摘要: |
随着信息技术的飞速发展,电子邮件以其成本低廉、方便快捷等优点成为一种不可或缺的通信方式。但与此同时,垃圾邮件的泛滥不仅给用户带来不便,还耗费大量网络资源,甚至严重威胁网络安全。
本文研究基于计算成本的反垃圾邮件技术,旨在不影响诚实用户群发邮件需求的情况下实现反垃圾邮件的功能。利用基于属性的访问控制技术,本文首先定义了一个新的陷门成本函数,称为基于属性的陷门成本函数(attribute-based trapdoor cost function, AB-TCF),具有计算成本比可忽略、正确性和可靠性3条安全性质。对于AB-TCF,陷门以细粒度的方式分发给用户,使得满足属性要求的用户可以获得陷门,能够以很低的成本计算AB-TCF;而不满足属性要求的用户无法获得陷门,需要以很高的成本计算AB-TCF。基于整数分解假设,本文给出了一个AB-TCF的形式化构造并证明了其安全性。然后,本文基于AB-TCF设计了一个反垃圾邮件系统,要求所有发送者在发送邮件时计算AB-TCF。AB-TCF计算成本比可忽略的性质保证了满足属性要求的诚实用户可以使用其陷门来很容易地群发邮件;而不满足属性要求的恶意垃圾邮件发送者只能付出昂贵的计算成本,这可以从源头上遏制垃圾邮件的发出,从而实现了反垃圾邮件的功能。理论分析和实验结果均表明该系统能够在发送端大幅减少垃圾邮件的数目,同时不会影响诚实用户群发邮件。此外,兼容性分析表明所提出的反垃圾邮件方法可以与现有邮件系统兼容,并且结合使用可以进一步提升反垃圾邮件的效果。 |
关键词: 反垃圾邮件 群发邮件 陷门成本函数 属性访问策略 |
DOI:10.19363/J.cnki.cn10-1380/tn.2023.08.38 |
投稿时间:2021-07-28修订日期:2021-11-17 |
基金项目:国家重点研发计划基金(No. 2017YFB0802503),“十三五”国家密码发展基金(No. MMJJ20180208) |
|
Anti-spam Technology Based on Computational Cost |
Chen Lijiao, Lv Kewei, Yao Gang
|
(State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences) |
Abstract: |
With the rapid development of information technology, email has become an indispensable way of communication due to its advantages such as low cost, convenience, and high efficiency. On the other hand, the proliferation of spam not only disturbs users, but also consumes a lot of network resources, and even seriously threatens network security.
In this paper, we study the anti-spam technology based on computational cost, aiming to realize the anti-spam function while fulfilling the needs of honest users to send mass emails. Using the attribute-based access control technique, we first define a new trapdoor cost function, named attribute-based trapdoor cost function (AB-TCF), which satisfies three security properties: negligible computational cost ratio, correctness, and soundness. For AB-TCF, trapdoors are distributed to users in a fine-grained manner, such that any user who meets the attribute requirements can obtain a trapdoor and can compute AB-TCF at comparably low cost; whereas users who do not meet the attribute requirements need to compute AB-TCF at very high cost. Under the integer factorization assumption, we give a formal construction of AB-TCF and prove its security. Then, basing on AB-TCF, we design an anti-spam system, in which all senders are required to compute AB-TCF when sending emails. The negligible computational cost ratio property of AB-TCF ensures that honest users who meet the attribute requirements can easily send mass emails using their trapdoors; whereas malicious spammers have to pay expensive computational costs. In this way, spam emails can be prevented from being sent out at the source, thereby realizing the anti-spam function. Theoretical analysis and experimental results show that our proposed system can greatly reduce the number of spam emails at the sending end, while still running well for honest users to send mass emails. In addition, the compatibility analysis shows that our anti-spam method is compatible with existing email systems, which can further enhance the anti-spam effect when combining with our method. |
Key words: anti-spam mass email cost function attribute access policy |