基于生物统计信息的多因子远程身份验证协议
|
摘要
为了提高多服务器环境的远程身份验证的安全保障,提出一种包括生物统计信息、椭圆曲线密码和智能卡的多因子身份验证协议。该协议包括设置阶段、服务器注册阶段、用户注册阶段、登录阶段、验证阶段和密码更改阶段6个阶段。在注册阶段,应用了模糊验证器,将生物特征模板转换为随机字符串,避免了生物特征模板的噪声影响;在登陆阶段,使用椭圆曲线加密点乘,明显降低了双线性配对运算的成本。BAN逻辑证明了该协议可实现安全会话密钥协商和双向身份验证,协议安全性分析表明,所提协议可以抵御常见的多种安全性攻击,且注册和登陆阶段的总体计算成本较低。
To improve the security of remote identity authentication in multiple server environment,a multiple-factor authentication protocol including biometric information,elliptic curve cryptography and smart card is proposed. The protocol consists of six stages:setting stage,server registration stage,user registration phase,login stage,verification phase and password change stage. In the registration stage,the application of the fuzzy validator is adopted to convert the biometric template for random string,so as to avoid the effect of noise of biometric templates. On the login stage,elliptic curve cryptography(ECC)multiplication is used,which significantly reduces the cost of the bilinear pairing computation. BAN logic proves that the protocol can achieve secure session key agreement and two-way authentication. The protocol security analysis shows that the proposed protocol can resist many common security attacks,and the overall computation cost of registration and login phase is low.
To improve the security of remote identity authentication in multiple server environment,a multiple-factor authentication protocol including biometric information,elliptic curve cryptography and smart card is proposed. The protocol consists of six stages:setting stage,server registration stage,user registration phase,login stage,verification phase and password change stage. In the registration stage,the application of the fuzzy validator is adopted to convert the biometric template for random string,so as to avoid the effect of noise of biometric templates. On the login stage,elliptic curve cryptography(ECC)multiplication is used,which significantly reduces the cost of the bilinear pairing computation. BAN logic proves that the protocol can achieve secure session key agreement and two-way authentication. The protocol security analysis shows that the proposed protocol can resist many common security attacks,and the overall computation cost of registration and login phase is low.
引文
[1] 帅青红,苗苗. 网上支付与电子银行[M]. 北京:机械工业出版社,2015.
[2] Xia Zhihua,Wang Xinhui,Sun Xingming,et al. A secure and dynamic multi-keyword ranked search scheme over encrypted cloud data[J]. IEEE Transactions on Parallel & Distributed Systems,2016,27(2):340-352.
[3] 王晓菊,田立勤,赵竞雄. 基于物联网的用户行为认证机制与分析[J]. 南京理工大学学报,2015,39(1):70-77.Wang Xiaoju,Tian Liqin,Zhao Jingxiong. User behavioral authentication mechanism and analysis based on IOT[J]. Journal of Nanjing University of Science and Technology,2015,39(1):70-77.
[4] Amin R,Islam S H,Biswas G P,et al. Cryptanalysis and enhancement of anonymity preserving remote user mutual authentication and session key agreement scheme for E-health care systems[J]. Journal of Medical Systems,2015,39(11):1-21.
[5] 汪定. 基于智能卡的远程用户口令认证协议研究[D]. 哈尔滨:哈尔滨工程大学计算机科学与技术学院,2013.
[6] Pippal R S,Jaidhar C D,Tapaswi S. Robust smart card authentication scheme for multi-server architecture[J]. Wireless Personal Communications,2013,72(1):729-745.
[7] Wang Ding,Wang Ping. Understanding security failures of two-factor authentication schemes for real-time applications in hierarchical wireless sensor networks[J]. Ad Hoc Networks,2014,20(2):1-15.
[8] Lee Chengchi,Lou Derchyuan,Li Chunta,et al. An extended chaotic-maps-based protocol with key agreement for multiserver environments[J]. Nonlinear Dynamics,2013,76(1):853-866.
[9] 龙丽萍,陈伟建,杨拥军,等. 基于双因子认证技术的RFID认证协议的设计[J]. 计算机工程与设计,2013,34(11):3726-3730.Long Liping,Chen Weijian,Yang Yongjun,et al. Double factors based authentication protocol for RFID[J]. Computer Engineering and Design,2013,34(11):3726-3730.
[10] 龙威. 基于生物特征的匿名身份认证研究[D]. 北京:北京交通大学交通运输学院,2015.
[11] Amin R,Biswas G P. Design and analysis of bilinear pairing based mutual authentication and key agreement protocol usable in multi-server environment[J]. Wireless Personal Communications,2015,84(1):439-462.
[12] Odelu V,Das A K,Goswami A. A secure biometrics-based multi-server authentication protocol using smart cards[J]. IEEE Transactions on Information Forensics & Security,2015,10(9):1953-1966.
[13] 屈娟,邹黎敏,谭晓玲. 基于动态ID的远程认证方案的分析和改进[J]. 计算机工程与应用,2014,50(22):126-129.Qu Juan,Zou Limin,Tan Xiaoling. Analysis and improvements of dynamic identity-based remote user authentic-cation scheme[J]. Computer Engineering and Applications,2014,50(22):126-129.
[14] 张宁,臧亚丽,田捷. 生物特征与密码技术的融合——一种新的安全身份认证方案[J]. 密码学报,2015,2(2):159-176.Zhang Ning,Zang Yali,Tian Jie. The integration of biometrics and cryptography-A new solution for secure identity authentication[J]. Journal of Cryptologic Research,2015,2(2):159-176.
[15] Chiou Shinyan,Ying Zhaoqin,Liu Junqiang. Improvement of a privacy authentication scheme based on cloud for medical environment[J]. Journal of Medical Systems,2016,40(4):101-115.
[16] 王正才,许道云,王晓峰,等. BAN逻辑的可靠性分析与改进[J]. 计算机工程,2012,38(17):110-115.Wang Zhengcai,Xu Daoyun,Wang Xiaofeng,et al. Reliability analysis and improvement of BAN Logic[J]. Computer Engineering,2012,38(17):110-115.
[2] Xia Zhihua,Wang Xinhui,Sun Xingming,et al. A secure and dynamic multi-keyword ranked search scheme over encrypted cloud data[J]. IEEE Transactions on Parallel & Distributed Systems,2016,27(2):340-352.
[3] 王晓菊,田立勤,赵竞雄. 基于物联网的用户行为认证机制与分析[J]. 南京理工大学学报,2015,39(1):70-77.Wang Xiaoju,Tian Liqin,Zhao Jingxiong. User behavioral authentication mechanism and analysis based on IOT[J]. Journal of Nanjing University of Science and Technology,2015,39(1):70-77.
[4] Amin R,Islam S H,Biswas G P,et al. Cryptanalysis and enhancement of anonymity preserving remote user mutual authentication and session key agreement scheme for E-health care systems[J]. Journal of Medical Systems,2015,39(11):1-21.
[5] 汪定. 基于智能卡的远程用户口令认证协议研究[D]. 哈尔滨:哈尔滨工程大学计算机科学与技术学院,2013.
[6] Pippal R S,Jaidhar C D,Tapaswi S. Robust smart card authentication scheme for multi-server architecture[J]. Wireless Personal Communications,2013,72(1):729-745.
[7] Wang Ding,Wang Ping. Understanding security failures of two-factor authentication schemes for real-time applications in hierarchical wireless sensor networks[J]. Ad Hoc Networks,2014,20(2):1-15.
[8] Lee Chengchi,Lou Derchyuan,Li Chunta,et al. An extended chaotic-maps-based protocol with key agreement for multiserver environments[J]. Nonlinear Dynamics,2013,76(1):853-866.
[9] 龙丽萍,陈伟建,杨拥军,等. 基于双因子认证技术的RFID认证协议的设计[J]. 计算机工程与设计,2013,34(11):3726-3730.Long Liping,Chen Weijian,Yang Yongjun,et al. Double factors based authentication protocol for RFID[J]. Computer Engineering and Design,2013,34(11):3726-3730.
[10] 龙威. 基于生物特征的匿名身份认证研究[D]. 北京:北京交通大学交通运输学院,2015.
[11] Amin R,Biswas G P. Design and analysis of bilinear pairing based mutual authentication and key agreement protocol usable in multi-server environment[J]. Wireless Personal Communications,2015,84(1):439-462.
[12] Odelu V,Das A K,Goswami A. A secure biometrics-based multi-server authentication protocol using smart cards[J]. IEEE Transactions on Information Forensics & Security,2015,10(9):1953-1966.
[13] 屈娟,邹黎敏,谭晓玲. 基于动态ID的远程认证方案的分析和改进[J]. 计算机工程与应用,2014,50(22):126-129.Qu Juan,Zou Limin,Tan Xiaoling. Analysis and improvements of dynamic identity-based remote user authentic-cation scheme[J]. Computer Engineering and Applications,2014,50(22):126-129.
[14] 张宁,臧亚丽,田捷. 生物特征与密码技术的融合——一种新的安全身份认证方案[J]. 密码学报,2015,2(2):159-176.Zhang Ning,Zang Yali,Tian Jie. The integration of biometrics and cryptography-A new solution for secure identity authentication[J]. Journal of Cryptologic Research,2015,2(2):159-176.
[15] Chiou Shinyan,Ying Zhaoqin,Liu Junqiang. Improvement of a privacy authentication scheme based on cloud for medical environment[J]. Journal of Medical Systems,2016,40(4):101-115.
[16] 王正才,许道云,王晓峰,等. BAN逻辑的可靠性分析与改进[J]. 计算机工程,2012,38(17):110-115.Wang Zhengcai,Xu Daoyun,Wang Xiaofeng,et al. Reliability analysis and improvement of BAN Logic[J]. Computer Engineering,2012,38(17):110-115.
© 2004-2018 中国地质图书馆版权所有 京ICP备05064691号 京公网安备11010802017129号 地址:北京市海淀区学院路29号 邮编:100083 电话:办公室:(+86 10)66554848;文献借阅、咨询服务、科技查新:66554700 |