面向服务监管的信息服务标识生成与管理方案

doi:10.11959/j.issn.2096-109x.2021055

Abstract

Abstract:

While information services have a significant impact on economic and social development, it also brings a series of security challenges.Realizing fine-grained, continuous, and dynamic supervision of information services has become the top priority of information service management.Traditional static identity authentication and management mechanisms, are difficult to meet the continuous monitoring requirements for information service entities and service quality.An information service identification generation and management scheme for service supervision was proposed.It defined an information service identification format from multiple perspectives such as information service category, service grade, and service quality credibility.It used the analytic hierarchy process to evaluate information services and designed a dynamic management of information service identification.The scheme can meet the needs of issuance and fine-grained dynamic management of information service identification for multi-dimensional business attributes.

Key words: information service, trusted identity, trust assessment, dynamic management

CLC Number:

TP309

Xiang LI, Hao WANG, Qiange LIU, Chao WANG, Jian MAO, Jianwei LIU. Information service identity generation and management scheme for service supervision[J]. Chinese Journal of Network and Information Security, 2021, 7(5): 169-177.

Figures/Tables 13

References 24

[1]	魏伶俐, 张淑霞, 晏杰 ,等. 国际电子签名立法状况介绍[C]// 信息社会档案学理论与实践. 2006:8.
	WEI L L , ZHANG S X , YAN J ,et al. Introduction to legislation of international electronic signature[C]// Theory and Practice of Archival Science in Information Society. 2006:8.
[2]	国际电子商务立法[J]. 国际化工信息, 2005,(7): 47.
	International electronic commerce legislation[J]. Global Chemical Information, 2005,(7): 47.
[3]	PEARCE G , PLATTEN N . Promoting the information society :The EU directive on electronic commerce[J]. European Law Journal, 2000,6: 363-378.
[4]	国际电子商务立法[J]. 信息安全与通信保密, 2001,1: 36-37.
	Measures for the administration of Internet Information Services[J]. China Information Security, 2001,1: 36-37.
[5]	GB T 35287-2017. 信息安全技术网站可信标识技术指南[Z].
	GB T 35287-2017. Information security technology-Guidelines of trusted identity technology for website[Z].
[6]	魏宗秀 . 基于 X.509 身份认证协议的研究[J]. 信息安全与通信保密, 2008,11: 54-57.
	WEI Z X . A research based on X.509 authentication and its usage[J]. Information Security and Communications Privacy, 2008,11: 54-57.
[7]	余秦勇 . X.509 V3证书格式及语义[J]. 通信技术, 2001,6: 20-23.
	YU Q Y . The form and semantic description of X.509 V3 certificate[J]. Communications Technology, 2001,6: 20-23.
[8]	杨萍 . Kerberos 的安全性分析及其认证模式的研究与改进[D]. 天津:天津理工大学, 2015.
	YANG P . Security analysis of Kerberos and research and improvement on the authentication scheme[D]. Tianjin:Tianjin University of Technology, 2015.
[9]	KUMAR D , WANG Z , HYDER M ,et al. Tracking certificate misissuance in the wild[C]// IEEE Symposium on Security and Privacy. 2018: 785-798.
[10]	张婕, 王伟, 马迪 ,等. 数字证书透明性 CT 机制安全威胁研究[J]. 计算机系统应用, 2018,27(10): 232-239.
	ZHANG J , WANG W , MA D ,et al. Overview on security issues of certificate transparency[J]. Computer Systems ＆ Applications, 2018,27(10): 232-239.
[11]	LI B , LIN J , LI F ,et al. Certificate transparency in the wild:Exploring the reliability of monitors[C]// ACM SIGSAC Conference on Computer and Communications Security. 2019: 2505-2520.
[12]	吴涛 . 基于PKI技术的CA系统研究及其数字证书管理的实现[D]. 武汉:武汉理工大学, 2004.
	WU T . The research on CA system based on PKI technology and the implementation of management of digital certificat[D]. Wuhan:Wuhan University of Technology, 2004.
[13]	钱思杰, 陈立全, 王诗卉 . 基于改进PBFT算法的PKI跨域认证方案[J]. 网络与信息安全学报, 2020,6(4): 37-44.
	QIAN S J , CHEN L Q , WANG S H . PKI cross-domain authentication scheme based on advanced PBFT algorithm[J]. Chinese Journal of Network and Information Security, 2020,6(4): 37-44.
[14]	LU Z , LIU W , WANG Q ,et al. A privacy-preserving trust model based on blockchain for VANETs[J]. IEEE Access, 2018,6: 45655-45664.
[15]	FU P , LI Z , XIONG G ,et al. [C]// SSL/TLS security exploration through X.509 certificate’s life cycle measurement. 2018: 652-655.
[16]	LINN J . Trust models and management in public-key infrastructures[J]. RSA laboratories, 2000,12.
[17]	彭华熹 . 一种基于身份的多信任域认证模型[J]. 计算机学报, 2006,29(8): 1271-1281.
	PENG H X . An identity-based authentication model for multi-domain[J]. Chinese Journal of Computers, 2006,29(8): 1271-1281.
[18]	杨宇, 谭平嶂, 李镭 ,等. 基于标识的跨域认证系统研究[J]. 信息安全与通信保密, 2009,8: 193-195.
	YANG Y , TAN P Z , LI L ,et al. Identity-based authentication system in multi trust domain[J]. Information Security and Communications Privacy, 2009,8: 193-195.
[19]	WU L , WANG J , CHOO K K R ,et al. An efficient provably- secure identity-based authentication scheme using bilinear pairings for Ad hoc network[J]. Information Security Technical Report, 2017,37: 112-121.
[20]	林俊燕, 张兆雷, 袁智伟 . 物联网中基于IBC的认证加密机制研究[J]. 信息安全与通信保密, 2020,8: 95-101.
	LIN J , ZHANG Z , YUAN Z . Research on authentication encryption mechanism based on IBC in internet of things[J]. Information Security and Communications Privacy, 2020,8: 95-101.
[21]	许盛伟, 郭春锐, 李新玉 . 基于多方共管的IBC改进密钥管理方案[J]. 计算机应用与软件, 2020,37(8): 314-317.
	XU S W , GUO C R , LI X Y . IBC improved key management scheme based on multi-party co-management[J]. Computer Application and Software, 2020,37(8): 314-317.
[22]	黄仁季, 吴晓平, 李洪成 . 基于身份标识加密的身份认证方案[J]. 网络与信息安全学报, 2016,2(6): 32-37.
	HUANG R J , WU X P , LI H C . Identity authentication scheme based on identity-based encryption[J]. Chinese Journal of Network and Information Security, 2016,2(6): 32-37.
[23]	SAATY R . The analytic hierarchy process-what it is and how it is used[J]. Mathematical Modelling, 1987,9(3): 161-176.
[24]	RFC 2986. PKCS#10 :Certificate request syntax specification version 1.7[S]. 2000.

Metrics

Recommended 0

No Suggested Reading articles found!

对比项	密钥生成	密钥分发	密钥撤销	算法比较	适用场景	安全性	现有方案
PKI	分布式	证书目录	CRL	RSA	开放式的大范围应用	高（基于离散对数、大数分解问题）	文献[12-14]
PKI	分布式	证书目录	OCSP	RSA	开放式的大范围应用	高（基于离散对数、大数分解问题）	文献[15-16]
IBC	集中式	安全信道分发私钥	短期密钥	ECC	封闭式的小范围应用	高（基于双线性对问题）	文献[17-20]
IBC	集中式	安全信道分发私钥	短期密钥	ECC	封闭式的小范围应用	高（基于双线性对问题）	文献[21-22]

字段	描述
版本号	信息服务标识使用的标准版本
序列号	IA给每个信息服务标识生成唯一整数值
算法标识	IA签名信息服务标识使用的算法
发布者	IA的标识信息
有效期	包含两个日期时间值（生效时间和失效时间）
信息服务类别	信息服务的类别
服务质量可信度	信息服务可信度的量化值
信息服务等级	AA对信息服务质量的评级
测评机构	AA的标识信息
测评标准	AA使用的测评标准
信息服务编码	信息服务的唯一标识号
服务商身份	SP的标识信息
扩展域	信息服务标识的其他属性
数字签名	签发机构对信息服务可信标识的签名

赋值	含义（p_i比p_j）
1	重要性相同
3	稍微重要
5	明显重要
7	强烈重要
9	极端重要
2n(n=1,2,3,4)	重要性介于2n-1与2n+1之间

阶数	RI
1	0
2	0
3	0.58
4	0.90
5	1.12
6	1.24
7	1.32
8	1.41
9	1.45

等级	范围
A	(90,100]
B	(80,90]
C	(70,80]
D	(60,70]
E	[0,60]

Information service identity generation and management scheme for service supervision

RichHTML

PDF下载

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 13

References 24

Related Articles 1

Metrics

Recommended 0