【作者】 曹源；

【导师】 杨林；

【作者基本信息】 国防科学技术大学 ， 计算机科学与技术， 2013， 博士

【摘要】 网络应用的飞速发展使得用户面临的身份盗用和身份信息泄露威胁以及应用和服务面临的来自外部和内部的身份安全威胁越来越严重，如何解决身份盗用和身份信息泄露是当前的研究热点。身份管理技术正是为了解决用户在使用、维护和更新身份，以及应用在使用身份完成身份鉴别和授权等功能时所面临的主要安全威胁而提出的。身份管理是指以身份为基础实现身份识别、身份认证、授权管理、访问控制和行为审计等功能的一组策略、规则、方法和系统。身份管理的目标是通过将系统中的用户与特定标识绑定，并将用户权限和约束条件与该用户特定标识相关联，控制用户对应用的访问、第三方对用户身份信息的访问以及应用对身份信息的泄露，实现对身份信息的管理控制，确保身份信息的安全性，改善用户端使用体验及安全性。本课题针对当前身份管理技术中存在的量化身份模型难以建立，跨域身份鉴别机制难以实现，多种身份鉴别方式难以有效融合，现有隐私保护技术难以有效实现用户隐私保护等关键问题，以解决身份盗用和身份信息泄露为根本目标，对用户身份建模、跨域鉴别、隐私保护等影响身份管理功能有效实现和部署的关键问题进行了深入研究，主要工作和创新点如下：（1）深入而广泛地综述了身份管理领域相关工作。针对目前纷繁复杂的身份管理研究工作，从身份定义和建模，身份鉴别机制和方法，隐私保护模型、方法和评价指标三个方面分析比较了身份管理领域的关键问题，归纳总结了相关工作，从而明确本文的主要研究内容。（2）设计了面向联邦跨域环境的身份管理系统框架。分析了身份管理系统的身份建模需求、身份鉴别需求和隐私保护需求，设计了身份管理系统的功能模块和服务模块，并对系统实际部署进行了简要说明，从而明确论文要研究的关键问题。（3）提出了一种可对身份信息量化描述的身份信息描述语言，基于该语言设计了一个适用于跨域联邦身份管理环境的量化身份模型。借鉴现有数据描述语言，首先给出了身份信息描述语言——XIDL中的数据类型、身份操作的定义以及用户操作的描述，分析了该语言的语义和扩展性，并给出了使用XIDL描述身份信息的示例；随后，通过对现有身份模型的分析，设计了适用于跨域联邦身份管理的量化身份模型，给出了身份模型的建立流程和状态转换和示例。（4）提出了结合用户身份和行为的跨域主动身份鉴别机制。首先对现有跨域身份鉴别机制进行了探讨，分析了跨域联邦身份管理系统的特点，介绍了击键动力学相关知识，设计了基于具体击键统计分布的加权PR-RP模型（luuKey）作为身份鉴别方法；随后，使用安全标记断言语言（SAML）作为身份鉴别机制，将用户身份模型和SAML结合以实现用户身份断言、属性断言、授权决策断言和安全域间通信，对单域和跨域环境中现有身份鉴别流程进行分析，给出了主动身份鉴别机制流程，该机制通过建立身份鉴别第三方生成身份鉴别结果，不改变现有各个域中已经实现的身份鉴别机制。理论分析和仿真实验表明，基于luuKey模型的击键动力学身份鉴别方法相较于传统的击键动力学身份鉴别方法具有较低的误报率和误报警率，跨域主动身份鉴别机制能够较好的实现与现有身份管理系统融合。（5）提出了面向用户关键身份和身份敏感信息的隐私保护模型。为了明确隐私保护对象，首先对信息重要性度量方法和隐私保护方法进行了简单介绍，借鉴PageRank的设计思想，提出了关键身份和敏感信息重要度的度量方法——CIE（Critical Identity Evaluation），该方法通过身份之间以及身份与应用之间的互相引用来测度身份信息的重要性，分析表明CIE方法能够有效度量关键用户身份和身份敏感信息。隐私保护通过对公开数据的匿名化处理，使得攻击方无法获取能够伪造用户身份的足够信息，在使用CIE方法度量得到关键身份和敏感信息后，提出了一个避免背景知识攻击的-Risk匿名隐私保护模型，该模型首先给出了背景知识相关定义，提出了度量数据集匿名化水平的测度，通过将匿名化水平和隐私风险相关联，实现对要发布数据集的匿名化处理，并结合考虑了公开数据集、隐私数据集以及隐私数据集中的数据属性分布，对该模型进行了优化。从隐私保护度、算法复杂性和信息丢失三个方面进行了仿真实验，实验结果表明，通过设置合理匿名化水平测度，该模型能够较好的防范基于背景知识的攻击，有效的实现了对关键用户身份和身份敏感信息的隐私保护。更多还原

【Abstract】 As the rapid development of network applications, users’ security threats onidentity theft and identity disclosure and applications’ security threats from external andinternal are more and more serious. Therefore, how to solve identity theft and disclosureis the hot issue of current study. Identity management (IdM) is proposed to solve themajor security threats in the period that users use, maintenance and update identities andin the process while applications using users identities to complete identityidentification, authentication and authorization. IdM refers to a set of policies, rules,methods and systems based on identities that can complete functions like identification,authentication, authorization, access control and behavior audit. IdM aims at controllinguser access to resources, third-party applications access to identity information andidentity disclosure by giving specific identity and making user permissions andconstraints interrelated with user identity. IdM can achieve control of identityinformation and guarantee the security of identity information, improve the clientexperience and security.This paper aims at the difficult in establishing quantitative identity model,achieving cross-domain authentication mechanism, integrating of various authenticationmethods, effectively achieving privacy protection in current IdM systems; and considersto solve identity theft and identity disclosure as a fundamental goal. Key issues of IdMtechnology such as identity modeling, cross-domain authentication, privacy protectionhave been researched; the main contributions of our work are as follows:(1) Survey the related works deeply and comprehensively. As there are a largenumber parallel approaches about IdM technology, we firstly summarize the key issuesof IdM from three aspects: identity definition and modeling, authentication mechanismsand methods, models, methods and evaluating indicators of privacy protection. Thisclarifies the objective of our work.(2) An IdM framework oriented to cross-domain federated environment hasbeen proposed. The requirements of identity modeling, identity authentication andprivacy protection in IdM systems have been analyzed. Functional modules, servicemodules and actual system deployment of IdM systems have been designed and brieflydescripted in order to clear the key issues of IdM that should be researched.(3) An identity information description language-XIDL that can giveidentity quantitative description has been proposed, and a quantitative identitymodel that can be applied in cross-domain federated IdM systems has beendesigned. Draw on the experience of current data description languages, the data types,operations and descriptions of identity, the semantics and expansibility of XIDL havebeen defined and analyzed, an example has been given to show how to describe identifiable information using XIDL. Subsequently, through analysis of existing identitymodels, a quantitative identity model which is suitable for cross-domain federated IdMhas been designed, construction process, state transitions and example of the model hasbeen carried out.(4) A cross-domain active identity authentication mechanism based on thecombination of user identity and behaviors has been proposed. Currentauthentication mechanisms and the characteristics of cross-domain federation have beendiscussed at first. Then the knowledge of keystroke dynamics has been introduced,based on this, a weighted PR-RP model based on the statistical distribution of thespecific keystrokes (luuKey) has been designed and plays as the authentication method,security assertion markup language (SAML) has been used as the authenticationmechanism. Identity assertion, attribute assertion, authorization decision assertion andsecure inter-domain communication can be achieved using SAML. By analyzing thecurrent authentication process in single domain and cross-domain environments, anactive identity authentication mechanism (AAM) has been proposed. The authenticationresults can be generated by a third-party that has been established by AAM, the existingauthentication mechanisms in current IdM systems wouldn’t be changed. Theoreticalanalysis and simulation experiments show that luuKey has a low rate of false positivesand false alarm rate, AAM can achieve better integration with existing authenticationmechanisms.(5) A privacy protection oriented to critical identity and sensitive identityinformation has been proposed. To clear privacy protection subject, existing methodson information importance metrics and privacy protection methods have beenintroduced, draw on the experience of Google PageRank, a critical identity evaluationmethod (CIE) which uses reference between identities and applications to measure theimportance of identity and sensitivity of attributes has been proposed. The analysisshows that the CIE method can effectively measure critical identity and sensitiveattributes. By anonymization of public data, attackers can’t get enough information tofake identity. After measuring the importance and sensitivity of identity, a privacyprotection model which can prevent background knowledge attack called (,)-Risk hasbeen proposed, this model gives the anonymization evaluation parameters (,) at first,by connecting the anonymization with privacy risk, the anonymization can be achieved.This model has been optimized by considering the characters of public data, privacydata, attribute distribution in privacy data. Theoretical analysis and simulation show thatthe model can prevent background knowledge attack and protect the privacy of criticalidentity and sensitive identity information effectively.更多还原