| With the rapid development of the network,the world has entered the information age,the network environment has gradually become complex,and the types of information services in the network have gradually increased.In order to allow users to access various resources and services provided by the information service entities(ISE)in a secure network environment,maximize the use of information service entity resources,designing efficient cross-domain authentication protocols becomes a key research direction.In the process of cross-domain authentication,mutual trust between domains is the basis for users to cross-domain access ISE,designing a trusted identifier signing algorithm for service entities is the fundamental to protect user security,and identifier management of service entities is a key technology to improve authentication efficiency.In order to solve the above problems,this study constructs the method of judging trust between domain agents and the scheme of information service entity identifier signing,and designs cross-domain authentication protocols with small amount of calculation and communication traffic.The research work is as follows:Firstly,in order to realize mutual trust between domain agents in the process of cross-domain authentication,a calculation scheme of trust degree between domain agents is proposed based on the idea of collaborative filtering.The scheme obtains the scoring matrix of the trust value according to the access path and history record of the domain agent,calculates the indirect trust value between the domain agents through the matrix,and judges the trust degree between the domain agents according to the final value of the trust obtained by combining the direct and indirect trust values.Based on the the standard of average error and solution average error,simulation shows that the scheme can correctly resist malicious domain proxy attacks and accurately judge the trust between domain agents.Then,combining with the cross-domain authentication model under ISE system and using the advantages of group signature algorithm,an information service entity identifier signing algorithm based on SM9 national secret algorithm is designed.The primary domain agent generates a key pair for the follower domain agent and the arbitration institution,then the follower domain agent and the arbitration institution complete the issuance of the identifier by signing the information service entity,and any one of the follower domain agents in the group can verify whether the information service is worth trusting.By the analyzing the security and performance of the scheme,the scheme has forward security and unmanufacturability,and has obvious decrease in the time overhead of computing and communication consumption.And the issuance of the identifier needs to be completed from the follower domain with the assistance of the arbitration institution,so the key split is implemented to protect the key from the domain proxy.Finally,in order to ensure the maximum utilization of information service entity resources and realize resource and service sharing,a cross-domain authentication protocol under the information service entity system model is designed.After the domain user completes the identity authentication in the domain,the domain agents judge the trust degree by mutually calculating the trust value and on the basis of mutual trust,the domain agent of the user domain verifies the credibility of the information service entity identifier.In the analysis of security,the pseudonym design protects the user's identity,can effectively resist attacks in the network,and ensure the security of information services.At the same time,by analyzing the communication traffic and the amount of calculation and comparing with other proposed cross-domain authentication protocols,the protocol has advantage of low traffic and low computational load,so it is suitable for rational utilization of information service entity resources. |
PDF Full Text Request