一种基于PCA的远程匿名证明改进方案

J4 ›› 2012, Vol. 34 ›› Issue (1): 38-42.

一种基于PCA的远程匿名证明改进方案

池亚平1，漆佑军2，魏占祯1，方勇1

（1.北京电子科技学院通信工程系,北京 100070；2.西安电子科技大学通信学院，陕西西安 710071）

收稿日期:2010-12-31 修回日期:2011-03-28 出版日期:2012-01-25 发布日期:2012-01-25
基金资助:
国家自然科学基金资助项目(60951001);国家科技支撑计划重点资助项目（2009BAH52B06）;北京市自然科学基金资助项目(4102057)

An Improved Remote Anonymous Attestation Scheme Based on Privacy CA

CHI Yaping 1，QI Youjun2，WEI Zhanzhen1，FANG Yong1

（1.Department of Communication Engineering,
Beijing Electronics and Science Technology Institute,Beijing 100070;
2.School of Communication,Xidian University,Xi’an 710071,China)

Received:2010-12-31 Revised:2011-03-28 Online:2012-01-25 Published:2012-01-25

摘要/Abstract

摘要：

远程证明是可信计算的关键技术之一，可以验证平台身份和配置信息的可信性，而现有远程证明方案存在一定的缺陷。本文在分析现有基于匿名属性证书的远程匿名证明方案的基础上，提出了改进方案。针对原方案中存在的在匿名属性证书申请过程中未验证证书颁发实体的问题，对证书申请方案进行了改进，采用会话密钥对PCA签名，保证了证书颁发实体的真实性；针对远程证明协议存在恶意用户接入的问题，在改进方案中引入假名机制，即保证了用户身份的匿名性，又防止了具有不良历史记录用户的非法接入。

关键词: 远程证明, 可信计算, PCA, 假名, 匿名证明

Abstract:

Remote attestation is one of the key technologies of trusted computing，which is used for attesting the identity and configuration of remote platforms, but there are some shortcomings in existing remote attestation schemes. On the basis of analyzing the existing remote anonymous schemes based on Anonymous Attribute Credential(AAC)，an improved scheme is proposed. Aiming at the problem that the PCA which delivers the certification(AAC) is not verified in the process of applying, the improved scheme uses the session key to sign PCA to guarantee the authenticity of PCA. Meanwhile, aiming at the problem of the malicious user’s access to the network, a pseudonym mechanism is introduced in the improved scheme. It can ensure the anonymity of the user and can prevent the illegal access of the users with malicious historical marks.

Key words: remote attestation；trusted computing；PCA；pseudonym；anonymous attestation

池亚平1，漆佑军2，魏占祯1，方勇1. 一种基于PCA的远程匿名证明改进方案[J]. J4, 2012, 34(1): 38-42.

CHI Yaping 1，QI Youjun2，WEI Zhanzhen1，FANG Yong1. An Improved Remote Anonymous Attestation Scheme Based on Privacy CA[J]. J4, 2012, 34(1): 38-42.

参考文献［9］

［1］	Trusted Computing Group.TCG Specification Architecture Overview ［EB/OL］.［20070301］. http://www.trustedcomputinggroup.org.
［2］	Trusted Computing Group.Trusted Computing Platform Alliance (tcpa) Main Specification ［EB/OL］. ［20030301］. http://www.trustedcomputinggroup.org.
［3］	Brickell E,Camenisch J, Chen L. Direct Anonymous Attestation［C］ ∥Proc of the 11th ACM Conference on Computer and Communications Security, 2004:132145.
［4］	邱罡, 王玉磊, 周利华. 一种基于可信计算的VPN接入认证方案［J］. 计算机科学, 2010,36(7):7678.
［5］	Haldar V,Chandra D, Franz M. A Virtual Machine Directed Approach to Trusted Computing［C］∥Porc of USENIX Virtual Machine Research and Technology Symposium, 2004:0320.
［6］	Sadeghi A, Stuble C. PropertyBased Attestation for Computing Platforms［C］∥Proc of the 2004 Workshop on New Security Paradigms, 2004:6777.
［7］	Li Lixin, Li Chaoling, Zhou Yanzhou. A Remote Anonymous Attestation Scheme with Improved Privacy CA［C］∥Proc of the 2009 International Conference on Multimedia Information Networking and Security, 2009:153157.
［8］	Cramer R,Shoup V. Signature Schemes Based on the Strong RSA Assumption［J］. ACM Transactions on Information and System Security, 2000,3(3):161185.
［9］	汪涛. 基于智能卡的认证与隐私保护协议研究:［博士学位论文］［D］. 北京: 北京邮电大学, 2006.

[1]	韩辉, 麦合甫热提, 吾尔尼沙·买买提, 朱亚俐, 库尔班·吾布力, . 基于Gist和IPCA算法的多文种离线手写签名识别[J]. 计算机工程与科学, 2022, 44(11): 2048-2055.
[2]	周丽, 冯百明, 关煜, 方格. 面向智能手机拍摄的变形文档图像校正[J]. 计算机工程与科学, 2022, 44(01): 102-109.
[3]	文武, 万玉辉, 张许红, 文志云, . 基于改进CHI和PCA的文本特征选择[J]. 计算机工程与科学, 2021, 43(09): 1645-1652.
[4]	曹婷婷, 张忠林. 代价敏感的KPCA-Stacking不均衡数据分类算法[J]. 计算机工程与科学, 2021, 43(03): 525-533.
[5]	林瑾. TOPCARES-CDIO模式的《单片机原理与接口》课程教学改革[J]. 计算机工程与科学, 2019, 41(增刊S1): 81-84.
[6]	张猛，钱育蓉，杜娇，范迎迎. 基于特征整合的卷积神经网络草地分类算法[J]. 计算机工程与科学, 2019, 41(07): 1251-1256.
[7]	纪明君，刘漫丹，才乐千. 基于半监督LDA特征子空间优化的人脸识别算法[J]. 计算机工程与科学, 2018, 40(10): 1851-1857.
[8]	吕红伟，王士同. 基于RPCA对高维数据子空间聚类的预测方法[J]. 计算机工程与科学, 2017, 39(03): 553-561.
[9]	江铁成. 一种改进PCA与IHS融合的高光谱图像异常检测算法[J]. J4, 2016, 38(04): 733-738.
[10]	文松,吴钊,郑毅. 一种基于可信计算平台的无线传感器网络标识密钥更新方法[J]. J4, 2015, 37(10): 1856-1861.
[11]	孟建良，王雅继. 最佳点平滑法寻找最佳拼接缝[J]. J4, 2015, 37(07): 1387-1392.
[12]	朱黎，胡涛，罗锋，毛雷，纪忠原. 基于自适应LBP人脸识别的身份验证[J]. J4, 2014, 36(11): 2217-2222.
[13]	曹磊，李璟，洪留荣. 一种融合区域化多特征的车辆检测方法[J]. J4, 2012, 34(6): 123-126.
[14]	文松,吴钊,袁磊. 基于状态保持的Web服务组合可信度度量方法[J]. J4, 2012, 34(10): 135-139.
[15]	曾岳1,2,冯大政1. 一种基于人脸垂直对称性的变形2DPCA算法[J]. J4, 2011, 33(7): 74-79.