| In order to prevent the transmission and spread of security risks, such as malicious code dissemination, information leakage and so on, the strict protection and isolation barriers are built up between different network or different information systems, through the network isolation, security domain and control technology. However, in the practical application of these isolated network or information system must exist the demand for data security exchange. This paper takes achieving information sharing, controlling risk transmission and preventing information leakage as the targets, and research on the trusted analysis and verification methods of exchange behavior in view of the lack of dynamic supervision of the exchange behavior during the data security exchange process. Also, in view of the security issues of stream exchange across network in large-scale complex network environment, this paper researchs on the high efficiency stream security exchange technology based on proxy re-signature. According to the authenticated problem of exchange data stream on sharing platform, this paper researches the dynamic authenticated data stream technology. Finally the performance of the design mechanism and the algorithm is evaluated and compared by the simulation experiment and theoretical analysis. These proposed mechanisms and algorithms provide new theories, methods and technical support for the realization of the data security exchange. The main research work and innovation points are as follows:(1)Put forward methods for trusted analysis of exchange process behavior based on noninterference, which provide theoretical basis for the exchange behavior and dynamic control. In this method, the noninterference theory and trusted computing are combined. First, the exchange behavior modeling is formalized from the perspective of the exchange process; then according to the characteristics of the data security exchange, divide the process of the analysis of the exchange behavior into two phases:the trusted analysis method of the single exchange process behavior and the trusted analysis method of the multi-exchange process behavior. The exchange behavior trust constraint rules, exchange behavior trust judgment theorem, and security proof are given in different stages and different mode. On the basis of the trusted analysis of the multi-exchange process behavior, the multi-exchange process will be further extended to concentrated mode and distributed mode. The exchange behavior trust constraint rules, exchange behavior trust judgment theorem, and security proof are given in different mode. Based on above analysis method of exchange process behavior, this paper put forward a trusted analysis and verification framework of the exchange process behavior for distributed network environment, which describes the measurement and verification method of exchange process behavior. Finally, with the background of data security exchange for Internet-based e-government, a practical application example of the method is given to illustrate the practicability and availability of the method.(2)Put forward a proxy re-signature scheme based on trapdoor hash function for the stream exchange. First of all, aiming at the key exposure problem of trapdoor hash function for stream exchange, namely when there are several users with different messages using the same trapdoor hash value, user can deduce the trapdoor key, and a new trapdoor hash function without key exposure based on elliptic curve (EDL-MTH) is put forward and its security is analyzed. Its security in effective calculation, trapdoor collision, collision resistance, key exposure resistance and semantic security are proved. Then, a new proxy re-signature scheme based on EDL-MTH is constructed and is proved against the chosen-message attack in the random oracle model. Furthermore, the performance of the scheme is analyzed contrast to the existing proven security proxy re-signature scheme, and the result shows the efficiency becomes more prominent while the scale of stream exchange is increased. Finally, a case study is provided to demonstrate its availability and performance in security stream exchange, and the scheme has a better performance than the traditional one in terms of security and performance.(3) Put forward a dynamic authenticated data stream security exchange scheme based on double trapdoor hash authenticated tree. First, put forward a kind of dynamic authenticated data structure with access control (AC-MTAT) for stream exchange in sharing platform. The data structure is essentially an authenticated tree which is composed of arbitrary hash function, double trapdoor hash function and CP-ABE. Based on this structure, a novel authentication technology can be realized, which can be used to construct an efficient dynamic authenticated stream exchange protocol in sharing platform. Second the structure of the AC-MTAT in overview and formal definition are described. Then the concrete construction method of AC-MTAT is given. Compared with the traditional MHT, the AC-MTAT has no need to determine the leaf node information in advance, and can realize the dynamic increase and update of the leaf nodes with the growth of data stream. It supports real-time verification of stream exchange and fine-grained verification based on CP-ABE. Besides, the authentication tree can not only verify the integrity of the data stream but also the order of the data stream. In addition, the security of the scheme is proved, including correctness, verifiability and access control security. The efficiency of the scheme is analyzed from two aspects:theory and practice. Through the comparison and analysis of the existing schemes, the proposed scheme in this paper is more secure and efficient in adding, updating and verifying of data stream. At last, based on AC-MTAT, this paper proposes a dynamic authenticated data stream security exchange scheme and exchange protocol which slove the problem of data stream security exchange in sharing platform,and the security of the scheme is analyzed.
|
PDF Full Text Request