基于k-假名集合的用户匿名身份认证协议

发布时间：2018-04-03 04:18

本文选题：k-假名集合　切入点：匿名认证　出处：《西安电子科技大学》2014年硕士论文

【摘要】：互联网在给人们的生活带来便利的同时也引发了很多安全隐患,尤其是个人信息的泄露造成的不良影响十分广泛。因此,个人信息的保护日益引起人们的重视。在无线环境下的身份认证中,越来越多的用户为了保护自己的隐私信息,更倾向于匿名认证,以防攻击者获取用户的位置并得到更多的个人信息。为了解决利用共享密钥实现匿名认证的问题,我们提出了基于k-假名集合的匿名身份认证方案,主要做了以下工作:1.提出了基于共享密钥的k-假名集合匿名认证方案,用户在提出认证请求后,将包含自己真实身份标识的k-假名集合以及用真实用户密钥加密后的信息发送给认证服务器,认证服务器在最多遍历k个用户的共享密钥和验证其对应的加密信息后就能够完成对用户的认证。2.根据攻击者的能力定义了两类攻击模型,即Dolev-Yao模型和加强的Dolev-Yao模型。此外,我们还分别给出了在Dolev-Yao模型和加强的Dolev-Yao模型下两种k-假名集合的构造方法,并从安全性及性能等方面分析了两种方法的优势和不足。3.将所提方案同已有的基于共享密钥的无线匿名认证方案在安全性方面进行了比较,分别从匿名性、双向认证、前向保密性和后向保密性、抗别名去同步攻击、抵抗重放攻击、抵抗假冒攻击几个方面具体分析了方案的安全性,结果表明所提方案具有明显的优势。4.建立了测试床,实现了所提方案,并分别测试了k-假名集合中的用户数量k以及同时认证请求的用户数量对认证时间的影响。大量实验表明方案所需认证时间短,且认证时间随k值增加变化不大。同时,对方案进行了定量分析,结果表明它具有计算量小、所需存储空间小等特点。
[Abstract]:The Internet not only brings convenience to people's life, but also leads to a lot of security risks, especially the adverse effects caused by the leakage of personal information.Therefore, the protection of personal information has increasingly attracted people's attention.In wireless authentication, more and more users prefer anonymous authentication in order to protect their privacy information, so as to prevent attackers from obtaining user's location and getting more personal information.In order to solve the problem of anonymous authentication using shared keys, we propose an anonymous authentication scheme based on k- pseudonym set.This paper proposes an anonymous authentication scheme based on shared key set of k- pseudonyms. After requesting authentication, users send the set of k- pseudonyms containing their real identity and the information encrypted by real user keys to the authentication server.The authentication server can authenticate the user by traversing the shared key of up to k users and verifying their corresponding encryption information.According to the ability of attackers, two kinds of attack models are defined, namely, Dolev-Yao model and enhanced Dolev-Yao model.In addition, we also give two methods of constructing k- kana set under Dolev-Yao model and enhanced Dolev-Yao model, and analyze the advantages and disadvantages of the two methods from the aspects of security and performance.The proposed scheme is compared with the existing wireless anonymous authentication scheme based on shared key in terms of security, including anonymity, bidirectional authentication, forward and backward confidentiality, anti-aliases de-synchronization attack and anti-replay attack, respectively.The security of the scheme is analyzed in several aspects, and the results show that the proposed scheme has obvious advantages. 4.The test bed is established, the proposed scheme is implemented, and the effect of the number of users in the k- pseudonym set k and the number of users for the authentication request on the authentication time is tested respectively.A large number of experiments show that the authentication time is short and the authentication time varies little with the increase of k value.At the same time, the quantitative analysis of the scheme shows that it has the characteristics of less computation and less storage space.
【学位授予单位】：西安电子科技大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08

【参考文献】