作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2021, Vol. 47 ›› Issue (6): 152-163. doi: 10.19678/j.issn.1000-3428.0059614

• 网络空间安全 • 上一篇    下一篇

基于CFL_BLP模型的CFL SSL安全通信协议

廉文娟1, 赵朵朵1,4, 范修斌1,2,3,4   

  1. 1. 山东科技大学 计算机科学与工程学院, 山东 青岛 266590;
    2. 中国科学院软件研究所青岛分部, 山东 青岛 266114;
    3. 青岛博文广成信息安全技术有限公司, 山东 青岛 266235;
    4. 山东文斌信息安全技术有限公司, 山东 泰安 271200
  • 收稿日期:2020-09-29 修回日期:2020-11-26 发布日期:2020-12-04
  • 作者简介:廉文娟(1977-),女,副教授、博士,主研方向为深度学习、网络安全;赵朵朵,硕士研究生;范修斌,教授、博士、博士生导师。

CFL SSL Security Communication Protocol Based on CFL_BLP Model

LIAN Wenjuan1, ZHAO Duoduo1,4, FAN Xiubin1,2,3,4   

  1. 1. College of Computer Science & Engineering, Shandong University of Science and Technology, Qingdao, Shandong 266590, China;
    2. Qingdao Branch, Institute of Software, Chinese Academy of Sciences, Qingdao, Shandong 266114, China;
    3. Qingdao Bowen Guangcheng Information Security Technology Limited Company, Qingdao, Shandong 266235, China;
    4. Shandong Wenbin Information Security Technology Limited Company, Taian, Shandong 271200, China
  • Received:2020-09-29 Revised:2020-11-26 Published:2020-12-04
  • Contact: 青岛市社科规划项目(QDSKL2001156)。 E-mail:skd991457@sdust.edu.cn

摘要: 现有PKI、IBC认证技术与SSL/TLS通信协议已不能满足当今网络空间新兴信息产业的毫秒级信息安全需求。针对新兴信息产业的毫秒级通信安全问题,以CFL为原点技术,并基于CFL_BLP模型给出CFL SSL协议及其形式化描述,从协议层面上证明该协议可实现毫秒级双向认证、通信的机密性和完整性保护、自主可控以及防止中间人攻击等信息安全属性。实验结果表明,与SSL/TLS协议相比,该协议的可用性和安全性更高,且能够满足各种新兴信息产业通信机制的毫秒级信息安全需求。

关键词: 公钥基础设施, 基于标识的密码体制, 工业控制系统, CFL认证体制, CFL_BLP模型

Abstract: The existing Public Key Infrastructure(PKI), Identity-Based Cryptosystem(IBC) authentication technologies and SSL/TLS protocol, have failed to meet the millisecond-level information security requirements of the emerging information industry in cyberspace.To address the problem, this paper proposes the CFL SSL protocol, which is based on CFL.The paper gives a formalized description of CFL SSL on the basis of the CFL_BLP model, and proves at the protocol level that the protocol enables multiple information security properties, including millisecond-level mutual authentication, protection of the communication confidentiality and integrity, independent control and prevention of man-in-the-middle attacks.Experimental results show that the protocol can meet the millisecond information security requirements of communication mechanisms in emerging information industries, and has higher availability and security than SSL/TLS protocol.

Key words: Public Key Infrastructure (PKI), Identity-Based Cryptosystem (IBC), Industrial control System(ICS), CFL authentication system, CFL_BLP model

中图分类号: