CN116418602B - Metadata protection anonymous communication method and system based on trusted hardware - Google Patents
Metadata protection anonymous communication method and system based on trusted hardware Download PDFInfo
- Publication number
- CN116418602B CN116418602B CN202310682946.XA CN202310682946A CN116418602B CN 116418602 B CN116418602 B CN 116418602B CN 202310682946 A CN202310682946 A CN 202310682946A CN 116418602 B CN116418602 B CN 116418602B
- Authority
- CN
- China
- Prior art keywords
- message
- server
- client
- information
- equal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 230000006854 communication Effects 0.000 title claims abstract description 60
- 238000000034 method Methods 0.000 title claims abstract description 60
- 238000004891 communication Methods 0.000 title claims abstract description 58
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 37
- 230000002159 abnormal effect Effects 0.000 claims abstract description 23
- 230000008569 process Effects 0.000 claims abstract description 22
- 230000008439 repair process Effects 0.000 claims abstract description 6
- 238000012545 processing Methods 0.000 claims description 9
- 239000012634 fragment Substances 0.000 claims description 5
- 238000004590 computer program Methods 0.000 claims description 4
- 230000006399 behavior Effects 0.000 claims description 3
- 230000005540 biological transmission Effects 0.000 claims description 3
- 230000005856 abnormality Effects 0.000 claims description 2
- 239000000284 extract Substances 0.000 claims description 2
- 238000004364 calculation method Methods 0.000 abstract description 2
- 238000001514 detection method Methods 0.000 abstract description 2
- 230000006870 function Effects 0.000 description 12
- 238000013461 design Methods 0.000 description 9
- 238000005516 engineering process Methods 0.000 description 5
- 230000008901 benefit Effects 0.000 description 3
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000000246 remedial effect Effects 0.000 description 2
- 238000011160 research Methods 0.000 description 2
- 241000234282 Allium Species 0.000 description 1
- 235000002732 Allium cepa var. cepa Nutrition 0.000 description 1
- 238000007792 addition Methods 0.000 description 1
- 230000004075 alteration Effects 0.000 description 1
- 230000004888 barrier function Effects 0.000 description 1
- 125000004122 cyclic group Chemical group 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 208000019622 heart disease Diseases 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 238000002156 mixing Methods 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 239000002243 precursor Substances 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N20/00—Machine learning
- G06N20/20—Ensemble learning
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0407—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
- H04L63/0421—Anonymous communication, i.e. the party's identifiers are hidden from the other party or parties, e.g. using an anonymizer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/062—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/70—Reducing energy consumption in communication networks in wireless communication networks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Data Mining & Analysis (AREA)
- Evolutionary Computation (AREA)
- Medical Informatics (AREA)
- Artificial Intelligence (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Physics (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a metadata protection communication method and system based on safe and trusted hardware. According to the proposed customized algorithms such as abnormal information detection and active repair, the problem of metadata privacy leakage in end-to-end encryption communication is solved through seven steps such as connection establishment, message encoding and trusted hardware end communication mode repair, and metadata privacy protection in the communication process is realized by utilizing the confidentiality of the calculation and storage processes provided by the trusted hardware.
Description
Technical Field
The invention belongs to the field of privacy communication, relates to technologies such as privacy calculation, trusted hardware, forgetting algorithm, anomaly detection and the like, and particularly relates to a metadata protection anonymous communication method and system based on the trusted hardware.
Background
With the large-scale popularization of mobile communication terminals, the public is paying more attention to communication privacy protection. Although conventional end-to-end encryption communication systems can protect communication data privacy, privacy protection at the metadata level remains a challenging problem. Communication metadata generally refers to communication information such as identity of both parties, communication duration, communication frequency, communication traffic, etc., for example, a communication partner frequently communicates with a cardiologist, and it can be inferred that the communication partner has a high probability of suffering from heart disease. Although specific communication contents are not disclosed, merely exposing such metadata may also result in serious privacy disclosure. The security threat promotes the research of metadata privacy protection technology, and in recent years, anonymous communication systems with metadata protection are generated, so that the systems not only can protect data privacy, but also can protect metadata generated in the communication process, thereby realizing comprehensive privacy protection.
The existing metadata privacy protection anonymous communication system can be mainly divided into the following four types: (1) Onion routing realizes anonymous communication by multilayer encryption of data packets; (2) The hybrid network mixes the message protection metadata privacy of a plurality of users through the intermediate node; (3) DC networks provide unconditional security through techniques using broadcast messages; (4) The private mailbox enables anonymous protection by forgetting to write or read mailboxes hosted on an untrusted server.
In general, existing metadata protection anonymous communication systems have difficulty in achieving a good balance between security, performance, and trust assumptions. On the one hand, high security systems typically require a large number of encryption operations and complex cryptographic designs, such as cyclic writing and reading operations using "virtual addresses" as intermediaries between the communicating parties, but such large scale cryptographic operations can result in expensive computational costs and performance barriers. On the other hand, high performance systems typically provide weaker security guarantees, such as in the framework of differential privacy, using random noise to perturb the write and read operations observable at "virtual addresses". Such systems typically require a small portion of the servers to be trusted to achieve unlinkability of message exchanges. In short, higher security systems have high latency and low performance, while higher performance systems often rely on strong security assumptions and are difficult to deploy. Therefore, there is an urgent need for an anonymous communication system that can guarantee security in a cryptographic sense and support a large number of users within a second-level delay, so as to meet the increasing communication privacy protection requirements of people.
In recent years, hardware-based trusted execution environment-related technologies are becoming mature. In 2013, intel corporation proposed that the software instruction set expands SGX, and after data is stored in a trusted secure hardware environment enclaspe, SGX protects them from being accessed only by authenticated external programs, thereby implementing trusted computing. In practicing the present invention, the inventors have found that there are obvious benefits if trusted hardware is applied to anonymous communication systems, such as using fewer servers than in the prior art for traffic mixing to reduce latency while facilitating deployment of the system on-site by large-scale users, but there are many challenges. On the one hand, the trusted hardware has security risks, especially leakage of a memory access mode, which needs to be solved by a customized system structure and smart algorithm design; on the other hand, research shows that even though servers in the system are all trusted, implementing metadata privacy protection is still very challenging, with much higher difficulty than content protection. Because metadata privacy protection needs to consider powerful active aggressors in the network, such aggressors can infer communication privacy by using selective interference traffic, for example, a selected client is disconnected to identify a target communication user, and metadata privacy protection cannot be solved by directly using trusted hardware.
Disclosure of Invention
Therefore, in order to make up the defects of the prior art, the invention designs the method and the system for protecting anonymous communication based on the metadata of the trusted hardware, and designs an anonymous communication system with high safety, high performance and flexible trust assumption by utilizing the safety and the convenience of the trusted hardware and avoiding the risks existing in the trusted hardware.
The invention discloses a metadata protection anonymous communication method based on trusted hardware, which is characterized by comprising the following steps of:
step 1: initializing a server, and establishing connection among all modules for information transmission;
step 2: the trusted cryptography infrastructure generates and distributes keys for all participants, and the client prepares a message;
step 3: the method comprises the steps that a client and a server are connected in a safe mode;
step 4: the server receives the client information, transmits the client information into the trusted hardware, and the trusted hardware receives and decodes the information;
step 5: the trusted hardware executes a customized forgetting algorithm to realize normal message exchange and abnormal message active repair; the forgetting algorithm specifically comprises the following steps:
step 5.1: rejecting messages with the wheel mark not being the current wheel;
step 5.2: the server uses a forgetting ordering algorithm to order all messages of the current round by using the authentication mark as a key value;
step 5.3: the server traverses the sequenced message sequence, judges whether the message is a normal message, a self-sending message or an abnormal message, and carries out corresponding processing on different types of samples;
step 5.4: the server uses a forgetting ordering algorithm to order all messages of the current round by taking the identification of a receiver as a key value, and prepares to send a message queue;
step 6: the server acquires a message data packet from the trusted hardware module and transmits the message data packet back to the client;
step 7: the client receives and decodes the message.
Further, the specific implementation of the step 1 is that each client in the system establishes connection with a coordinator machine, the server establishes connection with the coordinator machine, and the coordinator machine organizes the behaviors of the client and the server according to rounds. The purpose of the round-robin process is to ensure that the server gets at most one message from each client, so that the following message type determination is true. The specific implementation is that the current turn is indicated by the turn mark which does not appear repeatedly, and the coordinator sends the turn mark to the client and the server according to a certain time interval.
Further, the coordinator machine is used for coordinating the round information of each module in the system so as to synchronize the communication among users. The coordinator machine groups the client and server behaviors by turns, specifically, sending the current turn flag to the client and server by the coordinator. Wherein the turn is marked as a positive integer and is uniformly iterated and increased with time, thereby distinguishing user messages of different turns.
Further, the specific implementation process of the step 2 is as follows:
step 2.1: the client acquires configuration information from the coordination machine, and generates a message to be sent in the current round, wherein the configuration information comprises a server address, a server key, a server security hardware key, a round mark, a message length and a session key;
step 2.2: the client generates a privacy authentication mark according to a message receiving object, wherein the receiving object comprises another client or a system;
step 2.3: the client side extracts fragments with message length from the information to be sent, and fills the fragments with random data when the message length is insufficient or empty;
step 2.4: the client combines the authentication token, sender identification, receiver identification, server serial number and round token, and the encrypted information content into a message and encrypts it using a key negotiated with the server.
Further, step 3 establishes a secure connection with the server for the client using the server address and the key, and sends the message to the server.
Further, the judgment of the message type in step 5.3 is specifically as follows:
for a single message, judging whether the authentication mark of the single message is Equal to the previous message and the next message by using a forgetting comparison algorithm, and marking the single message as Equal-prev, equal-next and Equal-next2;
judging the message type by using the Equal-prev, the Equal-next and the Equal-next2, and judging the current message as a normal message when only one of the Equal-prev and the Equal-next is true; when all of the Equal-prev, equal-next and Equal-next2 are false, judging that the current message is a self-sending message; the rest is an exception message.
Further, the processing procedure after the message type is determined in step 5.3 is as follows:
filling information of message receivers for different types of messages, and performing message exchange for normal messages by using a forgetting selection function in a judging process, namely filling the sender identification of the previous message with the receiver identification of the message if the Equal-prev is true; if the Equal-next is true, the sender identification of the subsequent message is filled with the receiver identification of the message, and the sender identification of the message is filled with the sender identification of the message for the outgoing message and the exception message.
Further, the specific implementation of the step 7 includes the following sub-steps:
step 7.1: the client receives a return message from the server, and returns an abnormal message loss if no message is received;
step 7.2: the client decodes the return message by using the key negotiated with the server, and returns an abnormal decoding failure if the return message cannot be decoded normally;
step 7.3: for an idle client terminal which is required to send information to the system, the steps are not required to be continued, and the information sending process is completed once; for the clients which actually communicate, checking the sender of the message, if the sender is self, returning an abnormality, namely that the receiver message is abnormal and possibly intercepted; if the sender is the other party, normally completing the message sending process once.
Based on the same inventive concept, the scheme also relates to a metadata protection anonymous communication system based on trusted hardware, which comprises a server module, a client module and a feasible hardware module;
specifically, the operation flow of the server module comprises initialization and connection establishment with a coordinator; obtaining a key from a trusted cryptography infrastructure; establishing a secure connection with a client; receiving a client message and transmitting the client message to a trusted hardware module; and acquiring the processed information from the trusted hardware module and sending the processed information to the client.
The operation flow of the client module comprises the establishment of connection with a coordinator; obtaining a key from a trusted cryptography infrastructure; preparing a message; establishing a secure connection with a server side and sending a message; the processed message is received from the server, decoded, and information is obtained.
The trusted hardware module operation flow includes incoming messages from a receiving server; decoding the message; operating a forgetting algorithm to identify normal abnormal information and performing corresponding processing; the processed message is encrypted and sent out to the server. The forgetting algorithm flow comprises the steps of providing non-current round information; ordering the messages; and judging the message type.
Based on the same inventive concept, the scheme also designs electronic equipment, which comprises:
one or more processors;
a storage means for storing one or more programs;
the one or more programs, when executed by the one or more processors, cause the one or more processors to implement a trusted hardware-based metadata protection anonymous communication method.
Based on the same inventive concept, the present solution also designs a computer readable medium, on which a computer program is stored, characterized in that: the program, when executed by the processor, implements a trusted hardware-based method of metadata protection anonymous communications.
The invention has the advantages that:
the invention utilizes the trusted hardware to complete the metadata protection operation, and compared with the prior art, the invention can better consider anonymity security and system performance;
the invention can actively detect abnormal information and actively take remedial measures, and can defend against active interception attack and replay attack by an attacker controlling the client;
the invention uses the forgetting algorithm, avoids the leakage of memory information and can defend the leakage attack of the memory access mode aiming at feasible hardware.
The invention utilizes the trusted hardware to realize the end-to-end encryption communication server main body part of the metadata protection to run on the trusted hardware, thereby protecting the metadata privacy and simultaneously keeping high performance and low cost; the server can actively detect and repair abnormal communication; the server uses a forgetting algorithm in the trusted hardware to avoid the trusted hardware from being attacked by the side channel.
Drawings
Fig. 1 is a general flow chart of a system of the metadata protection method based on trusted hardware.
FIG. 2 is a schematic diagram of a client-server system architecture according to the present invention.
Wherein the coordinator is not shown in fig. 2 for simplicity of presentation.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more clear, the present invention will be described in further detail with reference to the accompanying drawings and examples. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.
Example 1
The invention provides a metadata protection anonymous communication method based on trusted hardware, which realizes the flow. Referring to the general flow chart 1, the invention takes Intel SGX as an example, and provides an end-to-end encryption communication method using the Intel SGX as a safe hardware environment, which comprises the following steps:
step 1: in the system, each client end is connected with a coordinator machine, a server is connected with the coordinator machine, and the coordinator machine groups the client ends and the server according to the actions of the wheels.
Step 2: the client obtains the server address and key from the coordinator machine, and the key of the secure hardware running in the server, and generates messages in rounds under the direction of the coordinator machine. It should be noted that before communication, the two parties should negotiate the necessary information for communication, such as the two party key, shared secret, identity, communication round, etc. The negotiation process of the two communication parties is not in the design scope of the invention, the security in the negotiation process is not in the consideration of the invention, and the invention defaults to the process to be safe and not leak privacy. The typical implementation method comprises the following steps: offline interactions, metadata privacy preserving dialing schemes based on cryptographic schemes, and the like.
The specific implementation of the step 2 comprises the following sub-steps:
step 2.1: the client receives configuration information such as server address, server key, server security hardware key, round tag, message length, session key, etc. from the coordinator machine and locally generates the message to be sent in the current round. In particular, the message length bit 256 bytes is set in this example; the round tag is 64 bit integer, the initial value is 0, and the coordinator machine increments it by one every time it completes a round.
Step 2.2: the client generates an authentication mark according to the message receiving object. Each client uses the same seed and engine to generate 64-bit random numbers as own identity. When a client communicates with another client, the client generates a 128-bit authentication mark by utilizing a hash function based on the self identity, the receiver identity, the shared secret and the round sequence number; when the client does not send information, the system requires the client to send information to itself, and the client randomly generates 128-bit authentication marks. The specific process of the communication to the authentication mark is expressed as follows:
authentication flag=hash ((sender identification+reception) person identification) shared secret round number. (1)
Step 2.3: the client takes out the fragments of the message length from the information to be sent, and if the remaining message is less than the message length, fills the remaining length with random data. The client encrypts the retrieved message using the recipient's key. When the client does not send information, the client randomly generates data of the message length as a false message. In particular, in this implementation, the user transmission information is empty, so all messages are filled with random data, and the user in the implementation is a simulated user, which does not affect the operation of the whole system. Specifically, the content of the client encrypted message in the implementation is completed by using an encryption function in a OpenSSL CryptoLib library, which is a lightweight implementation of the AES-GCM encryption algorithm.
Step 2.4: the client combines the round tag, authentication tag, sender identification, receiver tag set to null, encrypted information into a message and encrypts it using a key negotiated with the server. In this implementation, the message consists of a message header and message content, where the message header consists of a 128-bit authentication tag, a 64-bit sender identification, a 64-bit receiver tag, an 8-bit server serial number, an 8-bit round tag. The client encrypted message in the implementation is completed by using an encryption function in a CryptoLib library, which is a lightweight implementation of an AES-GCM encryption algorithm. The encryption process is specifically expressed as follows:
message header= [ authentication mark sender identification || | receiver tag server sequence number round tag]
Message body = Enc (information slice, recipient key)
Message= [ message header, message body]
Content=enc (message, server key) (2)
Step 3: the client establishes a secure connection with the server using the server address and the key, and sends a message to the server. In the example, the client establishes connection with the server and establishes TSL/SSL connection by using gRPC, wherein gRPC is an open source remote procedure call system which is dominated by ***; the remote calling system is a computer remote communication mode, and the computer program can remotely call the subprograms of other computers just like calling the local subprograms; wherein TSL/SSL is a transport layer security protocol and its precursor security communication protocol is a security protocol that provides security and integrity assurance for network communications; the specific step of establishing the TSL/SSL connection is to create a credited certificate using the sscredensals function, and then create a connection using the cretechannel function, with the server address and the credited certificate as parameters, i.e., cretechannel (server_name, creds).
Step 4: the server receives the information sent by the client and transmits the information to the trusted hardware. The trusted hardware receives and decodes the message. In the implementation, trusted hardware is realized by Intel SGX, a decoding function is realized in SGX, and ECALL declaration is used in the process of message input SGX. The Intel SGX is a security zone isolation technology which is dominated by Intel, and is essentially a set of security expansion instructions under an x86 system, and a user program can use the SGX technology to create a private memory area on a supported Intel chip, wherein the content is protected and cannot be acquired by any main body outside the self program; the decoding function is a decryption function in a cryptoLib library, and is a lightweight implementation of an AES-GCM encryption algorithm; wherein ECALL is a language grammar in Enclave defined by SGX, and functions declared by ECALL run in Enclave and can be called by Enclave external programs; wherein the decoding process is specifically expressed as:
message=dec (send content, server key) (3)
Step 5: the trusted hardware performs a forgetting algorithm, detects and repairs the abnormal message, exchanges the normal message, and re-encrypts the message. The forgetting algorithm refers to the operation of executing all design data in trusted hardware, and forgetting primitives are used in the bottom implementation, including comparison operation, assignment operation, sorting operation and the like. The forgetting algorithm refers to a series of security algorithms for protecting memory access modes, which ensure that access to memory in the algorithm is independent of input data.
The specific implementation of the step 5 comprises the following sub-steps:
step 5.1: the round tag is removed from the message of the current round, the server keeps the round tag obtained from the coordinator machine, and then traverses each message to compare whether the round tag in the message header of each message is equal to the round tag obtained from the coordinator machine. If yes, the message is the current round message and is reserved; otherwise, the message is a malicious message or an error message, and is discarded.
Step 5.2: the server uses a forgetting ordering algorithm to order all messages of the current round with authentication marks as key values. In the implementation, a forgetting ordering algorithm in a Secure XGBoost forgetting algorithm library is used, and the bottom layer is implemented by using forgetting primitives, so that the memory access condition in the leak ordering process can be avoided. In step 5.3, the labels of both parties are ordered when the authentication labels are spliced, so the labels in the two messages of both the receiving party and the sending party are identical, and the labels with identical ordering are arranged at adjacent positions.
Step 5.3: the server traverses the ordered message sequence, judges whether the message is a normal message, a self-sending message or an abnormal message, and carries out corresponding processing on different types of samples.
The specific implementation of the step 5.3 comprises the following sub-steps:
step 5.3.1: for a single message, a forgetting judgment algorithm is used for judging whether the authentication mark is Equal to the previous message and the next message, and the authentication mark is marked as Equal-prev, equal-next and Equal-next2.
Step 5.3.2: judging the message type by using the square-prev, the square-next 2 and the Error, wherein the Error is a variable initialized to false before traversal, and the processing step of each message in traversal inherits the Error of the last message. When the Equal-prev is true and Error is true, judging that the current message is an abnormal message; further, when Equal-prev is true and Equal-next is true, determining that the current message is an abnormal message; in addition, when the Equal-next2 is true, determining that the current message is an abnormal message; further, when only one of the Equal-prev and Equal-next is true, it is determined that the current message is a normal message; in addition, the current message is determined to be a self-sending message when all of Equat-prev, equat-next, and Equat-next 2 are false.
Step 5.3.3: the message recipient information is populated for different types of messages and the decision process uses a forgetting selection function. For normal messages, message exchange is carried out, namely if the Equal-prev is true, the sender identification of the previous message is filled with the receiver identification of the message; if Equal-next is true, the sender identification of the next message is populated with the recipient identification of the message. For outgoing messages and exception messages, the recipient identification is populated with the sender identification of the message. The step isolates the normal user from the attacked user group, and ensures the consistency of the communication mode, namely, the users which are not directly attacked can certainly receive a message every round, and the blocked users which are directly attacked can not receive the message.
Step 5.4: the server uses a forgetting ordering algorithm to order all messages of the current round with the recipient label as a key value, ready to send the messages in order after ordering. The forgetting ordering algorithm is used again, so that continuous sending of messages of both sides of the transceiver is avoided.
Step 6: the server sends the processed encrypted message to the message specifying client. In this implementation, the messaging uses gRPC to establish a secure connection and remotely invoke the implementation.
Step 7: the client receives, decodes and exception-handles the message. In this example, the client decoding is done using a decryption function in the CryptoLib library, consistent with the encryption flow.
Preferably, the specific implementation of the step 7 comprises the following sub-steps:
step 7.1: the client receives the return message from the server, and if the message is not received, the message is reported to be lost.
Step 7.2: the client decodes the returned message by using the key negotiated with the server, and if the decoding is not normal, the error is reported to the client to indicate that the decoding is failed.
Step 7.3: for an idle client terminal which is required to send information to the system, the steps are not required to be continued, and the information sending process is completed once; for the clients which actually communicate, checking the sender of the message, if the sender is self, reporting error that the receiver message is abnormal, and the opposite party can be intercepted; if the sender is the other party, normally completing the message sending process once.
The invention utilizes the trusted security hardware to complete the metadata protection operation, and compared with the prior art, the invention can better consider anonymous security and system performance; the invention can actively detect abnormal information and actively take remedial measures, and can defend against active interception attack and replay attack by an attacker controlling the client; the invention uses the forgetting algorithm, avoids the leakage of memory information and can defend the leakage attack of the memory access mode aiming at feasible hardware.
Example two
Based on the same conception, the scheme also designs a metadata protection anonymous communication system based on trusted hardware, which comprises a server module, a client module and a feasible hardware module;
specifically, the server module operation flow includes initialization; establishing a connection with a coordinator; obtaining a key from a trusted cryptography infrastructure; establishing a secure connection with a client; receiving a client message and transmitting the client message to a trusted hardware module; and acquiring the processed information from the trusted hardware module and sending the processed information to the client.
The operation flow of the client module comprises the establishment of connection with a coordinator; obtaining a key from a trusted cryptography infrastructure; preparing a message; establishing a secure connection with a server side and sending a message; the processed message is received from the server, decoded, and information is obtained.
The trusted hardware module operation flow includes incoming messages from a receiving server; decoding the message; operating a forgetting algorithm to identify normal abnormal information and performing corresponding processing; the processed message is encrypted and sent out to the server. The forgetting algorithm flow comprises the steps of providing non-current round information; ordering the messages; and judging the message type.
Because the device described in the second embodiment of the present invention is a system for implementing the metadata protection anonymous communication method based on trusted hardware in the second embodiment of the present invention, based on the method described in the first embodiment of the present invention, a person skilled in the art can understand the specific structure and the modification of the electronic device, and therefore, the description thereof is omitted herein.
Example III
Based on the same inventive concept, the invention also provides an electronic device comprising one or more processors; a storage means for storing one or more programs; the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the method described in embodiment one.
Because the device described in the third embodiment of the present invention is an electronic device for implementing the metadata protection anonymous communication method based on trusted hardware in the third embodiment of the present invention, based on the method described in the first embodiment of the present invention, a person skilled in the art can understand the specific structure and the deformation of the electronic device, and therefore, the description thereof is omitted herein. All electronic devices adopted by the method of the embodiment of the invention belong to the scope of protection to be protected.
Example IV
Based on the same inventive concept, the present invention also provides a computer readable medium having stored thereon a computer program which, when executed by a processor, implements the method described in embodiment one.
Because the device described in the fourth embodiment of the present invention is a computer readable medium for implementing the method for protecting anonymous communication based on metadata of trusted hardware in the fourth embodiment of the present invention, based on the method described in the first embodiment of the present invention, a person skilled in the art can understand the specific structure and the modification of the electronic device, and thus the description thereof will not be repeated here. All electronic devices adopted by the method of the embodiment of the invention belong to the scope of protection to be protected.
The specific examples of implementations described in this disclosure are merely illustrative of the methods and steps of the invention. Those skilled in the art to which the invention pertains will appreciate that alterations and additions may be made to the specifically described embodiments without departing from the principles and spirit of the invention or exceeding the scope of the invention as defined in the appended claims. The scope of the invention is limited only by the appended claims.
Claims (9)
1. A method for protecting anonymous communications based on metadata of trusted hardware, comprising the steps of:
step 1: initializing a server, and establishing connection among all modules for information transmission;
the coordinator machine organizes the behaviors of the client and the server according to turns, the turns are marked as a positive integer, the turns are uniformly and iteratively increased along with time, and user messages of different turns are distinguished;
step 2: the trusted cryptography infrastructure generates and distributes keys for all participants, the client prepares a message,
the client generates an authentication mark according to the message receiving object, specifically:
authentication flag=hash ((sender identification+reception) person identification) shared secret round number;
step 3: the method comprises the steps that a client and a server are connected in a safe mode;
step 4: the server receives the client information, transmits the client information into the trusted hardware, and the trusted hardware receives and decodes the information;
step 5: the trusted hardware executes a customized forgetting algorithm to realize normal message exchange and abnormal message active repair; the forgetting algorithm specifically comprises the following steps:
step 5.1: rejecting messages with the wheel mark not being the current wheel;
step 5.2: the server uses a forgetting ordering algorithm to order all messages of the current round by using the authentication mark as a key value;
step 5.3: the server traverses the ordered message sequence, judges whether the authentication mark of a single message is equal to the previous message and the next message by using a forgetting comparison algorithm, judges whether the message is a normal message, a self-sending message or an abnormal message, carries out corresponding processing on different types of samples, fills the information of a message receiver in the different types of messages, carries out message exchange on the normal message by using a forgetting selection function in the judging process, and fills the receiver identification with the sender identification of the message;
step 5.4: the server uses a forgetting ordering algorithm to order all messages of the current round by taking the identification of a receiver as a key value, and prepares to send a message queue;
step 6: the server acquires a message data packet from the trusted hardware module and transmits the message data packet back to the client;
step 7: the client receives and decodes the message.
2. The trusted hardware-based metadata protection anonymous communication method of claim 1, wherein: the specific implementation process of the step 2 is as follows:
step 2.1: the client acquires configuration information from the coordination machine, and generates a message to be sent in the current round, wherein the configuration information comprises a server address, a server key, a server security hardware key, a round receipt mark, a message length and a session key;
step 2.2: the client generates an authentication mark according to a message receiving object, wherein the receiving object comprises another client or system;
step 2.3: the client side extracts fragments with message length from the information to be sent, and fills the fragments with random data when the message length is insufficient or empty;
step 2.4: the client combines the authentication token, sender identification, receiver identification, server serial number and round token, and the encrypted information content into a message and encrypts it using a key negotiated with the server.
3. The trusted hardware-based metadata protection anonymous communication method of claim 1, wherein: and 3, establishing a secure connection between the client and the server by using the server address and the secret key, and sending the message to the server.
4. The trusted hardware-based metadata protection anonymous communication method of claim 1, wherein:
the judgment of the message type in step 5.3 is specifically as follows:
for a single message, judging whether the authentication mark of the single message is Equal to the previous message and the next message by using a forgetting comparison algorithm, and marking the single message as Equal-prev, equal-next and Equal-next2;
judging the message type by using the Equal-prev, the Equal-next and the Equal-next2, and judging the current message as a normal message when one of the Equal-prev and the Equal-next is true; when all of the Equal-prev, equal-next and Equal-next2 are false, judging that the current message is a self-sending message; the rest is an exception message.
5. The trusted hardware-based metadata protection anonymous communication method as defined in claim 4, wherein: the processing procedure after judging the message type in the step 5.3 is as follows:
filling information of message receivers for different types of messages, and performing message exchange for normal messages by using a forgetting selection function in a judging process, namely filling the sender identification of the previous message with the receiver identification of the message if the Equal-prev is true; if the Equal-next is true, the sender identification of the subsequent message is filled with the receiver identification of the message, and the sender identification of the message is filled with the sender identification of the message for the outgoing message and the exception message.
6. The trusted hardware-based metadata protection anonymous communication method of claim 1, wherein: the specific implementation of the step 7 comprises the following sub-steps:
step 7.1: the client receives a return message from the server, and returns an abnormal message loss if no message is received;
step 7.2: the client decodes the return message by using the key negotiated with the server, and returns an abnormal decoding failure if the return message cannot be decoded normally;
step 7.3: for an idle client terminal which is required to send information to the system, the steps are not required to be continued, and the information sending process is completed once; for the clients which actually communicate, checking the sender of the message, if the sender is self, returning an abnormality, namely that the receiver message is abnormal and possibly intercepted; if the sender is the other party, normally completing the message sending process once.
7. A trusted hardware-based metadata protection anonymous communication system for implementing the method of any one of claims 1-6, characterized by:
the system comprises a server module, a client module and a feasible hardware module;
the operation flow of the server module comprises initialization; establishing a connection with a coordinator; obtaining a key from a trusted cryptography infrastructure; establishing a secure connection with a client; receiving a client message and transmitting the client message to a trusted hardware module; acquiring processed information from a trusted hardware module and sending the processed information to a client;
the operation flow of the client module comprises the establishment of connection with a coordinator; obtaining a key from the trusted cryptography infrastructure, preparing a message; establishing a secure connection with a server side and sending a message; receiving the processed message from the server, decoding and obtaining information;
the trusted hardware module operation flow includes incoming messages from a receiving server; decoding the message; operating a forgetting algorithm to identify normal abnormal information and performing corresponding processing; encrypting the processed information and transmitting the information to a server, wherein the forgetting algorithm flow comprises the steps of providing non-current round information; ordering the messages; and judging the message type.
8. An electronic device, comprising:
one or more processors;
a storage means for storing one or more programs;
when executed by the one or more processors, causes the one or more processors to implement the method of any of claims 1-6.
9. A computer readable medium having a computer program stored thereon, characterized by: the program, when executed by a processor, implements the method of any of claims 1-6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310682946.XA CN116418602B (en) | 2023-06-09 | 2023-06-09 | Metadata protection anonymous communication method and system based on trusted hardware |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310682946.XA CN116418602B (en) | 2023-06-09 | 2023-06-09 | Metadata protection anonymous communication method and system based on trusted hardware |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116418602A CN116418602A (en) | 2023-07-11 |
| CN116418602B true CN116418602B (en) | 2023-08-25 |
Family
ID=87054686
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310682946.XA Active CN116418602B (en) | 2023-06-09 | 2023-06-09 | Metadata protection anonymous communication method and system based on trusted hardware |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116418602B (en) |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103618995A (en) * | 2013-12-04 | 2014-03-05 | 西安电子科技大学 | Position privacy protection method based on dynamic pseudonyms |
| US8850200B1 (en) * | 2011-06-21 | 2014-09-30 | Synectic Design, LLC | Method and apparatus for secure communications through a trusted intermediary server |
| CN105391676A (en) * | 2014-09-05 | 2016-03-09 | 腾讯科技(深圳)有限公司 | Instant communication message processing method, device and system |
| CN108306740A (en) * | 2018-01-22 | 2018-07-20 | 华中科技大学 | A kind of Intel SGX state consistencies guard method and system |
| CN108418691A (en) * | 2018-03-08 | 2018-08-17 | 湖南大学 | Dynamic network identity identifying method based on SGX |
| CN110245534A (en) * | 2019-06-15 | 2019-09-17 | 吴新胜 | A kind of high security radio-frequency identification method based on two-way authentication, device and system |
| CN111552978A (en) * | 2020-04-21 | 2020-08-18 | 杭州趣链科技有限公司 | Privacy protection set intersection solving method based on DH encryption and Hash table |
| CN112119609A (en) * | 2018-05-14 | 2020-12-22 | 区块链控股有限公司 | Method and system for communicating secrets |
| KR20210055272A (en) * | 2019-11-07 | 2021-05-17 | 순천향대학교 산학협력단 | Authentication System and Method based on anonymous protocol in Permissioned Blockchian, RECORDING MEDIUM FOR PERFORMING THE METHOD |
| WO2022252897A1 (en) * | 2021-05-31 | 2022-12-08 | 支付宝(杭州)信息技术有限公司 | Method and apparatus for implementing trusted scheduling |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1557982B1 (en) * | 2004-01-26 | 2011-05-11 | STMicroelectronics Srl | Method and system for admission control in communication networks |
| US10057065B2 (en) * | 2016-04-28 | 2018-08-21 | Arnold G. Reinhold | System and method for securely storing and utilizing password validation data |
| US20180013783A1 (en) * | 2016-07-07 | 2018-01-11 | CyGlass Inc. | Method of protecting a communication network |
-
2023
- 2023-06-09 CN CN202310682946.XA patent/CN116418602B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8850200B1 (en) * | 2011-06-21 | 2014-09-30 | Synectic Design, LLC | Method and apparatus for secure communications through a trusted intermediary server |
| CN103618995A (en) * | 2013-12-04 | 2014-03-05 | 西安电子科技大学 | Position privacy protection method based on dynamic pseudonyms |
| CN105391676A (en) * | 2014-09-05 | 2016-03-09 | 腾讯科技(深圳)有限公司 | Instant communication message processing method, device and system |
| CN108306740A (en) * | 2018-01-22 | 2018-07-20 | 华中科技大学 | A kind of Intel SGX state consistencies guard method and system |
| CN108418691A (en) * | 2018-03-08 | 2018-08-17 | 湖南大学 | Dynamic network identity identifying method based on SGX |
| CN112119609A (en) * | 2018-05-14 | 2020-12-22 | 区块链控股有限公司 | Method and system for communicating secrets |
| CN110245534A (en) * | 2019-06-15 | 2019-09-17 | 吴新胜 | A kind of high security radio-frequency identification method based on two-way authentication, device and system |
| KR20210055272A (en) * | 2019-11-07 | 2021-05-17 | 순천향대학교 산학협력단 | Authentication System and Method based on anonymous protocol in Permissioned Blockchian, RECORDING MEDIUM FOR PERFORMING THE METHOD |
| CN111552978A (en) * | 2020-04-21 | 2020-08-18 | 杭州趣链科技有限公司 | Privacy protection set intersection solving method based on DH encryption and Hash table |
| WO2022252897A1 (en) * | 2021-05-31 | 2022-12-08 | 支付宝(杭州)信息技术有限公司 | Method and apparatus for implementing trusted scheduling |
Non-Patent Citations (1)
| Title |
|---|
| 区块链网络安全保障:攻击与防御;江沛佩;通信学报;第42卷(第1期);第1-12页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116418602A (en) | 2023-07-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Tewari et al. | Cryptanalysis of a novel ultra-lightweight mutual authentication protocol for IoT devices using RFID tags | |
| CN104023013B (en) | Data transmission method, server side and client | |
| WO2014092702A1 (en) | Detecting matched cloud infrastructure connections for secure off-channel secret generation | |
| JP2011530201A (en) | Anonymous authentication method using pre-shared key, read / write machine, electronic tag and anonymous two-way authentication system using pre-shared key | |
| CN109995530B (en) | Safe distributed database interaction system suitable for mobile positioning system | |
| CN103986723B (en) | A kind of secret communication control, secret communication method and device | |
| EP1913728A1 (en) | Total exchange session security | |
| CN111914291A (en) | Message processing method, device, equipment and storage medium | |
| CN114938312B (en) | Data transmission method and device | |
| Chen et al. | Enhanced authentication protocol for the Internet of Things environment | |
| Wu et al. | Internet of Things Security | |
| CN115473655B (en) | Terminal authentication method, device and storage medium for access network | |
| CN116418602B (en) | Metadata protection anonymous communication method and system based on trusted hardware | |
| CN113098685B (en) | Security verification method and device based on cloud computing and electronic equipment | |
| Autry et al. | Fully Decentralized Post-Quantum Resistant Authentication, Encryption Protocol with Full Data Interoperability Universally Deployable in any Network Environment | |
| Roja et al. | Lightweight Secure Key Distribution Protocol (LSKDP) for Wireless Sensor Networks | |
| Sadikin et al. | Efficient key management system for large-scale smart RFID applications | |
| CN113411347B (en) | Transaction message processing method and processing device | |
| CN116827692B (en) | Secure communication method and secure communication system | |
| US20240048363A1 (en) | Network packet tampering proofing | |
| JP2005065004A (en) | Method, device and program for inspecting encrypted communication data | |
| US20240073009A1 (en) | Registration of endpoints by authentication server when onboarding to network | |
| US20240048559A1 (en) | Rendering endpoint connection without authentication dark on network | |
| US20240022568A1 (en) | Authorization and authentication of endpoints for network connections and communication | |
| US20240048364A1 (en) | Registration and authentication of endpoints by authentication server for network connections and communication including packet tampering proofing |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |