论文部分内容阅读
为了解决使用直接匿名证明方法进行远程证明易受伪装攻击的问题,提出了一种基于直接匿名证明和安全传输层协议(TLS)的匿名远程证明协议.使用可信平台模块,完成平台配置和匿名身份的度量并生成签名信息;改进身份认证和证书校验机制,并使用TLS协议的扩展消息传输远程证明内容;结合匿名证明、完整性报告和密钥协商机制设计总体协议,从而在交互双方构建出匿名认证的可信信道.分析表明:改进方案满足身份认证的不可伪造性、匿名性、可控的可链接性和不可克隆性,能够抵御重放攻击和伪装攻击,且设计的协议兼容扩展的TLS协议架构,便于部署.
In order to solve the problem of remote proof of dishonest attack using direct anonymous authentication, an anonymous remote authentication protocol based on direct anonymous authentication and secure transport layer protocol (TLS) is proposed.Using a trusted platform module, platform configuration and anonymity Identity measurement and generate signature information; improve the authentication and certificate verification mechanism, and use TLS protocol extended message transmission remote proof content; combined with anonymous attestation, integrity report and key agreement mechanism to design the overall agreement, so that both parties to the interaction The results show that the improved scheme can meet the unforgeability, anonymity, controllably linkability and unclarifiability of identity authentication, and can resist replay attacks and camouflage attacks, and the designed protocol is compatible with the extension TLS protocol architecture, easy to deploy.