【作者】 苏婷；

【导师】 徐秋亮；

【作者基本信息】 山东大学 ， 计算机应用技术， 2009， 硕士

【摘要】 随着互联网和电子商务技术的发展,人们对于网络的依赖程度逐渐增强,如电子现金交易、电子拍卖、电子招标和电子合同的签署等。与此同时,安全性问题成为一个不容忽视的问题。在复杂的网络和分布式环境中,单个协议显然已经不能满足人们的需求,越来越多地需要多个协议组合在一起使用,而原来各自安全的协议在组合以后能否保证组合协议的安全性,成为安全领域中一个重要的问题。Canetti提出的UC安全(Universally Composable Security,通用可复合安全)成为解决协议组合问题的重要工具。作为一种可证安全的方法,UC框架中定义了一整套安全性模型来证明复杂环境下组合协议的安全性。UC安全采用模块化的思想,在UC框架中,被证明是UC安全的协议,在复杂的网络环境中作为一个模块,与其他协议进行组合时,不破坏组合后协议的安全性,即几个分别在UC框架中被证明是UC安全的协议,组合以后仍然是安全的。本文主要研究UC安全的理论和应用:对现有的UC基本框架理论及其拓展进行深入分析,提出从参与者角度分析UC安全;对UC框架在安全协议中的应用进行研究,设计并证明UC安全的签密协议。首先,本文详细综述了UC框架的理论发展、现有的信任模型和应用。对UC基础理论进行详细分析,引出UC定理,进而分析了JUC和GUC。由于朴素模型下,许多密码学协议仍然不能被UC安全实现。为解决这一问题,提出许多理想化的信任模型,本文对现有的一些典型的信任模型进行深入研究。其次,作为安全模型的一种,本文将UC框架模型与可证安全的两种典型模型:随机预言模型和标准模型进行对比分析,从理论和应用方面找出其中的内在联系和区别,对协议的可证安全性有更深入的认识。此外,还首次提出从参与者角度,对UC理论进行讨论。首先研究了具有权重的参与者,通过给每个参与者引入一个权重的属性,来解决参与者具有不同权重时,敌手入侵参与者的问题。然后提出从博弈论的角度考虑,对根据自身获得利益来决定行为的理性参与者进行了摸索。再次,UC安全的重要意义,迫切地要求基本的密码学协议能够在UC框架下安全实现,从而可以当作基本的模块在组合协议时直接使用。现在已有一些密码学协议基于UC框架进行设计,并证明其安全性:如加密、数字签名、零知识证明等。本文在UC框架下,基于KR模型,对签密协议进行研究。根据签密协议的安全性要求,提出签密的理想功能函数,并依此设计协议的一般化形式;随后基于UC安全的定义,通过模拟技术,证明所设计的一般化协议安全实现了理想的功能函数,即此一般化协议是UC安全的;同时,在UC框架下对所设计协议的存在性不可伪造进行讨论,利用反证法证明其安全性;最后,设计了一个签密协议,满足UC安全性。更多还原

【Abstract】 With the development of the Internet and E-business, the human society’s reliance on the network gradually increases, such as the transaction of E-cash、E-auction、E-bidding and the subscription of E-contract. At the same time, security issues become a problem that can not be ignored. In complex and distributed network environment, a single protocol has apparently been unable to meet people’s needs, and it is necessary to combine many protocols . Whether the security can be guaranteed when a secure protocol is composed with an arbitrary set of protocols, or more genernally when the protocol is used as a component of an arbitrary systems, becomes an important issue in the field of security. Canetti proposed UC security (Universally Composable Security) as an important means to solve the problem of protocol composition. In this paper, we focus on the research of UC framework theory and applications.As a method of provable security, UC framework defines a set of security model to solve the security of composed protocols in complex network environment. UC security adopts the modular idea. in the UC framework, as a module in complex network environment, the protocol proved to be UC secure, combined with other protocol, does not destroy the security of composed protocol. That is, the protocol which is composed of several separately UC secure protocols is still secure.In this paper, we mainly study on two aspects of UC security analysis: the UC theory and the applications of UC framework on secure protocols. We deeply study on the the basic UC framework of theory and its expansion, propose to analyse from the angle of the participants, design and prove an UC secure signcryption protocol.Frist of all, we summarize the development of UC framework theory, the trust assumptions and the applications in detail. A a detailed analysis of UC theory is conducted, and the critical theory - UC theorem is got. The JUC and GUC theory are also listed. In the plain model, many cryptography protocol still can not be UC securely implemented. In order to solve this problem, much idealized models have been proposed. In these models, some trust assumption is proposed, which are deeply researched in this paper.As a security model, the UC framework model is compared with the random oracle model and the standard model. In order to have a more in-depth understanding, we analyze them and try to find the intrinsic contact and difference. In addition, from the perspective of participants, the UC theory is first discussed. First, the research with the weighed parties is done. We give each party a property of weight to solve the problem when parties have different weights, especially when the adversary corrupts the parties. Secondly, from the game theory point of view, we proposed to consider the behavior of rational participants according to the benefits they get.For the important significance of UC security, it is urgently required to UC securely implement the cryptography primitive in UC framework, which can be used as a basic module in protocol compositions. Now there have been some cryptography protocol designed in UC framework and proved its security: such as encryption, digital signatures, zero-knowledge proof. In the UC frame, based on the KR Model, a signcryption protocol is discussed. According to the security requirements of signcryption protocols, the functionality is presented, and a generalizable protocol is designed. The following is the proof of UC security that is proving that the protocol securely realizes the ideal functionality. At the same time, the UC securely existential unforgeability against chosen message attacks is also discussed and is proved secure. At last, a concrete signcryption protocol is given, which is of course UC secure.更多还原