可信网络连接双向认证协议的设计与分析

针对可信网络连接认证协议的现有方案存在单向认证、平台身份和配置信息泄露、无法抵御伪装及重放攻击等安全问题,提出了一种新的认证协议。该协议通过引入可信第三方实现了双向用户身份和平台身份的认证,防止了伪装攻击。直接匿名证明方法和时间戳的应用,保护了平台身份和配置信息的安全,防止了重放攻击。采用BAN逻辑对协议进行形式化描述及分析,验证了本协议可以提高认证的安全性,具有较高的应用价值。

Design and analysis of mutual authentication protocol for trusted network connect

There are some security problems in the existing trusted network connect authentication protocols, such as one-way authentication, platform identity and configuration information leakage, inability to resist the masquerade and replay attacks. In order to solve the problems, a new authentication protocol was proposed. The trusted third party was introduced into the protocol, so that both the user and the platform's bidirectional identity security authentication could be achieved, and masquerade attacks prevented. The protocol uses the Direct Anonymous Attestation method to guarantee the safety of the platform identity and configuration information, and uses timestamp to prevent replay attacks. BAN logic was applied to describing and analyzing the protocol formally. Validation results show that the protocol is practicable and can improve the security of the authentication effectively.