摘要
针对SOA多域协作中认证信息的安全传递和用户隐私保护需求,基于现有可证安全的无证书聚合签密方案提出一种面向隐私保护的服务调用安全认证协议。根据服务调用路径逐次对认证信息进行聚合签密,有效支持服务提供方能够动态加入到服务调用认证流程;分别利用聚合签密方案和DH(Diffie-Hellman)算法确保SOAP消息中认证信息和共享信息的机密性,使SOAP消息中的隐私信息仅能被指定的服务提供方解密,有效控制了隐私信息的披露范围;同时利用聚合签密方案的公开可验证性确保服务调用流程中的其余服务提供方能够验证聚合签密值的有效性。与其他协议相比,缩短了SOAP消息的长度,提高了消息传输效率。
Aiming at the requirement of the safe transmission of authentication credentials and the privacy preserv- ing in service orientied multi-domain collaboration environment, a privacy-preserving authentication protocol for service invocation based on the provable secure certificateless aggregate signcryption scheme was proposed. By the path of the service invocation, the authentication information has been signcrypted successively, ensuring that the service providers can dynamically and orderly join in the process of service invocation authentication. The creden- tials and shared information can be safely transmitted respectively by the aggregate signcryption scheme and Diffie-Hellman algorithm, thus the SOAP message only can be decoded by specified acceptor, which is suitable for controlling the disclosure scope of the privacy information. Simultaneously, the public verifiability of CLASC can ensure that the validity of the aggregate signcryption can be verified by other service providers. The length of the SOAP message is shorter than existed protocols, which improve the transfer efficiency.
作者
柴林鹏
张斌
刘洋
孙佳佳
CHAI Linpeng1'2, ZHANG Bin1'2, LIU Yang1'2, SUN Jiajia1'2(1.Information Engineering University, Zhengzhou 450001, China 2.Henan Province Information Security Key Laboratory, Zhengzhou 450001, China)
出处
《网络与信息安全学报》
2018年第3期42-50,共9页
Chinese Journal of Network and Information Security
基金
河南省基础与前沿技术研究计划基金资助项目(No.142300413201)
信息保障技术重点实验室开放基金资助项目(No.KJ-15-109)
信息工程大学新兴科研方向培育基金资助项目(No.2016604703)~~
关键词
SOA多域协作:服务调用认证
隐私保护
无证书聚合签密
DH算法
service orientied multi-domain collaboration, service invocation authentication, privacy protection,certificateless aggregate signcryption, diffie-hellman algorithm
