电子标签系统身份认证及访问控制研究

发布时间：2018-11-19 13:17

【摘要】：电子标签系统中的手持终端采集电子标签的信息并上传到服务器的环节中,大量的非法移动终端可以非法入侵并可以向服务器上传恶意代码、病毒等信息。最终造成服务器信息被泄露、破坏、服务器被非法访问、信息被窃听、遭病毒攻击等问题,这些问题正威胁着电子标签系统在应用过程的信息安全。本文在参与了电子标签系统应用的开发项目,对电子标签系统有较为深入了解的基础上,结合现有的终端认证技术及双线性对、秘密共享等基础知识,在终端与服务器的认证过程中提出了一种新的门限认证方案,并将基于属性加密的方法应用到对服务器的访问控制模型中,提高了整个电子标签应用项目的安全性。其主要研究内容如下:研究了电子标签系统的主要架构和当前国内外手持智能终端与服务器认证的研究现状,同时论述了当前手持智能移动终端与服务器认证的缺陷与不足。提出了一种新的认证方案,其认证方案增加了抗单点失效的安全性功能。认证方案中主要采用了双线性对、秘密共享方法实现了门限认证,有效地解决了认证过程中在单个服务器受攻击后出现的伪认证问题。将基于属性的加密应用到访问控制中,得到了一种访问控制模型。在该模型中,数据所有者可以通过门限属性给访问者分配访问权限,使权限不同的访问者查看到的信息资源不同。在服务器中的数据采用加密方式存储,从而提高了数据在访问中的安全性。在以上研究基础上,采用Eclipse等开发工具,结合基于双线性对的密码开发库PBC,在Android开发平台上研制了面向机务维修工具管理的电子标签应用系统,分别开发了该系统的终端软件和服务器软件。该系统能通过电子标签对机务维修工具进行入库、借出、报废、归还、维修等日常功能的管理,同时该系统在终端与服务器认证中能抵御单点失效攻击,也通过基于属性加密访问控制模型设置级别不同的访问者的访问权限。最后,通过对该系统的日常功能、安全性功能的测试,从测试结果论证了该系统的有效性、实用性和安全性。
[Abstract]:The handheld terminal in the electronic label system collects the information of the electronic tag and uploads it to the server. A large number of illegal mobile terminals can illegally invade and upload malicious code, virus and other information to the server. Finally, the information of the server is leaked, destroyed, the server is accessed illegally, the information is eavesdropped and attacked by virus. These problems are threatening the information security of the electronic tag system in the application process. On the basis of participating in the development project of tag system application and having a better understanding of the tag system, this paper combines the existing terminal authentication technology, bilinear pair, secret sharing and other basic knowledge. A new threshold authentication scheme is proposed in the authentication process of terminal and server, and the method based on attribute encryption is applied to the access control model of the server, which improves the security of the whole electronic tag application project. The main contents of this paper are as follows: the main architecture of tag system and the current research status of handheld intelligent terminal and server authentication at home and abroad are studied. At the same time, the defects and shortcomings of authentication of handheld intelligent mobile terminal and server are discussed. In this paper, a new authentication scheme is proposed, which increases the security function against single point failure. In the authentication scheme, bilinear pairs are mainly used, and the secret sharing method realizes threshold authentication, which effectively solves the problem of pseudo-authentication after a single server is attacked in the authentication process. An access control model is obtained by applying attribute-based encryption to access control. In this model, the data owner can assign access rights to the visitors through the threshold attribute, which makes the visitors with different permissions view different information resources. The data stored in the server is encrypted, which improves the security of data access. On the basis of the above research, using Eclipse and other development tools, combining with PBC, a cryptographic development library based on bilinear pairings, an electronic tag application system for engine maintenance tool management is developed on the Android development platform. The terminal software and server software are developed respectively. The system can manage the daily functions such as storage, loan, scrap, return, maintenance and so on through the electronic label. At the same time, the system can resist single point failure attack in the authentication of terminal and server. The access rights of visitors at different levels are also set by the attribute-based encryption access control model. Finally, the validity, practicability and security of the system are proved by testing the daily function and security function of the system.
【学位授予单位】：重庆理工大学
【学位级别】：硕士
【学位授予年份】：2017
【分类号】：TP311.52;TP309

【参考文献】