移动互联的多因素身份认证技术的研究
发布时间:2019-02-19 14:39
【摘要】:随着时代与技术的进步,互联网正在深刻改变信息时代的社会生活,人们在网上进行的活动越来越多。但凡事皆有利弊,网络的普遍让安全问题日益凸显,比如网络欺诈、病毒攻击、钓鱼网站等。身份认证作为第一道安全屏障,它在整个网络安全中扮演着必不可少的角色,是所有网络安全的基础。互联网的身份认证技术越来越受到人们的重视,人们也投入更多的研究到这个领域。首先,论文分析了已有S/Key系统的不足,指出其存在的安全威胁如小数攻击、客户端攻击等,然后对其在两个方面加以改进,改进一是在生成动态口令的算法中加入时间因素,解决了动态循环问题;改进二是客户端利用认证信息和用户登录时输入的密码,计算出上一次成功登录的动态口令,用这个口令与挑战信息中用户上一次成功登录时使用的动态口令作比较,完成对服务器的身份认证。之后提出了一个多因素身份认证方案,该方案的思想是基于改进后的S/Key和指纹识别的结合使得它们各自的优势得以发挥,克服了单一因素身份认证的不足。使用动态口令来验证服务器,利用指纹特征验证客户端的身份,有效避免了中间人攻击。其次,重点介绍了方案中的关键技术,方案利用SSL技术确保数据在网络上传输的安全性,利用对称加密和数字签名确保认证数据的完整性、保密性和不可否认性,把动态口令和指纹特征进行有机结合,用动态的口令去加密指纹特征值,有效解决了指纹特征在网络传输中的安全问题。然后对指纹图像处理过程中使用的算法进行了详细分析。指纹图像增强使用了Gabor滤波器,二值化过程使用了局部自适应阈值法,细化过程使用了快速并行细化算法,提取特征点使用的是8-邻域编码纹线跟踪算法,然后对指纹匹配的基于最短距离和基于四叉树这两种点匹配算法进行了比较与分析。最后,根据提出的方案设计了一个多因素身份认证系统,系统的重心在于对客户端和服务器端的各个模块的详细设计,然后使用Java技术加以实现,客户端用Applet实现,服务器端用Servlet实现,最后对系统进行了模拟测试,从运行测试结果和相关理论表明了本系统的可行性以及安全性。
[Abstract]:With the progress of the times and technology, the Internet is profoundly changing the social life of the information age, and more activities are carried out on the Internet. But there are pros and cons to everything, and the security issues are becoming increasingly prominent in the Internet, such as cyber fraud, virus attacks, phishing websites and so on. As the first security barrier, identity authentication plays an essential role in the whole network security and is the basis of all network security. People pay more and more attention to the identity authentication technology of Internet, and put more research into this field. Firstly, this paper analyzes the shortcomings of the existing S/Key system, points out the existing security threats such as decimal attacks, client-side attacks and so on, and then improves them in two aspects. The first one is to add time factor into the algorithm of generating dynamic password to solve the problem of dynamic cycle. The second improvement is that the client calculates the dynamic password of the last successful login by using the authentication information and the password entered when the user logs on, and compares this password with the dynamic password used by the user in the challenge information when he last successfully logged on. Complete the authentication of the server. Then a multi-factor authentication scheme is proposed. The idea of the scheme is based on the combination of improved S/Key and fingerprint identification to make their respective advantages play out and overcome the shortcomings of single factor identity authentication. The dynamic password is used to verify the server and the fingerprint feature is used to verify the identity of the client, which effectively avoids the man-in-the-middle attack. Secondly, the key technologies of the scheme are introduced. The scheme uses SSL technology to ensure the security of data transmission over the network, and uses symmetric encryption and digital signature to ensure the integrity, confidentiality and non-repudiation of the authentication data. The dynamic password and fingerprint feature are organically combined to encrypt the fingerprint eigenvalue with dynamic password, which effectively solves the security problem of fingerprint feature in network transmission. Then the algorithm used in fingerprint image processing is analyzed in detail. Gabor filter is used in fingerprint image enhancement, local adaptive threshold method is used in binary process, fast parallel thinning algorithm is used in thinning process, and 8-neighborhood coding line tracking algorithm is used to extract feature points. Then, two matching algorithms based on shortest distance and quadtree are compared and analyzed. Finally, a multi-factor identity authentication system is designed according to the proposed scheme. The focus of the system is the detailed design of each module of the client and server, and then it is realized by using Java technology, and the client is implemented by Applet. The server is implemented with Servlet. Finally, the system is simulated and tested. The feasibility and security of the system are demonstrated from the running test results and related theories.
【学位授予单位】:电子科技大学
【学位级别】:硕士
【学位授予年份】:2017
【分类号】:TP393.08
[Abstract]:With the progress of the times and technology, the Internet is profoundly changing the social life of the information age, and more activities are carried out on the Internet. But there are pros and cons to everything, and the security issues are becoming increasingly prominent in the Internet, such as cyber fraud, virus attacks, phishing websites and so on. As the first security barrier, identity authentication plays an essential role in the whole network security and is the basis of all network security. People pay more and more attention to the identity authentication technology of Internet, and put more research into this field. Firstly, this paper analyzes the shortcomings of the existing S/Key system, points out the existing security threats such as decimal attacks, client-side attacks and so on, and then improves them in two aspects. The first one is to add time factor into the algorithm of generating dynamic password to solve the problem of dynamic cycle. The second improvement is that the client calculates the dynamic password of the last successful login by using the authentication information and the password entered when the user logs on, and compares this password with the dynamic password used by the user in the challenge information when he last successfully logged on. Complete the authentication of the server. Then a multi-factor authentication scheme is proposed. The idea of the scheme is based on the combination of improved S/Key and fingerprint identification to make their respective advantages play out and overcome the shortcomings of single factor identity authentication. The dynamic password is used to verify the server and the fingerprint feature is used to verify the identity of the client, which effectively avoids the man-in-the-middle attack. Secondly, the key technologies of the scheme are introduced. The scheme uses SSL technology to ensure the security of data transmission over the network, and uses symmetric encryption and digital signature to ensure the integrity, confidentiality and non-repudiation of the authentication data. The dynamic password and fingerprint feature are organically combined to encrypt the fingerprint eigenvalue with dynamic password, which effectively solves the security problem of fingerprint feature in network transmission. Then the algorithm used in fingerprint image processing is analyzed in detail. Gabor filter is used in fingerprint image enhancement, local adaptive threshold method is used in binary process, fast parallel thinning algorithm is used in thinning process, and 8-neighborhood coding line tracking algorithm is used to extract feature points. Then, two matching algorithms based on shortest distance and quadtree are compared and analyzed. Finally, a multi-factor identity authentication system is designed according to the proposed scheme. The focus of the system is the detailed design of each module of the client and server, and then it is realized by using Java technology, and the client is implemented by Applet. The server is implemented with Servlet. Finally, the system is simulated and tested. The feasibility and security of the system are demonstrated from the running test results and related theories.
【学位授予单位】:电子科技大学
【学位级别】:硕士
【学位授予年份】:2017
【分类号】:TP393.08
【参考文献】
相关期刊论文 前10条
1 刘寿臣;;Kerberos网络认证系统的关键技术分析[J];电脑知识与技术;2016年16期
2 崔久强;徐祺;;移动互联网身份认证技术研究[J];信息安全与技术;2015年07期
3 赵鑫;;一种动态口令认证协议的研究与改进[J];通讯世界;2015年10期
4 张玉静;g窕,
本文编号:2426596
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2426596.html
