚拟企业盟员间（特别是终端计算资源或通信带宽受限情况下）的跨域认证需求.

关键词: 虚拟企业, 跨域认证, 虚拟桥认证中心, 椭圆曲线密码体制, 门限签名

Abstract:

In order to meet the special requirements of virtual enterprises (VE),this paper proposed an efficient generalized inter-enterprise authentication scheme.The scheme employed the elliptic curve threshold signature algorithm and the variable multi-party protocols to realize efficient cross certifications between VE partners through a virtual bridge CA.Analysis shows that the proposed scheme can provide a flexible distributed trust policy for VE,and has the advantages of low computation and communication cost,high bit-security,short certificate-chains,and adaptability to various structures of VE,so it can better satisfy the special requirements of inter-enterprise authentication in VE,especially when the computation and communication resource is constrained.

Key words: virtual enterprise (VE), inter-enterprise authentication, virtual bridge certificate authority (VBCA), elliptic curve cryptosystem (ECC), threshold signature

中图分类号:

TP309

张文芳, 王小敏, 郭伟, 等. 基于椭圆曲线密码体制的高效虚拟企业跨域认证方案[J]. 电子学报, 2014, 42(6): 1095-1102.

ZHANG Wen-fang, WANG Xiao-min, GUO Wei, et al. An Efficient Inter-Enterprise Authentication Scheme for VE Based on the Elliptic Curve Cryptosystem[J]. Acta Electronica Sinica, 2014, 42(6): 1095-1102.

参考文献

[1] Camarinha-Matos L M,Afsarmanesh H.The Virtual Enterprise Concept[M].Boston:Kluwer Academic Publishers,1999.3-14.
[2] 路晓明,冯登国.一种基于身份的多信任域网格认证模型[J].电子学报,2006,34(4):577-582. Lu Xiao-ming,Feng Deng-guo.An identity-based authentication model for multi-domain grids[J].Acta Electronica Sinica,2006,34(4):577-582.(in Chinese)
[3] Liu H,Luo P,Wang D.A distributed expansible authentication model based on Kerberos[J].Journal of Network and Computer Applications,2008,31(4):472-486.
[4] 代战锋,温巧燕,李小标.基于分布式PKI 的P2P 网络认证技术[J].电子学报,2009,37(11):2561-2564. Dai Zhan-feng,Wen Qiao-yan,Li Xiao-biao.The authentication technology of P2P network based on distributed PKI[J].Acta Electronica Sinica,2009,37(11):2561-2564.(in Chinese)
[5] Djordjevic I,Dimitrakos T,Romano N,Mac Randal D,Ritrovato P.Dynamic security perimeters for inter-enterprise service integration[J].Future Generation Computer Systems,2007,23(4):633-657.
[6] Rouibah K,Ould-Ali S.Dynamic data sharing and security in a collaborative product definition management system[J].Robotics and Computer-Integrated Manufacturing,2007,23(2):217-233.
[7] Lopez Millan G,Gil Perez M,Martinez Perez G,Gomez Skarmeta A F.PKI-based trust management in inter-domain scenarios[J].Computers & Security,2010,29:278-290.
[8] Xu J,Zhang D,Li X.Dynamic authentication for cross-realm SOA-based business processes[J].IEEE Transactions on Service Computing,2012,5(1):20-32.
[9] 刘端阳,潘雪增.虚拟企业的安全交互模型[J].计算机研究与发展,2003,40(9):1307-1311. Liu Duan-yang,Pan Xue-zeng.A new VCA scheme in virtual enterprises[J].Journal of Computer Research and Development,2003,40(9):1307-1311.(in Chinese)
[10] 张文芳,王小敏,何大可.一个改进的基于门限RSA签名的虚拟企业安全交互模型[J].计算机研究与发展,2012,49(8):1662-1667. Zhang Wen-fang,Wang Xiao-min,He Da-ke.An improved VCA interaction model for virtual enterprises based on threshold RSA signature[J].Journal of Computer Research and Development,2012,49(8):1662-1667.(in Chinese)
[11] 张文芳,何大可,王小敏.基于可变权限集的广义虚拟企业信任交互方案[J].计算机集成制造系统-CIMS,2007,13(5):1001-1007. Zhang Wen-fang,He Da-ke,Wang Xiao-min.Generalized trust-interaction scheme for virtual enterprises based on variable privilege sets[J].Computer Integrated Manufacturing Systems,2007,13(5):1001-1007.(in Chinese)
[12] 张文芳,王小敏,何大可.身份可追查的抗合谋攻击广义虚拟企业信任交互方案[J].计算机集成制造系统-CIMS,2010,16(7):1558-1567. Zhang Wen-fang,Wang Xiao-min,He Da-ke.Novel conspiracy attack immune generalized interactive authentication scheme for virtual enterprises with traceability[J].Computer Integrated Manufacturing Systems,2010,16(7):1558-1567.(in Chinese)

基于椭圆曲线密码体制的高效虚拟企业跨域认证方案

An Efficient Inter-Enterprise Authentication Scheme for VE Based on the Elliptic Curve Cryptosystem

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 9

编辑推荐

Metrics

[1]	马晓婷, 马文平, 刘小雪. 基于区块链技术的跨域认证方案[J]. 电子学报, 2018, 46(11): 2571-2579.
[2]	马春光, 石岚, 周长利, 汪定. 属性基门限签名方案及其安全性研究[J]. 电子学报, 2013, 41(5): 1012-1015.
[3]	黎明;吴丹;戴葵;邹雪城. 高性能可扩展公钥密码协处理器研究与设计[J]. 电子学报, 2011, 39(3): 665-670.
[4]	蔡永泉, 张雪迪, 姜楠. 一种新的基于身份的门限签名方案[J]. 电子学报, 2009, 37(S1): 102-105.
[5]	蔡永泉;张可. 一种门限的基于身份无需随机预言的签名方案[J]. 电子学报, 2008, 36(10): 1966-1969.
[6]	游林. 一类超椭圆曲线上的快速除子标量乘[J]. 电子学报, 2008, 36(10): 2049-2054.
[7]	彭长根, 李祥, 罗文俊. 一种面向群组通信的通用门限签密方案[J]. 电子学报, 2007, 35(1): 64-67.
[8]	陈刚, 金芝, 陆汝钤. 虚拟企业及其协作模型[J]. 电子学报, 2002, 30(S1): 2075-2078.
[9]	张方国;王育民. 超椭圆曲线密码体制的研究与进展[J]. 电子学报, 2002, 30(1): 126-131.