CFL SSL Security Communication Protocol Based on CFL_BLP Model

doi:10.19678/j.issn.1000-3428.0059614

Abstract

Abstract: The existing Public Key Infrastructure(PKI), Identity-Based Cryptosystem(IBC) authentication technologies and SSL/TLS protocol, have failed to meet the millisecond-level information security requirements of the emerging information industry in cyberspace.To address the problem, this paper proposes the CFL SSL protocol, which is based on CFL.The paper gives a formalized description of CFL SSL on the basis of the CFL_BLP model, and proves at the protocol level that the protocol enables multiple information security properties, including millisecond-level mutual authentication, protection of the communication confidentiality and integrity, independent control and prevention of man-in-the-middle attacks.Experimental results show that the protocol can meet the millisecond information security requirements of communication mechanisms in emerging information industries, and has higher availability and security than SSL/TLS protocol.

Key words: Public Key Infrastructure (PKI), Identity-Based Cryptosystem (IBC), Industrial control System(ICS), CFL authentication system, CFL_BLP model

摘要： 现有PKI、IBC认证技术与SSL/TLS通信协议已不能满足当今网络空间新兴信息产业的毫秒级信息安全需求。针对新兴信息产业的毫秒级通信安全问题，以CFL为原点技术，并基于CFL_BLP模型给出CFL SSL协议及其形式化描述，从协议层面上证明该协议可实现毫秒级双向认证、通信的机密性和完整性保护、自主可控以及防止中间人攻击等信息安全属性。实验结果表明，与SSL/TLS协议相比，该协议的可用性和安全性更高，且能够满足各种新兴信息产业通信机制的毫秒级信息安全需求。

关键词: 公钥基础设施, 基于标识的密码体制, 工业控制系统, CFL认证体制, CFL_BLP模型

CLC Number:

TN915.04

LIAN Wenjuan, ZHAO Duoduo, FAN Xiubin. CFL SSL Security Communication Protocol Based on CFL_BLP Model[J]. Computer Engineering, 2021, 47(6): 152-163.

廉文娟, 赵朵朵, 范修斌. 基于CFL_BLP模型的CFL SSL安全通信协议[J]. 计算机工程, 2021, 47(6): 152-163.

/ / Recommend / Download Citations

URL: http://www.ecice06.com/EN/10.19678/j.issn.1000-3428.0059614

http://www.ecice06.com/EN/Y2021/V47/I6/152

Figures/Tables 12

References

[1] DOMINNIC T,ESMIRALDA M.A methodology to enhance industrial control system security[J].Procedia Computer Science,2018,126:2117-2126.
[2] DRIAS Z,SERHROUCHMI A,VOGEL O.Analysis of cyber security for industrial control systems[C]//Proceedings of International Conference on Cyber Security of Smart Cities,Industrial Control System and Communications (SSIC).Washington D.C.,USA:IEEE Press,2015:1-8.
[3] FAN Xiubin,LIU Xin,WANG Xunlong,et al.Identification-based authentication system CFL-netspace authentication and its examples[M].Beijing:Beijing University of Posts and Telecommunications press,2019.(in Chinese)范修斌,刘昕,王勋龙,等.基于标识的认证体制CFL-网络空间认证学及其实例[M].北京:北京邮电大学出版社,2019.
[4] KOHNFELDER L.Towards a practical public-key cryptosystem[D].Cambridge,USA:MIT Press,1978.
[5] LI Congcong,JI Shouwen,FAN Xiubin,et al.The overview of authentication systems[J].Journal of Information Security Research,2016,2(7):649-659.(in Chinese)李聪聪,纪寿文,范修斌,等.认证体制综述[J].信息安全研究,2016,2(7):649-659.
[6] LIN Jingqiang,JING Jiwu,ZHANG Qionglu,et al.Recent advances in PKI technologies[J].Journal of Cryptologic Research,2015,2(6):487-496.(in Chinese)林璟锵,荆继武,张琼露,等.PKI技术的近年研究综述[J].密码学报,2015,2(6):487-496.
[7] ALRAWAIS A,ALHOTHAILY A,CHENG X Z,et al.Secure guard:a certificate validation system in public key infrastructure[J].IEEE Transactions on Vehicular Technology,2018,67(6):5399-5408.
[8] HGLUND J,LINDERMER S,FURUHED M,et al.PKI4IoT:towards public key infrastructure for the Internet of things[J].Computers & Security,2020,89:1-8.
[9] SINGLA A,BERTINO E.Blockchain-based PKI solutions for IoT[C]//Proceedings of the 4th International Conference on Collaboration and Internet Computing.Washington D.C.,USA:IEEE Press,2018:1122-1130.
[10] SANSEC HSM SJJ0930/SJJ1012-white paper version 3.0[EB/OL].[2020-09-28].https://wenku.baidu.com/view/a0bbb706844769eae009ed76.html#. (in Chinese)三未信安服务器密码机- -技术白皮书v3.0[EB/OL].[2020-09-28].https://wenku.baidu.com/view/a0bbb706844769eae009ed76.html#.
[11] SHAMIR A.Identity-based cryptosystems and signature schemes[C]//Proceedings of Workshop on the Theory and Application of Cryptographic Techniques.Berlin,Germany:Springer,1984:1123-1132.
[12] ZHU Xinxiong,FAN Tao.Research on application of blockchain and identity-based cryptography[J].IOP Conference Series Earth and Environmental Science,2019,252(4):95-100.
[13] State Cryptography Administration.Identity-based cryptographic algorithms SM9:GM/T 0044-2016[S].Beijing:Standards Press of China,2016.(in Chinese)国家密码管理局.SM9标识密码算法:GM/T 0044-2016[S].北京:中国标准出版社,2016.
[14] ZHEN Ping,TU Yinzi.Research on the miller loop optimization of SM9 bilinear pairings[C]//Proceedings of the 17th International Conference on Communication Technology.Washington D.C.,USA:IEEE Press,2017:138-144.
[15] CHEN Chu,TIAN Cong,DUAN Zhenhua,et al.RFC-directed differential testing of certificate validation in SSL/TLS implementations:an RFC-guided approach[J].ACM Transactions on Software Engineering and Methodology,2019,28(4):1-37.
[16] State Cryptography Administration.SSL VPN Specification:GM/T 0024-2014[S].Beijing:Standards Press of China,2014.(in Chinese)国家密码管理局.SSL VPN技术规范:GM/T 0024-2014[S].北京:中国标准出版社,2014.
[17] COOPER D,SANTESSON S,FARRELL S,et al.RFC 5280-2008 Internet X.509 public key infrastructure certificate and certificate revocation list profile[S].[S.l.]:Internet Engineering Task Force,2008.
[18] KUBILAY M Y,KIRAZ M S,MANTAR H A.Certledger:a new PKI model with certificate transparency based on blockchain[J].Computers & Security,2019,85:333-352.
[19] JIANG Wenbo,LI Hongwei,XU Guowen,et al.PTAS:privacy-preserving thin-client authentication scheme in blockchain-based PKI[J].Future Generation Computer Systems,2019,96:185-195.
[20] MATSUMOTO S,REISCHUK R M.IKP:turning a PKI around with decentralized automated incentives[C]//Proceedings of 2017 IEEE Symposium on Security and Privacy.Washington D.C.,USA:IEEE Press,2017:410-426.
[21] HASSOUNA M A.A secure governmental supported service distribution model using identity-based cryptography[J].International Journal of Computer Science and Information Security,2020,18(5):116-123.
[22] State Cryptography Administration.Digital certificate authentication system cryptography protocol specification:GM/T 0014-2012[S].Beijing:Standards Press of China,2012.(in Chinese)国家密码管理局.数字证书认证系统密码协议规范:GM/T 0014-2012[S].北京:中国标准出版社,2012.
[23] XIE Xiren.Computer networks[M].Beijing:Publishing House of Electronics Industry,2017.(in Chinese)谢希仁.计算机网络[M].北京:电子工业出版社,2017.
[24] STONE M M,CHOTHIA T,GARCIA F D.Spinner:semi-automatic detection of pinning without hostname verification[C]//Proceedings of the 33rd Annual Computer Security Applications Conference.Washington D.C.,USA:IEEE Press,2017:120-130.
[25] ACER M E,STARK E,FELT A P,et al.Where the wild warnings are:root causes of chrome HTTPS certificate errors[C]//Proceedings of 2017 ACM SIGSAC Conference.New York,USA:ACM Press,2017:1138-1149.
[26] State Cryptography Administration.Information security technology baseline for classified protection of cybersecurity:GB/T 22239-2019[S].Beijing:Standards Press of China,2019.(in Chinese)国家密码管理局.信息安全技术网络安全等级保护基本要求:GB/T 22239-2019[S].北京:中国标准出版社,2019.
[27] TEJASVI A,VINAY C,SHERALI Z.Industrial control systems:cyberattack trends and countermeasures[J].Computer Communications,2020,155:1-8.
[28] ASGHAR M R,HU Q,ZEADALLY S.Cybersecurity in industrial control systems:issues,technologies,and challenges[J].Computer Networks,2019,165:106946-106952.
[29] YAN Shaobo.Research on the secure communication technology of the upper and lower computer in domestic PLC[D].Xi'an:Xidian University,2017.(in Chinese)闫少勃.国产化PLC上下位机安全通信技术研究[D].西安:西安电子科技大学,2017.
[30] DU Chunling,LIU Jimin,FAN Xiubin,et al.CFL is statistical zero-knowledge proof system[J].Journal of Information Security Research,2016,2(7):621-627.(in Chinese)杜春玲,刘纪敏,范修斌,等.CFL满足统计零知识[J].信息安全研究,2016,2(7):621-627.
[31] JIAO Yihang,LI Youwen,FAN Xiubin,et al.Study on the CFL trust authentication[J].Journal of Information Security Research,2016,2(7):608-620.(in Chinese)焦毅航,李有文,范修斌,等.CFL可信认证研究[J].信息安全研究,2016,2(7):608-620.
[32] FAN Xiubin,WANG Wen,SUN Haidong.Comparative study on the properties of CFL[J].Journal of Information Security Research,2016,2(7):600-607.(in Chinese)范修斌,王玟,孙海东,等.CFL性质比较研究[J].信息安全研究,2016,2(7):600-607.
[33] QIN Hongbing,PAN Yuejun,FAN Xiubin,et al.Analysis on CFL provable security[J].Journal of Information Security Research,2016,2(7):589-599.(in Chinese)秦红兵,潘月君,范修斌,等.CFL可证明安全性分析[J].信息安全研究,2016,2(7):589-599.
[34] DU Chunling,FAN Xiubin.CFL authentication system and its applications in the blockchain[J].Journal of Information Security Research,2017,3(3):220-226.(in Chinese)杜春玲,范修斌.CFL认证体制及其在区块链中的应用[J].信息安全研究,2017,3(3):220-226.
[35] FAN Xiubin.New generation of identity authentication technology CFL[J].Journal of Information Security Research,2016,2(7):587-588.(in Chinese)范修斌.新一代身份认证技术CFL[J].信息安全研究,2016,2(7):587-588.
[36] FAN Wenzhao,FAN Yuning,HE Zizhi,et al.CFL_BLP model[J].Journal of Taishan University,2018,40(6):60-66.(in Chinese)范文钊,范宇宁,和子郅,等.CFL_BLP模型[J].泰山学院学报,2018,40(6):60-66.
[37] State Cryptography Administration.Public key cryptographic algorithm SM2 based on elliptic curves:GM/T 0003-2012[S].Beijing:Standards Press of China,2012.(in Chinese)国家密码管理局.SM2椭圆曲线公钥密码算法:GM/T 0003-2012[S].北京:中国标准出版社,2012.
[38] State Cryptography Administration.SM4 block cipher algorithm:GM/T 0002-2012[S].Beijing:Standards Press of China,2012.(in Chinese)国家密码管理局.SM4分组密码算法:GM/T 0002-2012[S].北京:中国标准出版社,2012.

Please choose a citation manager

Content to export