针对在使用公共网络资源情况下,中小型企业采用SIP构建的Presence/IM业务存在的注册劫持和注册删除的隐患,提出了一种基于RSA和DES结合的环签名安全匿名认证方案。方案首先构建一个可信域,公开域内的所有用户的公钥,然后在SIP的注册和注销过程中添加环签名认证,在整个过程中,不需要第三方参与验证,用户对于服务器是匿名的,服务器只能判断请求是否来自可信用户群,而无法从签名中获得用户身份。相比于其他常用的安全认证,环签名除了能够有效认证签名的合法性,无条件的匿名性也可以保护用户信息,在云计算等公共网络环境中减少用户信息的泄露,同时具有部署效率高,证明过程便捷的优势。最后通过运算证明方案的正确性,构建安全模型说明了方案的安全性和可行性,并采用OpenSSL验证方案的效率。%Under the public network,the Presence/IM established by small and middle sized enterprises with SIP exists the risks of regis-tration hijacking and registration deleting. Aiming at this hidden danger,a security authentication scheme using ring signature based on a combination of RSA and DES is proposed. First,it builds a trusted domain and public the public key to the users in the domain. Then the scheme adds the ring signature to SIP registration and deregistration process,without the third party. For the server,users are anonymous and just knew in the domain. Compared with other security authentication,the ring signature not only ensures the legality of users,but also provides anonymity to protect user information,which will be reduced in the cloud and other public network. At the same time,it has effi-cient deployment and convenient proof. Last,it proves the correctness by computing in this paper,also shows the safety and feasibility by building security model. In addition,the efficiency of the scheme is verified by using OpenSSL.
展开▼
