Research On Trusted Secure Authentication Scheme For Mimic Defense

Mimic Defense(MD)is an emerging endogenous security technology based on Truth Relative Axiom(TRA),which introduces basic endogenous security attributes such as dynamism,heterogeneity,and redundancy into infrastructure services in cyberspace to build an endogenous security network architecture model to achieve the effect of blocking attacks and sensing vulnerability threats.In recent years,MD has been proven effective at both theoretical and practical levels,and has become an effective solution to complex problems such as uncertain vulnerabilities and potential vulnerabilities in information and communication networks.Dynamic Heterogeneous Redundancy(DHR)architecture is the basic construction model of MD.Existing researches often choose to build DHR architectures in ideal security environments,while ignoring communication security of the DHR architecture itself.In scenarios such as distributed scenarios,the heterogeneous elements in the heterogeneous resource pool face the risk of being contaminated by intrusions,the TRA will not hold when the vast majority of heterogeneous executors are no longer honest,thus destroying the dynamic feedback mechanism of the DHR from the bottom,making the dynamic feedback mechanism of the DHR ineffective,rendering the mimic defense effect ineffective.In order to solve the security problems of DHR in distributed scenarios,trusted computing technology is introduced into DHR communication system.Firstly,we clarify how to build a trusted platform on heterogeneous executors using trusted roots and trusted chains,providing the basis for honesty metrics,remote platform trusted proof and identity authentication of heterogeneous executors;Then,based on given the trusted platform of heterogeneous executors,we propose secure remote access schemes for single-trust domain and multi-trust domain DHR communication systems respectively,and define a complete trusted security architecture for DHR communication systems;finally,a reliable security system is established to ensure the trustworthiness of heterogeneous executors in DHR communication systems and the secure authentication between each component to prevent the access of illegal devices.In addition,a traceable anonymous authentication scheme MT-DAA(Mimic oriented Traceable Direct Anonymous Attestation)applicable to single trust domain DHR communication networks based on the operational characteristics of DHR communication networks is proposed.The scheme fully considers the operation mechanism of DHR.By anonymizing the consistency adjudication,the adjudicator only knows that it accepts the output of the legitimate heterogeneous executor without knowing the specific identity information of the communicating party,thus invalidating the information theft against the adjudicator.By incorporating the traceability parameters that can only be recognized by the policy scheduler,MT-DAA realizes the function of anonymous traceability.In terms of protocol efficiency,this scheme incorporates the advantages of existing DAA schemes and reduces the computation of pseudonymity in DAA protocols to a theoretical minimum by shifting the computation from the TPM,which has weak computational power,to the Host,which has stronger computational power,without compromising security.Meanwhile,the superiority of the MT-DAA scheme is verified by quantitative analysis and experiments,and the security of the scheme under related cryptographic assumptions is proved by combining the ideal reality model with the random oracle model.Considering the scenario that heterogeneous executors produced by different manufacturers belong to different trust domains in practical applications,a cross-domain traceable direct anonymous authentication scheme MMDT-DAA(Mimic and Multiple-Domain oriented Traceable Direct Anonymous Attestation)based on MT-DAA is proposed.MMDTDAA scheme inherits the security features of the MT-DAA scheme,transfers operations with low security requirements from TPM to Host,and reduces the computation of TPM to the lowest of the existing DAA cross-domain schemes.Quantitative analysis and experiment results show that MMDT-DAA has higher operational efficiency than existing DAA cross-domain authentication schemes.