基于移动终端的可信身份认证方案

发布时间：2018-03-20 03:10

本文选题：隐式认证　切入点：多属性决策　出处：《西南科技大学》2017年硕士论文　论文类型：学位论文

【摘要】：随着移动互联网的发展,移动终端在日常生活中占有越来越重要的地位,同时随着软件即服务模型的盛行,越来越多的移动终端使用云服务完成相应的功能。在使用移动终端享受各种快捷便利的服务过程中,进行身份认证是一项很重要的工作,并且其也是网络安全的重要组成部分。但是当前移动终端主要采用的是单向静态口令,这种认证方式存在如网络窃听、中间人攻击、重放攻击、暴力破解等诸多威胁。同时当前移动终端很多应用为了减少用户登录次数,采取记住密码自动登录等功能,这可能导致非用户本人登录等风险。针对上述问题,本文设计了一种基于移动终端的可信身份认证方案,方案由隐式认证和显式认证组成。针对移动终端应用非法使用问题,本文根据用户的行为习惯具有稳定性的特点,提出了一种基于多属性决策的隐式身份认证算法。该算法通过收集用户的行为,将用户的行为数据进行规范化处理、构建用户正常行为矩阵、通过用户正常行为矩阵获取用户习惯向量、通过特征向量法获取属性权重并进行综合评价,最终得到用户行为的隐式身份认证模型。基于多属性决策的隐式认证方法是一种持续性的身份认证方法,其根据是用户在使用云服务的过程中用户行为会呈现稳定状态的特点,其在方案中的主要作用是对显式认证形成补充。同时针对当前移动终端单向静态口令认证存在的缺陷,本文还提出一种基于FIDO协议的双向动态口令认证方案,该方案包含一种高效的双向动态口令协议,该协议通过对称加密和非对称加密算法相结合,实现用户和云服务的双向认证。同时在移动终端设计一种令牌软件,将FIDO协议融入到令牌软件中,实现本地生物认证。最终方案整体通过显式认证与隐式认证相结合的方法,完成对移动终端用户和云服务的安全认证。
[Abstract]:With the development of mobile Internet, mobile terminals play a more and more important role in daily life, at the same time, with the popularity of software as a service model, More and more mobile terminals use cloud services to complete the corresponding functions. In the process of using mobile terminals to enjoy a variety of fast and convenient services, identity authentication is a very important work. And it is also an important part of network security. However, at present, the mobile terminal mainly uses one-way static password, this authentication method exists such as network eavesdropping, man-in-the-middle attack, replay attack, At the same time, in order to reduce the number of user logon times, many mobile terminal applications take functions such as automatic login by remembering passwords, which may lead to the risk of non-users logging in themselves. In view of the above problems, A scheme of trusted identity authentication based on mobile terminal is designed in this paper. The scheme consists of implicit authentication and explicit authentication. In this paper, an implicit identity authentication algorithm based on multi-attribute decision making is proposed. By collecting the user's behavior, the user's behavior data is normalized and the normal behavior matrix of the user is constructed. The user habit vector is obtained by the normal behavior matrix of the user, the attribute weight is obtained by the eigenvector method and the comprehensive evaluation is carried out. Finally, the implicit authentication model of user behavior is obtained. The implicit authentication method based on multi-attribute decision making is a continuous authentication method, which is based on the characteristics that the user behavior will be stable in the process of using cloud services. Its main role in the scheme is to supplement the explicit authentication. At the same time, in view of the shortcomings of the current mobile terminal one-way static password authentication, this paper also proposes a bidirectional dynamic password authentication scheme based on FIDO protocol. This scheme includes an efficient bidirectional dynamic password protocol, which combines symmetric encryption and asymmetric encryption algorithm to realize bidirectional authentication between users and cloud services. At the same time, a token software is designed at mobile terminal. The FIDO protocol is integrated into token software to realize local biometric authentication. Finally, the security authentication of mobile terminal users and cloud services is completed by combining explicit authentication with implicit authentication.
【学位授予单位】：西南科技大学
【学位级别】：硕士
【学位授予年份】：2017
【分类号】：TP393.08

【相似文献】