【作者】 赵福祥；

【导师】 王育民；

【作者基本信息】 西安电子科技大学 ， 密码学， 2001， 博士

【摘要】 为使在开放的互连网络环境中保持用户的身份匿名性，由David Chaum在八十年代提出了实现匿名(Anonymous Application)的技术，目前匿名技术已取得广泛应用。例如在Internet实现匿名的连接、匿名浏览、移动代理技术、电子支付的匿名控制等；其它的应用还包括匿名通信、匿名电子现金、匿名电子选举、匿名电子拍卖、匿名计算、匿名事务处理与系统和匿名信息存储与消息发布等。匿名网络(Anonymous Network Connections)是各类匿名技术在网络通信与应用的实现方法。随着网络引入了更多安全敏感的应用，如电子商务、政府的接入、军事通信领域的网络连接等，不但要依赖基础网络设施所提供信息安全的保证，而且还需要能保证用户的身份及部分网络实体在信息传输过程不被暴露。即抗击以跟踪为目的的流量分析攻击，实现网络通信与应用的匿名。匿名网是实现各种网络匿名应用的基本构件，通过匿名网络实现匿名，能为各类网络的匿名应用提供坚实的基础。洋葱路由和移动代理是匿名网络的关键技术，但在现有方案中存在着几个严重的缺陷，具体表现为：第一，洋葱路由方案并不能保证抗击以扰乱为目的的动态攻击，使其实现极其脆弱；第二，现行常规公钥密码所使用的签名-加密方法的计算低效率与需高效率执行的路由协议是不相称的，签名路由信息必然会导致网络的系统的运行效率降低；第三，要实现匿名路由，必须能保证实现安全的匿名路由分配管理、双向匿名路由分配管理和实时性的匿名路由分配；第四，由于移动代理的执行是离线操作，无法阻止攻击者窥探代理的签名和加密的密钥，以及签名和加密过程的执行操作，因此，保证移动代理签名和加密安全极为困难；第五，移动代理在开放的网络中漂移和运行，除了要防止以窥探为目的的被动攻击外，也需要防止以跟踪为目的的流量分析攻击，即要实现其漂移路径的匿名；第六，在开放网络的多方操作环境中，移动代理所在某个网络节点所采集的信息对于其它节点应该是保密的，应该能同时抵抗窥探和扰乱的双重攻击。这些问题的解决在现有的文献中或还没有见到，或只解决了部分问题，或所提方案效率很低，使在实际中不可实现。本文在认真总结和分析该领域已有成果的基础上，针对上面所提到的这些缺陷，采用密码学的方法，对匿名网络中可靠性安全的理论及应用做了进一步的研究，主要取得了以下研究成果： 1．在匿名网络连接协议的研究中，首次提出了可靠匿名路由的协议，消除了匿名路由协议抵抗主动攻击的缺陷，使匿名网络所提供的服务是有可靠质量保证的。 2．在研究了现阶段信息识别技术的基础上，首次提出了用第三方签密的方法构造可靠洋葱路由协议，使得在不接入匿名路由明文情况下能高效地执行协议。在分析了现有洋葱路由协议的基础上，首次明确地提出了洋葱路由是通过原路由协议实现的匿名路由的分配过程，从而保证匿名路由的双向和实时的分配。在研究和分析了许多移动代理方案后，首次提出通过各节点之间可信的关系保证移动代理的安全，从而避免了让移动代理携带签名和加密的密钥和在不安全节点中执行签名和加密的困难，从而把密码学的签名和加密方法直接引入了移动代理的实现方案中。首次把可靠洋葱路由的方法应用于移动代理中，使移动代理的漂移路径的匿名，从而避免遭受以跟踪为目的的流量分析攻击:首次提出分段可验证签名的多信宿签密方案和分段可验证签名的多重签密方案，既使移动代理的漂移路径取得匿名，也使移动代理在某节点所采集信息对其它节点是匿名的。在深入分析了匿名网络的实质问题后，首次提出了匿名路径的可靠信息传送方案。首次提出了采用前向签名与SmartCard方法实现的移动代理方案;把匿名技术应用到电子商务中，首次提出了使用多群盲代理签名实现的分区代理银行支付系统。更多还原

【Abstract】 With the growth and acceptance of the Internet, there has been increased interest in maintaining anonymity in the network. Anonymous application, which has first been introduced by David Chaum from defining a mechanism for routing data through intermediate nodes, called mixes, in 1980s, works in various ways, such as anonymous connections, private web browsing, mobile agents and anonymity controlled electronic payment systems in the Internet, and such as Anonymous Communications, Anonymous Cash, Anonymous Elections, Anonymous Auctions, Anonymous Computations, Anonymous Transactions & Systems, and distributed information storage and anonymous publishing in the other fields. Anonymous network connections are applied in network layer by means of some anonymous techniques. With the introduction of services sensitive to security into in network, including in electronic commerce, in government affairs, in military communications, not only should the content of a conversation be protected from eavesdroppers by encryption integrated into many secure systems but also the identities of communicating parties and network entities should be hided from exposing to eavesdroppers, or from each other. The aim of anonymous connections in the network described here are designed to be resistant to traffic analysis and the anonymous applications should be implemented with the primitives for building anonymous connections. Although onionrouting and mobile agents are used as the important primitives, there are several severedrawbacks in the current schemes. Firstly, Onion Routing schemes available can hideinformation but can not prevent attacker from subversive attacks such as disturbing data packages, that is, the attacker do not want to know the contents of message being sent but make them confusion, which is fragile. Secondly, this standard use of public key cryptographic techniques for anonymous routing will reduce the whole network efficiency because their expensive computations disagree with the routing protocol. Thirdly, for any anonymous connection, a sequence of anonymous router in a route is strictly defined at connection setup and anonymous routing provides dynamic, bi-directional and near real time similar to TCP/IP sockets connections. Fourthly, mobile agents consist of software only that cannot prevent malicious hosts from spying at their secure key used in signature and encryption when they are executing their programs on the remote computers. Protecting mobile agents from malicious hosts is clearly a hard program. Fifthly, mobile agents areautonomous programs, which, following a route, migrate through a network of sites to accomplish tasks on behalf of their owners, Not only protecting their secure keys but also safeguard an agent’s route information that are strongly resistant to both eavesdropping and traffic analysis. Lastly, an agent’s data collected on some host along the route should be kept secret to other hosts and they should be resistant to be both eavesdropped and tampered when they roam the network. They have not been mentioned, or there do not exist any a full and efficient solution in the literature available. Based on a detailed summarization and analysis of related literatures, in this thesis, a further research on in the literature available is done aiming at the drawbacks presented above, and the following results are gotten:1. With respect to anonymous network connection schemes, an authenticated scheme of onion routing is present. This eliminates the defect that the protocols available cannot be resistant to active attacks to improve services supported by anonymous network connections2. The authenticated onion routing protocol based on signcryption for third-party verification is first presented on the basis of making a summary of the current information authentication. In the case the protocol can operate efficiently without access to the plaintext of the routing packet.3. An onion routing packet by means of the source routing protocol during building an anonymous conn更多还原