PDF(1708 KB)
PDF(1708 KB)
PDF(1708 KB)
基于椭圆曲线密码体制的高效虚拟企业跨域认证方案
An Efficient Inter-Enterprise Authentication Scheme for VE Based on the Elliptic Curve Cryptosystem
针对虚拟企业的敏捷、动态、低成本、组织模式多样等特点利用无可信中心椭圆曲线门限签名和可变多方协议提出一个基于虚拟桥CA的高效的广义虚拟企业跨域认证方案.方案借助虚拟桥CA的分布式创建和运行提供了灵活的跨域认证策略并避免实体桥CA的维护成本,可适应虚拟企业不同的组织模式及其动态变化,具备比特安全性高、计算量和通信量小、信任链短、抗合谋攻击等优点,能更好的满足虚拟企业盟员间(特别是终端计算资源或通信带宽受限情况下)的跨域认证需求.
In order to meet the special requirements of virtual enterprises (VE),this paper proposed an efficient generalized inter-enterprise authentication scheme.The scheme employed the elliptic curve threshold signature algorithm and the variable multi-party protocols to realize efficient cross certifications between VE partners through a virtual bridge CA.Analysis shows that the proposed scheme can provide a flexible distributed trust policy for VE,and has the advantages of low computation and communication cost,high bit-security,short certificate-chains,and adaptability to various structures of VE,so it can better satisfy the special requirements of inter-enterprise authentication in VE,especially when the computation and communication resource is constrained.
虚拟企业 / 跨域认证 / 虚拟桥认证中心 / 椭圆曲线密码体制 / 门限签名 {{custom_keyword}} /
virtual enterprise (VE) / inter-enterprise authentication / virtual bridge certificate authority (VBCA) / elliptic curve cryptosystem (ECC) / threshold signature {{custom_keyword}} /
[1] Camarinha-Matos L M,Afsarmanesh H.The Virtual Enterprise Concept[M].Boston:Kluwer Academic Publishers,1999.3-14.
[2] 路晓明,冯登国.一种基于身份的多信任域网格认证模型[J].电子学报,2006,34(4):577-582. Lu Xiao-ming,Feng Deng-guo.An identity-based authentication model for multi-domain grids[J].Acta Electronica Sinica,2006,34(4):577-582.(in Chinese)
[3] Liu H,Luo P,Wang D.A distributed expansible authentication model based on Kerberos[J].Journal of Network and Computer Applications,2008,31(4):472-486.
[4] 代战锋,温巧燕,李小标.基于分布式PKI 的P2P 网络认证技术[J].电子学报,2009,37(11):2561-2564. Dai Zhan-feng,Wen Qiao-yan,Li Xiao-biao.The authentication technology of P2P network based on distributed PKI[J].Acta Electronica Sinica,2009,37(11):2561-2564.(in Chinese)
[5] Djordjevic I,Dimitrakos T,Romano N,Mac Randal D,Ritrovato P.Dynamic security perimeters for inter-enterprise service integration[J].Future Generation Computer Systems,2007,23(4):633-657.
[6] Rouibah K,Ould-Ali S.Dynamic data sharing and security in a collaborative product definition management system[J].Robotics and Computer-Integrated Manufacturing,2007,23(2):217-233.
[7] Lopez Millan G,Gil Perez M,Martinez Perez G,Gomez Skarmeta A F.PKI-based trust management in inter-domain scenarios[J].Computers & Security,2010,29:278-290.
[8] Xu J,Zhang D,Li X.Dynamic authentication for cross-realm SOA-based business processes[J].IEEE Transactions on Service Computing,2012,5(1):20-32.
[9] 刘端阳,潘雪增.虚拟企业的安全交互模型[J].计算机研究与发展,2003,40(9):1307-1311. Liu Duan-yang,Pan Xue-zeng.A new VCA scheme in virtual enterprises[J].Journal of Computer Research and Development,2003,40(9):1307-1311.(in Chinese)
[10] 张文芳,王小敏,何大可.一个改进的基于门限RSA签名的虚拟企业安全交互模型[J].计算机研究与发展,2012,49(8):1662-1667. Zhang Wen-fang,Wang Xiao-min,He Da-ke.An improved VCA interaction model for virtual enterprises based on threshold RSA signature[J].Journal of Computer Research and Development,2012,49(8):1662-1667.(in Chinese)
[11] 张文芳,何大可,王小敏.基于可变权限集的广义虚拟企业信任交互方案[J].计算机集成制造系统-CIMS,2007,13(5):1001-1007. Zhang Wen-fang,He Da-ke,Wang Xiao-min.Generalized trust-interaction scheme for virtual enterprises based on variable privilege sets[J].Computer Integrated Manufacturing Systems,2007,13(5):1001-1007.(in Chinese)
[12] 张文芳,王小敏,何大可.身份可追查的抗合谋攻击广义虚拟企业信任交互方案[J].计算机集成制造系统-CIMS,2010,16(7):1558-1567. Zhang Wen-fang,Wang Xiao-min,He Da-ke.Novel conspiracy attack immune generalized interactive authentication scheme for virtual enterprises with traceability[J].Computer Integrated Manufacturing Systems,2010,16(7):1558-1567.(in Chinese)
国家自然科学基金 (No.61003245,No.60903202,No.61371098); 四川省杰出青年学术带头人培育计划 (No.2011JQ0027); 铁道部重大项目 (No.2012X004-A); 中央高校基本科研业务费专项资金 (No.SWJTU12CX099,No.SWJTU11CX041)
/
| 〈 |
|
〉 |
