Study on the CFL Trust Authentication

Abstract

Abstract: This paper shows a schematic diagram about the relationship between trusted computing and information security through analyzing the trusted computing，authentication techniques and authentication systems. Moreover, it not only makes a detailed analysis and comparison about various smart card authentication technology and also gives further definition of trust authentication that is if all the computation in the authentication systems is trusted, the authentication system is trusted. At last, it proves that if the CFL users are based on the independent hardware and CFL certificate generation center is also based on the independent hardware calculation, then the CFL authentication system can be trusted.

Key words: trust computing, authentication technique, authentication system, CFL (Chen, Fan, and Lü), trust root, trust authentication

摘要： 通过对可信计算、认证技术、认证体制的梳理，给出了可信计算与信息安全的关系示意图，对各种智能卡认证技术作了详细的分析与比较，进一步给出了可信认证的定义，即若认证体制在具体应用中所有计算都是可信计算，则该认证体制是可信认证.证明了若CFL用户基于独立硬件的计算，CFL证书生成中心也基于独立的硬件计算，则CFL认证体制可实现可信认证.

关键词: 可信计算, 认证技术, 认证体制, CFL (Chen, Fan, and Lü), 可信根, 可信认证

焦毅航. CFL可信认证研究[J]. 信息安全研究, 2016, 2(7): 608-621.

References

［1］Anderson J P. Computer security technology planning study volume II［R］. Hanscom Field, Bedford, MA, USA: Electronic Systems Division, Air Force Systems Command, 1972［2］Nibaldi G H. Specification of a trusted computing base, M79228［R］. Bedford, MA, USA: The MITRE Corportation, 1979［3］Department of Defense. Trusted Computer System Evaluation Criteria［S］. Washington, DC: DOD,1985［4］National Computer Security Center. NCSCTG021 Trusted Database Management System Interpretation［S］. USA: DOD, 1991［5］National Computer Security Center. NCSCTG005 Trusted Network Interpretation of the Trusted Computer System Evaluation Criteria［S］. USA: DOD, 1987［6］沈昌祥, 张焕国, 冯登国, 等. 信息安全综述［J］. 中国科学: F辑信息科学, 2007, 37(2): 129150［7］张焕国, 罗捷, 金刚, 等. 可信计算研究进展［J］. 武汉大学学报: 理学版, 2006, 52(5): 513518［8］闵应骅. 可信系统与网络［J］.计算机工程与科学, 2001, 29(5): 2123+28［9］Mundie C. Trustworthy Computing Microsoft White Paper［EBOL］.［20160505］. http:www.microsoft.com presspassexeccraig1002trustworthywp.asp［10］Group T C. TCG Specification architecture overview Version 1.2［EBOL］. 2003 ［20160505］. https:www.trustedcomputinggroup.org［11］Lamport L. Password authentication with insecure communication［J］. Communications of the ACM, 1981, 24(11): 770772［12］Sandirigama M, Shimizu A, Noda M T. Simple and secure password authentication protocol(SAS)［J］. IEICE Trans on Communication, 2000, E83B(6): 13631365［13］Lin C L, Sun H, Hwang T. Attacks and solutions on strong password authentication［J］. IEICE Trans on Communication, 2001, E84B(9): 2622［14］Chen ChienMing, Ku W C. Stolenverifier attack on two new strong password authentication protocols［J］.IEICE Trans on Communication, 2002, E85B(11): 25192521［15］Chien HungYu, Jan JinnKe, Tseng YuhMin. An efficient and practical solution to remote authentication: Smart card［J］. Computer & Security, 2002, 21(4): 372375［16］Hsu ChienLung. Security of two remote user authentication schemes using smart cards［J］.IEEE Trans on Consumer Electronics, 2003, 49(4): 11961198［17］Ku WeiChui, Chen ShuaiMin. Weakness and improvement of efficient password based remote user authentication scheme using smart card［J］.IEEE Trans on Consumer Electronics, 2004, 50(1): 204207［18］Lee ChengChi, Li LiHua, Hwang MinShiang. A remote user authentication scheme using hash functions［J］. ACM Operating Systems Review, 2002, 36(4): 2329［19］Peng Shuanghe, Han Zhen, Liu Jiqiang. Security enhancement for two remote user authentication schemes［C］ Proc of ICSP2004. Piscataway, NJ: IEEE, 2004: 26282631［20］邓飞进, 范磊, 施建俊. 使用智能卡的动态口令认证机制［J］.计算机工程, 2005, 31(24): 172174［21］吴凡. 智能卡身份认证技术研究与实现［D］. 厦门: 厦门大学, 2008［22］安兴亚, 童小念. 一种远程动态身份认证方案［J］. 计算机与数字工程, 2007, 35(3): 9697［23］Lin ChihWei, Shen JauJi, Hwang MinShiang. Security enhancement for optimal strong password authentication protocol［J］. ACM Operating System Review, 2003, 37(2): 712［24］Ku WeiChi, Tsai HaoChuan, Chen ShuaiMin. Two simple attacks on LinShenHwangs strongpassword authentication protocol［J］. ACM SIGOPS Operating Systems Review, 2003, 37(4): 2631［25］Jain A K, Hong L, Pankanti S, et al. Identityauthentication system using fingerprints［J］.Proceedings of the IEEE,1997, 85(9): 13651388［26］Upendra K, Singh S, Kumar V, et al. Online fingerprint verification［J］. Journal of Medical Engineering and Technology, 2007, 31(1): 3645［27］Ratha N K, Karu K, Chen S, et al. Realtime matching system for large fingerprint databases［J］.IEEE Trans on Pattern Analysis and Machine Intelligence,1996, 18(8): 799813［28］Lu Y, Yoon S, Xie S J, et al. Finger vein recognition using generalized local line binary pattern［J］. KSII Trans on Internet and Information Systems, 2014, 8(5): 17661784［29］岳峰, 左旺孟, 张大鹏. 掌纹识别算法综述［J］. 自动化学报, 2010, 36(3): 353365［30］Brunelli R, Poggio T. Face recognition: Features versus templates［J］. IEEE Trans on Pattern Analysis and Machine Intelligence, 1993, 15(10): 10421052［31］高丽萍, 郭义民, 倪重匡. 一种改进的特征脸方法［J］. 计算机应用与软件, 2002, 19(8): 4447［32］周杰, 卢春雨, 张长水, 等. 人脸自动识别方法综述［J］. 电子学报, 2000, 28(4): 102106［33］张宏超. 声音识别简介［J］. 信息与控制, 1979, 8(3): 279281［34］王星明, 田捷, 武岩. 一种结合自动指纹认证与密码技术的安全机制［J］. 计算机工程, 1999, 36(25): 144146［35］Juels A, Sudan M. A fuzzy vault scheme［C］ Proc of IEEE Int Symp on Information Theory. Piscataway, NJ: IEEE, 2002: 408［36］Clancy T C, Kiyacash N, Lin D J. Secure smart cardbased fingerprint authentication［C］ Proc of the 2003 ACM SIGMM Workshop on Biometrics Methods and Applications. New York: ACM, 2003: 4552［37］Uludag U, Pankanti S, Jain A K. Fuzzy Vault for fingerprints［C］ Audioand VideoBased Biometric Person Authentication. Berin: Springer, 2005: 310319［38］Juels A, Sudan M. A fuzzy vault scheme［J］. Designs, Codes, and Crytography, 2006, 38(2): 237257［39］Uludag U, Jain A K. Securing fingerprint template: Fuzzy vault with helper data［C］ Proc of Conf on Computer Vision and Pattern. Piscataway, NJ: IEEE, 2006: 163163［40］Chung Y, Moon D, Lee S, et al. Automatic alignment of fingerprint features for fuzzy fingerprint vault［C］ Information Security and Cryptology. Berlin: Springer, 2005: 358369［41］游林, 王升国, 陆捷, 等. 一种基于指纹特征数据与匹配算法的新型模糊金库方法: 中国, ZL201110341284.7［P］. 20140709［42］游林, 范萌生, 林刚, 等. 一种基于(k,w)门限秘密共享方案的指纹模糊金库方法: 中国, 201210322278.1［P］. 20141203［43］Diffie W, Hellman M E. New directions in cryptography［J］. IEEE Trans on Information Theory, 1976, 22(6): 644654［44］王雪颖. PKI认证系统研究与设计［D］. 成都: 电子科技大学, 2002［45］Shamir A. Identitybased cryptosystems and signature schemes［G］ LNSC 196. Berlin:Springer, 1984: 4753［46］Cocks C. An identity based encryption scheme based on quadratic residues［G］ LNCS 2260. Berlin: Springe, 2001: 360363［47］Boneh D, Franklin M. Identity based encryption from the weil pairing［G］ LNCS 2139. Berlin: Springer, 2001: 213229［48］Boneh D, Boyen X. Security identity based encryption without random oracles［G］ LNCS 3152: Advances in CryptologyCrypto 2004. Berlin: Springer, 2004: 443459［49］Waters B R. Efficient identitybased encryption without random oracles［EBOL］. 2004 ［20160505］. http: eprint.iacr.org2004180.pdf［50］Sakai A, Waters B. Fuzzy identitybased encryption［G］ LNCS 3494. Berlin: Spinger, 2005: 457473［51］Sakai R, Ohgishi K, Kasahara M. Cryptosystems based on pairing［C］ Proc of SCIS 2000. 2000: 2628［52］Paterson K G. An identitybased signature from pairings on elliptic curves［EBOL］. 2002 ［20160505］. http: eprint.iacr.org 2002004.pdf［53］Hess F. Efficient identity based signature schemes based on pairings［G］ LNCS 2595: Proc of SAC 2002. Berlin: Springer, 2003: 310324［54］Zhang F, Kim K. IDbased blind signature and ring signature from pairings［G］ LNCS 2510. Berlin: Springer, 2002: 533547［55］Au M H, Liu J K, Yucn Y H, et al. IDbased ring signature scheme secure in the standard model［EBOL］. 2006 ［20160505］. http:eprint.iacr.org2006205.ps.gz［56］Gentry C, Silverberg A. Hierarchical IDbased cryptography［G］ LNCS 2501. Berlin: Springer, 2002: 548566［57］Wenbo Mao. 现代密码学理论与实践［M］. 王继林, 伍前红, 等译. 北京: 电子工业出版社, 2004: 293308［58］Lee B, Boyd C, Dawson E, et al. Secure key issuing in IDbased cryptography［C］ Proc of AISW 2004. Dunedin: Australian Computer Society, 2004: 6974［59］Chen L, Harrison K, Smart N P, et al. Applications of multiple trust authorities in pairing based cryptosystems［G］ LNCS 2437. Berlin: Springer, 2002: 260275［60］Cheng Z H, Comley R, Vasiu L, et al. Remove key escrow from the identitybased encryption system［C］ Proc of IMSCCS 2006. Berlin: Springer, 2006: 1318［61］李新国, 葛建华, 赵春明. IBE公钥加密系统的用户私钥分发方案［J］.西安电子科技大学学报: 自然科学版, 2004, 31(4): 569573［62］陈华平, 范修斌, 吕述望. CFL专利, 中国［P］. 20160217

[1]	. Research on Cybersecurity Certification System of Critical Information Infrastructure [J]. Journal of Information Security Research, 2019, 5(9): 847-850.
[2]	. CFL Authentication System and Its Applications in the Blockchain [J]. Journal of Information Security Research, 2017, 3(3): 220-226.
[3]	. Comparative Study on the Properties of CFL [J]. Journal of Information Security Research, 2016, 2(7): 600-607.
[4]	. CFL’s Schemes for Classical Information Security Problems [J]. Journal of Information Security Research, 2016, 2(7): 639-648.
[5]	. The Overview of Authentication Systems [J]. Journal of Information Security Research, 2016, 2(7): 649-659.