基于带智能卡的移动终端实现的隐私保护的属性票据方案

doi:10.11959/j.issn.1000-436x.2022156

通信学报 ›› 2022, Vol. 43 ›› Issue (10): 26-41.doi: 10.11959/j.issn.1000-436x.2022156

基于带智能卡的移动终端实现的隐私保护的属性票据方案

史瑞¹^,², 封化民¹^,², 谢惠琴², 史国振², 刘飚², 杨旸³

¹ 北京邮电大学网络空间安全学院，北京 100876
² 北京电子科技学院，北京 100070
³ 福州大学数学与计算机科学学院，福建福州 350108

修回日期:2022-08-03 出版日期:2022-10-25 发布日期:2022-10-01
作者简介:史瑞（1988− ），男，山东德州人，北京邮电大学博士生，北京电子科技学院工程师，主要研究方向为密码学和隐私保护
封化民（1963− ），男，陕西富平人，博士，北京邮电大学教授，北京电子科技学院教授，主要研究方向为密码学和信息安全
谢惠琴（1992- ），女，福建福安人，博士，北京电子科技学院讲师，主要研究方向为密码学、量子计算和量子密码
史国振（1972- ），男，河南济源人，博士，北京电子科技学院教授，主要研究方向为网络与系统安全、嵌入式安全
刘飚（1980-），男，湖南邵阳人，博士，北京电子科技学院讲师，主要研究方向为信息安全和机器学习
杨旸（1984− ），女，湖北随州人，博士，福州大学教授，主要研究方向为密码学和隐私保护
基金资助:
国家自然科学基金资助项目(62101085);重庆市教委科学技术研究基金资助项目(KJZD-K202000605);重庆市研究生科研创新基金资助项目(CYS22473)

Privacy-preserving attribute ticket scheme based on mobile terminal with smart card

Rui SHI¹^,², Huamin FENG¹^,², Huiqin XIE², Guozhen SHI², Biao LIU², Yang YANG³

¹ School of Cyberspace Security, Beijing University of Posts and Telecommunications, Beijing 100876, China
² Beijing Electronic Science and Technology Institute, Beijing 100070, China
³ College of Mathematics and Computer Science, Fuzhou University, Fuzhou 350108, China

Revised:2022-08-03 Online:2022-10-25 Published:2022-10-01
Supported by:
The National Natural Science Foundation of China(62101085);Science and Technology Research Program of Chongqing Municipal Education Commission(KJZD-K202000605);Chongqing Graduate Scientific Research Innovation Project(CYS22473)

摘要/Abstract

摘要：

摘要：为了解决现有电子票据系统难以在资源受限设备中部署，以及无法防止票据在未授权设备之间共享的问题，提出了基于带智能卡的移动终端实现的隐私保护的属性票据方案。其中，智能卡为安全可信但资源受限的核心设备，负责存储密钥信息并处理轻量级的运算；智能终端为功能强大的辅助设备，负责处理与密钥无关但耗时的运算。首先，结合伪随机函数、匿名的临时身份方案、带随机化标签的可聚合签名和Pointcheval-Sanders签名，构造了一个可在带智能卡的移动终端部署的支持属性策略的电子票据方案；其次，给出了电子票据的安全模型并证明了所提方案满足不可链接性和不可伪造性；最后，在个人计算机、国产智能卡（爱信诺ACH512）和智能手机（华为荣耀9i）上实现了所提方案，对比和实验结果表明了所提方案的高效性。

关键词: 电子票据, 隐私保护, 智能卡, 智能手机, 数字签名

Abstract:

To solve the problem that the existing electronic ticket systems are challenging to deploy in resource-constrained devices and cannot prevent the sharing of tickets among unauthorized devices, a privacy-preserving attribute ticket scheme based on mobile terminal with a smart card was proposed.The smart card was a secure and constrained-yet-trusted core device that holds secret information and performs lightweight operations.The mobile terminal was a powerful helper device that handles key-independent and time-consuming operations.Firstly, the efficient attribute-based ticket scheme deployed on the mobile terminal with a smart card was constructed by combining a pseudorandom function, anonymous ephemeral identities scheme, aggregatable signatures with randomizable tags, and Pointcheval-Sanders signatures.Secondly, the security model of the electronic tickets system was presented, and the proposed scheme was proved to be unlinkable and unforgeable.Finally, the proposed scheme was implemented on a personal computer, a smart card (Aisinochip ACH512), and a smart phone (Huawei Honor 9i), and the comparison and experimental results show that it is efficient.

Key words: electronic ticket, privacy-preserving, smart card, smart phone, digital signature

中图分类号:

TP309.2

史瑞, 封化民, 谢惠琴, 史国振, 刘飚, 杨旸. 基于带智能卡的移动终端实现的隐私保护的属性票据方案[J]. 通信学报, 2022, 43(10): 26-41.

Rui SHI, Huamin FENG, Huiqin XIE, Guozhen SHI, Biao LIU, Yang YANG. Privacy-preserving attribute ticket scheme based on mobile terminal with smart card[J]. Journal on Communications, 2022, 43(10): 26-41.

图/表 15

图1

表1

符号定义"

符号	说明
λ	安全参数
$ε (λ)$	可忽略函数
$x \overset{R}{\leftarrow} ℤ$	从集合?中随机选取元素x
CA, S, U, V	证书中心，卖方，用户，验证方
pp, msk, mpk	系统参数，主私钥，主公钥
?	票据策略集合
n, m	用户属性的最大数量，泄露属性数量
[1, n], I	集合{1,…,n}，用户的泄露子集索引
${m_{i}}_{i = 1}^{n}, {m_{i}}_{i \in I}$	用户属性集合，泄露属性子集
usk, upk	用户公私钥对
ssk, spk	卖方公私钥对
cred_u, cred_s	用户证书，卖方证书
id, sn	用户身份标识，票据唯一标识
tkt,VP	一个票据，票据有效期
tok	一个票据的消费请求
$Hash ({0, 1}^{*}) \to ℤ_{p}$	一个抗碰撞哈希函数
⊥	失败标识符

表1

图2

图3

图4

图5

表2

表3

效率比较"

算法	所提方案	文献[6]	文献[17]
用户注册	$4 P_{1} + P_{2} + (2 + 2 n) P_{e}$	$(n + 6) P_{1} + (n + 5) P_{e}$	$(3 + n) P_{1} + P_{2} + 5 P_{e}$
证书发布	$(6 + n) P_{1}$	$(n + 3) P_{1}$	$(6 + n) P_{1} + P_{2} + 2 P_{e}$
票据购买	$13 P_{1} + 3 P_{2} + 2 P_{e}$	$(n + 3 m + 38) P_{1} + (n + 3 m + 22) P_{e}$	$(34 + n - m) P_{1} + 7 P_{2} + 4 P_{e}$
票据发布	$4 P_{1} + (m + 3) P_{2} + 4 P_{e}$	$(3 m + 31) P_{1} + m P_{T} +(2 m + 17) P_{e}$	$28 P_{1} + m P_{2} + 7 P_{e}$
票据消费	$6 P_{1} + 2 P_{2}$	$24 P_{1} + 8 P_{e}$	$17 P_{1} + 22 P_{2}$
票据验证	$3 P_{1} + 4 P_{2} + 4 P_{e}$	$19 P_{1} + 8 P_{e}$	$9 P_{1} + 8 P_{2} + 16 P_{e}$

表3

表4

表5

表6

表7

图6

图7

图8

参考文献 29

[1]	MUT-PUIGSERVER M , PAYERAS-CAPELLà M M , FERRERGOMILA J L ,et al. A survey of electronic ticketing applied to transport[J]. Computers ＆ Security, 2012,31(8): 925-939.
[2]	VIVES-GUASCH A , PAYERAS-CAPELLà M M , MUT-PUIGSERVER M ,et al. Anonymous and transferable electronic ticketing scheme[C]// Data Privacy Management and Autonomous Spontaneous Security. Berlin:Springer, 2013: 100-113.
[3]	HEYDT-BENJAMIN T S , CHAE H J , DEFEND B ,et al. Privacy for public transportation[C]// International Workshop on Privacy Enhancing Technologies. Berlin:Springer, 2006: 1-19.
[4]	MILUTINOVIC M , DECROIX K , NAESSENS V ,et al. Privacy-preserving public transport ticketing system[C]// IFIP Annual Conference on Data and Applications Security and Privacy. Berlin:Springer, 2015: 135-150.
[5]	PATEL B , CROWCROFT J . Ticket based service access for the mobile user[C]// Proceedings of the 3rd Annual ACM/IEEE International Conference on Mobile Computing and Networking. New York:ACM Press, 1997: 223-233.
[6]	HAN J G , CHEN L Q , SCHNEIDER S ,et al. Privacy-preserving electronic ticket scheme with attribute-based credentials[J]. IEEE Transactions on Dependable and Secure Computing, 2021,18(4): 1836-1849.
[7]	FAN C , LEI C L . Multi-recastable ticket schemes for electronic voting[J]. IEICE Transactions on Fundamentals of Electronics,Communications and Computer Sciences, 1998,81(5): 940-949.
[8]	SONG R G , KORBA L . Pay-TV system with strong privacy and non-repudiation protection[J]. IEEE Transactions on Consumer Electronics, 2003,49(2): 408-413.
[9]	QUERCIA D , HAILES S . MOTET:mobile transactions using electronic tickets[C]// Proceedings of First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05). Piscataway:IEEE Press, 2005: 374-383.
[10]	RUPP A , HINTERW?LDER G , BALDIMTSI F ,et al. P4R:privacy-preserving pre-payments with refunds for transportation systems[C]// International Conference on Financial Cryptography and Data Security. Berlin:Springer, 2013: 205-212.
[11]	CHAUM D , . Blind signatures for untraceable payments[C]// Advances in Cryptology. Berlin:Springer, 1983: 199-203.
[12]	NAKANISHI T , HARUNA N , SUGIYAMA Y . Unlinkable electronic coupon protocol with anonymity control[C]// International Workshop on Information Security. Berlin:Springer, 1999: 37-46.
[13]	VIVES-GUASCH A , CASTELLà-ROCA J , PAYERAS-CAPELLA M M ,et al. An electronic and secure automatic fare collection system with revocable anonymity for users[C]// Proceedings of the 8th International Conference on Advances in Mobile Computing and Multimedia. Piscataway:IEEE Press, 2010: 387-392.
[14]	CHAUM D , HEYST E . Group signatures[C]// Workshop on the Theory and Application of of Cryptographic Techniques. Berlin:Springer, 1991: 257-265.
[15]	ARFAOUI G , LALANDE J F , TRAORé J , ,et al. A practical set-membership proof for privacy-preserving NFC mobile ticketing[J]. Proceedings on Privacy Enhancing Technologies, 2015,2015(2): 25-45.
[16]	CHAUM D . Security without identification:transaction systems to make big brother obsolete[J]. Communications of the ACM, 1985,28(10): 1030-1044.
[17]	封化民, 史瑞, 袁峰 ,等. 高效的强隐私保护和可转让的属性票据方案[J]. 通信学报, 2022,43(3): 63-75.
	FENG H M , SHI R , YUAN F ,et al. Efficient strong privacy protection and transferable attribute-based ticket scheme[J]. Journal on Communications, 2022,43(3): 63-75.
[18]	MOSTOWSKI W , VULLERS P . Efficient U-prove implementation for anonymous credentials on smart cards[C]// International Conference on Security and Privacy in Communication Systems. Berlin:Springer, 2011: 243-260.
[19]	CAMENISCH J , DRIJVERS M , DZURENDA P ,et al. Fast keyed-verification anonymous credentials on standard smart cards[C]// IFIP International Conference on ICT Systems Security and Privacy Protection. Berlin:Springer, 2019: 286-298.
[20]	VERHEUL E R , . Self-blindable credential certificates from the Weil pairing[C]// International Conference on the Theory and Application of Cryptology and Information Security. Berlin:Springer, 2001: 533-551.
[21]	HANZLIK L , SLAMANIG D . With a little help from my friends:constructing practical anonymous credentials[C]// Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security. New York:ACM Press, 2021: 2004-2023.
[22]	GALBRAITH S D , PATERSON K G , SMART N P . Pairings for cryptographers[J]. Discrete Applied Mathematics, 2008,156(16): 3113-3121.
[23]	CHASE M , LYSYANSKAYA A . On signatures of knowledge[C]// Annual International Cryptology Conference. Berlin:Springer, 2006: 78-96.
[24]	H’EBANT C , POINTCHEVAL D . Traceable constant-size multi-authority credentials[R]. Cryptology ePrint Archive, 2020.
[25]	SHOUP V , . Lower bounds for discrete logarithms and related problems[C]// International Conference on the Theory and Applications of Cryptographic Techniques. Berlin:Springer, 1997: 256-266.
[26]	POINTCHEVAL D , SANDERS O . Short randomizable signatures[C]// Cryptographers’ Track at the RSA Conference. Berlin:Springer, 2016: 111-126.
[27]	SONNINO A , AL-BASSAM M , BANO S ,et al. Coconut:threshold issuance selective disclosure credentials with applications to distributed ledgers[J]. arXiv Preprint,arXiv:1802.07344, 2018.
[28]	ELGAMAL T . A public key cryptosystem and a signature scheme based on discrete logarithms[J]. IEEE Transactions on Information Theory, 1985,31(4): 469-472.
[29]	FAN J , VERCAUTEREN F , VERBAUWHEDE I . Faster FP-arithmetic for cryptographic pairings on Barreto-Naehrig curves[C]// International Workshop on Cryptographic Hardware and Embedded Systems. Berlin:Springer, 2009: 240-253.

方案	核心辅助设置	属性票据	不可转让	安全证明	双花检测	不可链接性	不可伪造性
文献[4,7-10]	×	×	×	√	√	√	√
文献[12-13]	×	×	√	√	√	√	√
文献[3,15]	×	×	√	×	√	√	√
文献[6]	×	√	√	√	√	√	√
文献[17]	×	√	×	√	√	√	√
所提方案	√	√	√	√	√	√	√

算法	所提方案	文献[6]	文献[17]
用户注册	743.4	5 273.9	71.3
证书发布	40.1	319.7	42.7
票据购买	30.7	12 215.2	95.7
票据发布	51	5 944.9	105.8
票据消费	4.8	1 905.6	41
票据验证	38.4	1 836.1	162.6

用户属性数量/个	所提方案	文献[6]	文献[17]
10	375.3	3 169.9	63.8
20	743.4	5 273.9	71.3
30	1 127.9	7 377.9	78.9
40	1 493.3	9 481.9	86.4
50	1 858.6	11 585.9	93.9

用户属性数量/个	所提方案	文献[6]	文献[17]
10	31.1	10111.2	88.2
20	30.8	12215.2	95.7
30	30.9	14319.2	103.3
40	31	16423.2	110.8
50	30.8	18527.2	118.4

用户属性数量/个	所提方案	文献[6]	文献[17]
10	4.9	1905.6	41.2
20	4.8	1905.6	41
30	4.9	1905.6	40.8
40	4.8	1905.6	40.9
50	4.9	1905.6	41

基于带智能卡的移动终端实现的隐私保护的属性票据方案

Privacy-preserving attribute ticket scheme based on mobile terminal with smart card

在线阅读

PDF下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 15

参考文献 29

相关文章 15

Metrics

推荐阅读 0

[1]	马鑫迪, 李清华, 姜奇, 马卓, 高胜, 田有亮, 马建峰. 面向Non-IID数据的拜占庭鲁棒联邦学习[J]. 通信学报, 2023, 44(6): 138-153.
[2]	冯涛, 陈李秋, 方君丽, 石建明. 基于本地化差分隐私和属性基可搜索加密的区块链数据共享方案[J]. 通信学报, 2023, 44(5): 224-233.
[3]	夏莹杰, 朱思雨, 刘雪娇. 区块链架构下具有条件隐私的车辆编队跨信任域高效群组认证研究[J]. 通信学报, 2023, 44(4): 111-123.
[4]	胡柏吉, 张晓娟, 李元诚, 赖荣鑫. 支持多功能的V2G网络隐私保护数据聚合方案[J]. 通信学报, 2023, 44(4): 187-200.
[5]	徐明, 张保俊, 伍益明, 应晨铎, 郑宁. 面向网络攻击和隐私保护的多智能体系统分布式共识算法[J]. 通信学报, 2023, 44(3): 117-127.
[6]	张艳硕, 刘宁, 袁煜淇, 杨亚涛. 基于ISRSAC数字签名算法的适配器签名方案[J]. 通信学报, 2023, 44(3): 178-185.
[7]	余晟兴, 陈钟. 基于同态加密的高效安全联邦学习聚合框架[J]. 通信学报, 2023, 44(1): 14-28.
[8]	张学旺, 黎志鸿, 林金朝. 基于公平盲签名和分级加密的联盟链隐私保护方案[J]. 通信学报, 2022, 43(8): 131-141.
[9]	王继锋, 王国峰. 边缘计算模式下密文搜索与共享技术研究[J]. 通信学报, 2022, 43(4): 227-238.
[10]	封化民, 史瑞, 袁峰, 李艳俊, 杨旸. 高效的强隐私保护和可转让的属性票据方案[J]. 通信学报, 2022, 43(3): 63-75.
[11]	薛一鸣, 刘树荣, 郭书恒, 李岩, 胡彩娥. 高速Ed25519验签算法硬件架构的设计与实现[J]. 通信学报, 2022, 43(3): 101-112.
[12]	王宏, 赖成喆, 刘向阳, 曾晗. 基于正交拉丁方理论的数字签名分组批量验证[J]. 通信学报, 2022, 43(2): 44-54.
[13]	于海宁, 张宏莉, 余翔湛, 曲家兴, 葛蒙蒙. 隐私保护的轨迹相似度计算方法[J]. 通信学报, 2022, 43(11): 1-13.
[14]	彭滔, 钟文韬, 王国军, 罗恩韬, 熊金波, 刘忆宁, Hao Wang. 移动社交网络中面向隐私保护的精确好友匹配[J]. 通信学报, 2022, 43(11): 90-103.
[15]	熊金波, 周永洁, 毕仁万, 万良, 田有亮. 边缘协同的轻量级隐私保护分类框架[J]. 通信学报, 2022, 43(1): 127-137.