基于IPv6的P2P-SIP可证明安全无证书匿名通信协议

doi:10.7523/j.issn.2095-6134.2013.04.017

中国科学院大学学报 ›› 2013, Vol. 30 ›› Issue (4): 547-554.DOI: 10.7523/j.issn.2095-6134.2013.04.017

基于IPv6的P2P-SIP可证明安全无证书匿名通信协议

张格非, 张玉清

中国科学院大学国家计算机网络入侵防范中心, 北京 100049

收稿日期:2012-07-20 修回日期:2013-01-21 发布日期:2013-07-15
通讯作者: 张格非
基金资助:
国家自然科学基金(60970140);北京市自然科学基金(4122089)资助 

Provably secure certificateless anonymous authentication protocol for P2P-SIP based on IPv6

ZHANG Ge-Fei, ZHANG Yu-Qing

National Computer Network Intrusion Protection Center, University of Chinese Academy of Sciences, Beijing 100049, China

Received:2012-07-20 Revised:2013-01-21 Published:2013-07-15

摘要/Abstract

摘要：

依照下一代网络协议的发展趋势,分析IETF提出的SIP协议和P2P网络结合的P2P-SIP网络的特点,针对其优势和不足提出一个基于椭圆曲线算法并适用于IPv6的P2P-SIP无证书匿名通信协议,使用CK安全模型对方案的安全性进行了证明. 对协议的安全性分析表明,该协议具有相互认证、完美前向保密性、匿名性、已知密钥安全、非密钥泄露伪装等安全属性;协议可抵御已知密钥攻击、中间人攻击、SYBIL攻击等攻击. 通过与已知协议的比较可知,该协议有更好的安全性和效率.

关键词: 对等网络-线令控制, 无证书, 椭圆曲线密码学, IPv6, 匿名

Abstract:

Following the developmental trend of the next-generation-network protocols, we analyze the characteristics of the P2P-SIP network which combines the SIP protocol and P2P networks. Considering its strengths and weaknesses, we design a certificateless anonymous protocol based on elliptic curve algorithms for P2P-SIP, which can be applied in IPv6 network. We prove the proposed protocol under the CK security model and do security analysis on the protocol. The security analysis demonstrates that the proposed protocol has the following security attributes: mutual authentication, excellent forward secrecy, anonymity, known key security, and key compromise impersonation. The proposed protocol can also effectively resist the known-key attack, Man-in-the-middle attack, SYBIL attack, and some other attacks. We compare our protocol with previous protocols and show that our protocol has more security attributes and more effective than the previous protocols.

Key words: P2P-SIP, certificateless, elliptic curve cryptography, IPv6, anonymous

中图分类号:

TP393

张格非, 张玉清. 基于IPv6的P2P-SIP可证明安全无证书匿名通信协议[J]. 中国科学院大学学报, 2013, 30(4): 547-554.

ZHANG Ge-Fei, ZHANG Yu-Qing. Provably secure certificateless anonymous authentication protocol for P2P-SIP based on IPv6[J]. , 2013, 30(4): 547-554.

参考文献

[1] Deering S, Hiden R. RFC2460. Internet protocol: version 6(IPv6) specification[S]. Internet Engineering Task Force, 1998.

[2] Rosenberg J, Schulzrinne H, Camarillo G, et al. RFC3261. SIP: session initiation protocol[S]. Internet Engineering Task Force, 2002.

[3] Chaum D. Untraceable electronic mail, return addresses, and digital pseudonyms[J]. Communications of the ACM, 1981, 24(2): 84-90.

[4] Moeller U, Cottrell L, Palfrader P, et al. Mixmaster protocol version 2[S]. Tech rep Network Working Group, Internet-Draft, 2004.

[5] Danezis G, Dingledine R, Mathewson N. Mixminion: design of a type III anonymous remailer protocol[C]//Proc of IEEE Symposium on Security and Privacy. Berkeley, USA, 2003: 2-15.

[6] Reed M, Syverson P, Goldschlag D. Anonymous connections and onion routing[J]. IEEE Journal on Selected Areas in Communications, 1998, 16(4) 482-494.

[7] Mislove A, Oberoi G, Post A, et al. Ap3: cooperative, decentralized anonymous communication[C]//Proc of 11th ACM SIGOPS European workshop. Leuven, Belgium, 2004.

[8] Nambiar A, Wright M. Salsa: a structured approach to large-scale anonymity[C]//Proc of 13th ACM Conference on Computer and Communications Security. Alexandria, USA, 2006: 17-26.

[9] Freedman M J, Morris R, Tarzan. A peer-to-peer anonymizing network layer[C]//Proc of the 9th ACM Conference on Computer and Communications Security. Washington DC, USA, 2002: 193-206.

[10] Rennhard M, Plattner B. Introducing morphmix: peer-to-peer based anonymous internet usage with collusion detection[C]//Proc of Workshop on Privacy in the Electronic Society. Washington DC, USA, 2002: 91-102.

[11] 吴建平,任罡,李星. 构建基于真实IPv6 源地址验证体系结构的下一代互联网[J]. 中国科学 E辑: 信息科学, 2008, 38(10): 1583-1593.

[12] Wu J, Bi J, Li X, et al. RFC5210. A source address validation architecture(SAVA) testbed and deployment experience [S]. Internet Enginnering Task Force, 2008.

[13] Singh K, Schulzrinne H. Peer-to-peer internet telephony using SIP[C]//Proc of the international workshop on Network and operating systems support for digital audio and video. Stevenson, WashingtonDC, USA, 2005: 63-68.

[14] Al-Riyami SS, Paterson KG. Certificateless public key cryptography[C]//Laih CS. Proc of the ASIACRYPT. LNCS 2894, Berlin: Springer-Verlag, 2003: 452-473.

[15] Canetti R, Krawczyk H. Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels[C]//Proc of Eurocrpt'01. LNCS 2045, Springer-Verlag, 2001: 453-474.

[16] Zhang J, Duan H X, Wu J P. Anonymous communication system for IPv6 networks[J]. Journal of Tsinghua University: Sci & Tech, 2011, 51(1): 63-67(in Chinese). 张甲,段海新,吴建平. IPv6环境下匿名通信系统的设计与实现[J]. 清华大学学报:自然科学版,2011,51(1):63-67.

[17] Bellare M, Canetti R, Krawczyk H. A modular approach to the design and analysis of authentication and key-exchange protocols[C]//30th STOC. 1998: 419-428.

[18] Goldwasser S, Micali S. Probabilistic encryption[J]. JCSS, 1984, 28(2): 270-299.

[19] Goldwasser S, Bellare M. Lecture notes on Cryptography[M]. Cambridge, Massachusetts, 2008:136-148.

[20] Tin Y, Vasanta H, Boyd C. Protocols with security proofs for moblie applications[M]. Berlin: Springer-Verlag, 2004: 358-369.

[21] Yang C C, Wang R C, Liu W T. Secure authentication scheme for session initiation protocol[J]. Computer & Security, 2005, 24: 381-386.

[22] Dulanik A, Sogukpinar I. SIP authentication scheme using ECDH[J]. World Enformatika Society Transaction on Engineering Computing and Technology, 2005, 8: 350-353.

[23] Wang F J, Zhang Y Q. A new provably secure authentication and key agreement mechanism for SIP using certificateless public-key cryptography[J]. Computer Communications, 2008, 31: 2142-2149.

[24] Wang Q L, Zhang X H, Gao B Z. Security communications algorithm in P2P-SIP network[J]. Computer Engineering and Applications, 2010, 46(35): 109-111.

[25] Karopoulos G, Kambourakis G, Gritzalis S. PrivaSIP: Ad-hoc identity privacy in SIP[J]. Computer Standards and Interfaces, 2011, 33(3): 301-314.

基于IPv6的P2P-SIP可证明安全无证书匿名通信协议

Provably secure certificateless anonymous authentication protocol for P2P-SIP based on IPv6

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 8

编辑推荐

Metrics

本文评价

访问统计

联系我们

[1]	张海滨, 武传坤, 魏凌波. 多接收者环境下的匿名性和密文长度缩短的匿名广播加密算法[J]. 中国科学院大学学报, 2010, 27(1): 90-106.
[2]	朱珍超，张玉清，王凤娇. 一个具有强安全性的多接收者签密方案[J]. 中国科学院大学学报, 2008, 25(3): 395-402.
[3]	毕玉, 高虎明. 一个可计息的离线电子现金方案[J]. 中国科学院大学学报, 2006, 23(6): 802-807.
[4]	张鹏程, 武传坤. 对可撤销匿名性的盲代理签名方案的分析[J]. 中国科学院大学学报, 2006, 23(6): 833-836.
[5]	张玉军, 田野. IPv6协议安全问题研究[J]. 中国科学院大学学报, 2005, 22(1): 30-37.
[6]	邹学强, 冯登国. WTLS握手协议的安全性分析及改进[J]. 中国科学院大学学报, 2004, 21(4): 494-500.
[7]	吕述望, 王彦, 刘振华. 数字指纹综述[J]. 中国科学院大学学报, 2004, 21(3): 289-298.
[8]	张键红, 王育民. 一种淘汰式无拍卖行的电子拍卖[J]. 中国科学院大学学报, 2003, 20(3): 358-362.