一种基于动态口令的异构机制身份认证方案
|
摘要
鉴于双因素认证需依赖智能卡和时钟同步问题突出,并且随机数开销大的弊端,提出了一种基于挑战应/答机制的动态口令异构机制认证方案,该方案不涉及第三方设备,通过SHA-256计算、"与"计算减轻了运算过程的开销,缩短了运算时间。同时服务器端与用户端的双向身份认证中采取随机数与Rabin加密机制加强安全性,能够有效地抵御重放攻击等各类攻击,可用于对安全性有一定要求的应用与环境。在同各类方案进行对比体现该方案优势的同时,也通过SVO逻辑方法对该方案的认证过程做了形式化的分析及论证。
Taking into account these phenomena that Two-factor authentication depends on the smart card,there is a serious clock synchronization problem,and the random number is consumed very much,a dynamic password heterogeneous mechanism authentication scheme based on challenge response mechanism is proposed.The program does not involve third-party equipment,with SHA-256 and the AND calculation reduces the overhead of the operation,shorten the operation time.At the same time,in the server and the client side of the two-way authentication to take random number and Rabin encryption mechanism to enhance security,and can effectively resist replay attacks and other types of attacks,this program can be used for applications and environments where security is required.In comparison with the various types of programs can reflect the advantages of the program,and through the SVO logic method of the program certification process to do a formal analysis and demonstration.
Taking into account these phenomena that Two-factor authentication depends on the smart card,there is a serious clock synchronization problem,and the random number is consumed very much,a dynamic password heterogeneous mechanism authentication scheme based on challenge response mechanism is proposed.The program does not involve third-party equipment,with SHA-256 and the AND calculation reduces the overhead of the operation,shorten the operation time.At the same time,in the server and the client side of the two-way authentication to take random number and Rabin encryption mechanism to enhance security,and can effectively resist replay attacks and other types of attacks,this program can be used for applications and environments where security is required.In comparison with the various types of programs can reflect the advantages of the program,and through the SVO logic method of the program certification process to do a formal analysis and demonstration.
引文
[1]LAMPORT l.Password authentication with insecure communication[J].Communications of the ACM,1981,24(11):770—772.
[2]HALLER N M.The S/Key One-time Password System.Proceedings of the Internet Society Symposium on Network and Distributed System Security[C].San Diego,1995:151—157.
[3]杨绍禹,王世卿,郭晓峰.一种基于环签名的跨域云服务资源远程证明方法[J].小型微型计算机系统,2014,35(2):324—328.
[4]曹阳,洪岐,余冬梅.基于椭圆曲线密码体制的OTP身份认证方案[J].计算机与数学工程,2011,39(10):118—120.
[5]隆笑,王景成,赵广磊,等.基于哈希函数的正弦投影身份认证方案[J].计算机工程.012,38(9):126—130.
[6]HSIEH Wen-Bin,LEU Jenq-Shiou.A dynamic identity user authentication scheme in wireless sensor networks[J].IEEE,2013:1132—1137.
[7]MOUFTAH V M,Mouftah.Improved two-factor user authentication in wireless sensor networks.Wireless and Mobile Computing,Networking and Communications(Wi Mob)[J].IEEE,2010:600—606.
[8]张德育,徐莲.一种改进动态口令双向身份认证方案研究[J].沈阳理工大学学报,2013,32(5):23—26.
[9]周福才,高克宁,曹光辉,等.基于混沌理论的身份认证机制及其安全性分析[J].小型微型计算机系统,2003,24(12):2088—2091.
[10]蒋华,阮玲玲,王鑫.基于SHA-256消息认证的四次握手协议研究[J].微电子学与计算机,2014,31(8):155—158.
[11]BEHROUZ A.Cryptography and Network Security by Forouzan[M].Mc Graw Hill Highter Education,2007:291—293.
[12]刘嘉勇.应用密码学[M].北京:清华大学出版社,2008:154—155.
[13]韩秋君,丁岳伟.Saa S模式下新型认证方案的设计与分析[J].计算机工程,2011,37(7):133—135.
[14]杨波,郑东,王育民.基于Rabin加密算法的密钥托管体制[J].西安电子科技大学学报,1999,26(2):214—216.
[15]SYVERSON P F,VAN ORSCHOT P C.On unified some cryptographic protocol logics[A].IEEE Computer Society Press,1994:16—18.
[16]SYVERSON P F,VAN ORSCHOT P C.A unified cryptographic protocollogics[R].NRL Publication 5540—227,Naval Research Lab,1996.
[17]陈丹伟,黄秀丽,孙国梓.基于SVO逻辑的云服务安全形式化分析[J].小型微型计算机系统,2010,31(12):2439—2441.
[18]周鹏.基于SVO逻辑的网络安全协议形式化分析[D].贵阳:贵州大学,2011.
[2]HALLER N M.The S/Key One-time Password System.Proceedings of the Internet Society Symposium on Network and Distributed System Security[C].San Diego,1995:151—157.
[3]杨绍禹,王世卿,郭晓峰.一种基于环签名的跨域云服务资源远程证明方法[J].小型微型计算机系统,2014,35(2):324—328.
[4]曹阳,洪岐,余冬梅.基于椭圆曲线密码体制的OTP身份认证方案[J].计算机与数学工程,2011,39(10):118—120.
[5]隆笑,王景成,赵广磊,等.基于哈希函数的正弦投影身份认证方案[J].计算机工程.012,38(9):126—130.
[6]HSIEH Wen-Bin,LEU Jenq-Shiou.A dynamic identity user authentication scheme in wireless sensor networks[J].IEEE,2013:1132—1137.
[7]MOUFTAH V M,Mouftah.Improved two-factor user authentication in wireless sensor networks.Wireless and Mobile Computing,Networking and Communications(Wi Mob)[J].IEEE,2010:600—606.
[8]张德育,徐莲.一种改进动态口令双向身份认证方案研究[J].沈阳理工大学学报,2013,32(5):23—26.
[9]周福才,高克宁,曹光辉,等.基于混沌理论的身份认证机制及其安全性分析[J].小型微型计算机系统,2003,24(12):2088—2091.
[10]蒋华,阮玲玲,王鑫.基于SHA-256消息认证的四次握手协议研究[J].微电子学与计算机,2014,31(8):155—158.
[11]BEHROUZ A.Cryptography and Network Security by Forouzan[M].Mc Graw Hill Highter Education,2007:291—293.
[12]刘嘉勇.应用密码学[M].北京:清华大学出版社,2008:154—155.
[13]韩秋君,丁岳伟.Saa S模式下新型认证方案的设计与分析[J].计算机工程,2011,37(7):133—135.
[14]杨波,郑东,王育民.基于Rabin加密算法的密钥托管体制[J].西安电子科技大学学报,1999,26(2):214—216.
[15]SYVERSON P F,VAN ORSCHOT P C.On unified some cryptographic protocol logics[A].IEEE Computer Society Press,1994:16—18.
[16]SYVERSON P F,VAN ORSCHOT P C.A unified cryptographic protocollogics[R].NRL Publication 5540—227,Naval Research Lab,1996.
[17]陈丹伟,黄秀丽,孙国梓.基于SVO逻辑的云服务安全形式化分析[J].小型微型计算机系统,2010,31(12):2439—2441.
[18]周鹏.基于SVO逻辑的网络安全协议形式化分析[D].贵阳:贵州大学,2011.