信息网络安全 ›› 2023, Vol. 23 ›› Issue (10): 39-47.doi: 10.3969/j.issn.1671-1122.2023.10.006

• 入选论文 • 上一篇    下一篇

位置信息端云可信传输方案设计

张璐1,2, 屠晨阳1(), 苗张旺3, 甘静鸿4,5   

  1. 1.中国科学院信息工程研究所信息安全国家重点实验室,北京 100085
    2.中国科学院大学网络空间安全学院,北京 100049
    3.国家信息中心,北京 10045
    4.中国人民公安大学信息网络安全学院,北京 100038
    5.漳州市公安局台商投资区分局,漳州 363000
  • 收稿日期:2023-06-26 出版日期:2023-10-10 发布日期:2023-10-11
  • 通讯作者: 屠晨阳 E-mail:tuchenyang@iie.ac.cn
  • 作者简介:张璐(1998—),女,河南,硕士研究生,主要研究方向为信息安全|屠晨阳(1988—),男,北京,高级工程师,博士,主要研究方向为信息安全|苗张旺(1991—),男,河北,助理研究员,博士,主要研究方向为网络空间安全与人工智能|甘静鸿(1995—),女,福建,硕士研究生,主要研究方向为警务大数据分析技术
  • 基金资助:
    国家重点研发计划(2022YFB3903900)

Design of an End-to-Cloud Trusted Transmission Solution for Location Information

ZHANG Lu1,2, TU Chenyang1(), MIAO Zhangwang3, GAN Jinghong4,5   

  1. 1. State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100085, China
    2. School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China
    3. The State Information Center, Beijing 100045, China
    4. School of Information Network Security, People’s Public Security University of China, Beijing 100038, China
    5. Zhangzhou Public Security Bureau Taiwan Business Investment Zone Branch, Zhangzhou 363000, China
  • Received:2023-06-26 Online:2023-10-10 Published:2023-10-11

摘要:

由于北斗导航技术与大众消费级应用的深度融合发展,位置信息的重要性愈加凸显,但大多应用未对位置信息进行充分保护,计算复杂性高的传统密码学方案不能直接用于资源受限的北斗导航应用环境,且终端的软件执行环境也并不安全。因此文章基于专用的北斗导航芯片,在芯片内部利用密码与通信模块实现轻量级的位置信息端云可信传输机制,基于TLS(Transport Layer Security)的协议思路保护位置信息在传输中的真实性、完整性与机密性。文章所提方案尽可能少地使用复杂的计算、验证与证书管理,在保证数据处理性能的同时抵御中间人攻击、重放攻击、拒绝服务等攻击,具有一定的安全性与鲁棒性。

关键词: 北斗, 位置保护, 安全通信, 端云可信传输

Abstract:

Due to the deep integration and development of BeiDou navigation technology and mass consumer applications, the importance of location information has become increasingly prominent, but most applications have not fully protected the location information. The traditional Cryptography solutions with high computational complexity cannot be directly used in the resource constrained BeiDou navigation application environment, and the software execution environment of the terminal is not safe. This article was based on a dedicated BeiDou navigation chip, which utilized cryptographic and communication modules to achieve a lightweight end-to-cloud trusted transmission mechanism for location information within the chip. The mechanism protected the authenticity, integrity, and confidentiality of location information during transmission based on the TLS (Transport Layer Security) protocol concept. This solution not only minimizes the use of complex calculations, verification, and certificate management to ensure data processing performance, but also resists attacks such as man in the middle, replay, and denial of service, with a certain degree of security and robustness.

Key words: BeiDou, location protection, secure communication, end-to-cloud trusted transmission

中图分类号: