资源受限环境安全身份认证方案研究
发布时间:2019-06-12 01:32
【摘要】:作为保障信息安全的重要机制,身份认证技术能有效鉴别通信参与者的真实身份,是实现信息系统机密性和完整性的重要手段。然而,在不同的应用环境中,参与身份认证过程的通信实体不尽相同,实体之间的认证关系也不相同,并最终导致产生不同的安全和效率需求。资源受限环境作为身份认证方案的典型应用场景,在参与通信的实体中存在特定资源或能力受限的自然约束,身份认证方案的安全需求和执行效率之间的矛盾关系显得尤为突出。本文的研究工作围绕资源受限环境安全身份认证方案展开,主要的研究内容和成果包括以下几个方面:(1)针对现有资源受限环境安全身份认证方案中存在的隐私保护缺陷,分别提出三种基于不同安全要素的匿名身份认证方案。首先,提出一种基于智能卡的全球移动网络匿名身份认证方案(SCBASUA-GMN)。方案的安全性分析和AVISPA仿真实验结果表明,SCBASUA-GMN方案提供用户匿名性以保护用户隐私,并且可以抵抗重放攻击、假冒攻击、离线口令猜测攻击以及平行会话攻击等多种攻击。此外,SCBASUA-GMN方案还具备相互认证、前向安全性、密钥协商公平性以及用户友好性等功能。其次,针对无线传感器网络应用环境,提出一种基于生物特征的匿名身份认证方案(BBASUA-WSN)。通过AVISPA仿真实验验证了BBASUA-WSN方案达到了预定的安全目标,安全性分析结果表明方案实现了用户匿名性并可以抵抗包括中间人攻击、传感器节点捕获攻击等主动和被动攻击。与此同时,BBASUA-WSN方案也支持相互认证和密钥协商公平性。最后,提出一种基于动态身份的全球移动网络匿名身份认证方案(DIDBASUA-GMN),实现了用户匿名性和数据抗链接性,为移动用户在漫游过程中提供更进一步的隐私保护。安全性分析表明,DIDBASUA-GMN方案可以抵抗包括侧信道攻击、智能卡丢失攻击等在内的多种攻击。(2)针对现有资源受限环境安全身份认证方案中存在的执行效率缺陷,分别提出两种安全轻量级身份认证方案。一方面,针对全球移动网络应用环境,提出一种轻量级高效身份认证方案(LEAS-GMN)。为了更好地适应资源受限应用约束,LEAS-GMN方案只采用了计算开销小的单向哈希函数和异或运算。与同类方案的性能和计算开销对比结果表明,LEAS-GMN方案所需的CPU周期和执行时间是最少的,在执行效率方面要优于同类方案。而且安全性分析验证了LEAS-GMN方案可以抵抗伪装攻击、已知会话密钥攻击等多种攻击,在提高执行效率的同时也满足预定的安全需求和目标。另一方面,针对无线传感器网络应用环境,提出一种轻量级高效身份认证方案(LEAS-WSN)。LEAS-WSN方案在认证过程中只涉及对称加密和哈希函数,与同类方案的性能和能耗对比结果表明,LEAS-WSN方案所需的计算开销和传输的消息数量都是最少的;随之产生的密码运算和通信能耗也最少,适用于资源受限的WSN环境。而且,安全性分析和BAN逻辑证明结果表明LEAS-WSN方案达到了预期的安全目标,并可以抵抗网关节点旁路攻击、中间人攻击等多种主动和被动攻击。(3)针对相同应用环境中多个身份认证方案安全性评估问题,提出一种基于模糊数直觉模糊集的多属性评估方法。首先扩展定义了模糊数直觉模糊Hamacher加权几何算子、模糊数直觉模糊Hamacher有序加权几何算子以及模糊数直觉模糊Hamacher混合几何算子。其次,提出一种基于模糊数直觉模糊Hamacher混合几何算子的多属性评估方法。最后,通过身份认证方案安全性评估实例验证了方法的有效性。
[Abstract]:As an important mechanism to guarantee the information security, the identity authentication technology can effectively identify the real identity of the communication participants, and is an important means to realize the confidentiality and integrity of the information system. However, in different application environments, the communication entities involved in the identity authentication process are different, and the authentication relationship between the entities is not the same, and ultimately results in different security and efficiency requirements. As a typical application scenario of the identity authentication scheme, the resource-limited environment is a natural constraint with limited resources or capacity limitation in the entity participating in the communication, and the contradiction between the security requirements and the execution efficiency of the identity authentication scheme is particularly prominent. The research work of this paper is carried out around the resource limited environment security identity authentication scheme, and the main research contents and achievements include the following aspects: (1) the privacy protection defect existing in the security identity authentication scheme for the existing resource limited environment, Three anonymous identity authentication schemes based on different security elements are proposed. First, a global mobile network anonymous identity authentication scheme based on smart card is proposed (SCBASUA-GMN). The protocol security analysis and the AVISPA simulation experiment result show that the SCBASUA-GMN scheme provides user anonymity to protect the user's privacy, and can resist various attacks such as replay attack, impersonation attack, off-line password guessing attack, and parallel session attack. In addition, that SCBASUA-GMN scheme also has the functions of mutual authentication, forward security, fairness of key negotiation and user-friendliness. Secondly, an anonymous identity authentication scheme based on biological characteristics (BBASSUA-WSN) is proposed for wireless sensor network application environment. The results of the AVISPA simulation show that the BBASSUA-WSN scheme has reached the pre-determined safety target, and the security analysis result shows that the scheme realizes the user anonymity and can resist the active and passive attacks including the man-in-the-the-middle attack, the sensor node capture attack, and the like. At the same time, the BBASSUA-WSN scheme also supports mutual authentication and key negotiation fairness. Finally, a global mobile network anonymous identity authentication scheme (DIDBASUA-GMN) based on dynamic identity is proposed, and the anonymity and data link property of the user are realized, and further privacy protection is provided for the mobile user during the roaming process. The security analysis shows that the DIDBASUA-GMN scheme can resist a variety of attacks, including side-channel attacks, smart card loss attacks, and the like. (2) Two types of security and light-weight authentication schemes are proposed for the implementation efficiency defects existing in the security identity authentication scheme of the existing resource-limited environment. On the one hand, aiming at the global mobile network application environment, a lightweight and high-efficiency identity authentication scheme (LEAS-GMN) is proposed. In ord to better meet that constraint of resource-constrained application, the LEAS-GMN scheme use only one-way hash function and exclusive-OR operation with small computational overhead. The comparison of the performance and computational overhead of the similar scheme shows that the CPU cycle and execution time required for the LEAS-GMN scheme are the least, and the implementation efficiency is superior to the similar scheme. And the security analysis verifies that the LEAS-GMN scheme can resist various attacks such as a masquerading attack, a known session key attack and the like, and also meets the predetermined safety requirements and targets while improving the execution efficiency. on the other hand, aiming at the network application environment of the wireless sensor, a lightweight and high-efficiency identity authentication scheme (LEAS-WSN) is proposed. The LEAS-WSN scheme only relates to the symmetric encryption and the hash function in the authentication process, and the comparison results with the performance and energy consumption of the similar scheme show that, The required computational overhead and the number of messages to be transmitted in the LEAS-WSN scheme are the least; the resulting cryptographic operations and communication power consumption are also minimized, and are applicable to a resource-limited WSN environment. Moreover, the security analysis and the BAN logic prove that the LEAS-WSN scheme achieves the expected safety target, and can resist various active and passive attacks such as the gateway node bypass attack, the man-in-the-the-the-the-the-the-the-the-the-the-the-the-the-the-the-middle attack. (3) Aiming at the security assessment of multiple identity authentication schemes in the same application environment, a multi-attribute evaluation method based on fuzzy number intuitionistic fuzzy sets is proposed. First, the fuzzy number intuitionistic fuzzy Hamacher weight geometric operator, the fuzzy number intuitionistic fuzzy Hamacher ordered weighted geometric operator and the fuzzy number intuitionistic fuzzy Hamacher hybrid geometric operator are extended. Secondly, a multi-attribute evaluation method based on fuzzy number intuitionistic fuzzy Hamacher hybrid geometric operator is proposed. Finally, the effectiveness of the method is verified through the security assessment example of the identity authentication scheme.
【学位授予单位】:太原理工大学
【学位级别】:博士
【学位授予年份】:2016
【分类号】:TP309
本文编号:2497617
[Abstract]:As an important mechanism to guarantee the information security, the identity authentication technology can effectively identify the real identity of the communication participants, and is an important means to realize the confidentiality and integrity of the information system. However, in different application environments, the communication entities involved in the identity authentication process are different, and the authentication relationship between the entities is not the same, and ultimately results in different security and efficiency requirements. As a typical application scenario of the identity authentication scheme, the resource-limited environment is a natural constraint with limited resources or capacity limitation in the entity participating in the communication, and the contradiction between the security requirements and the execution efficiency of the identity authentication scheme is particularly prominent. The research work of this paper is carried out around the resource limited environment security identity authentication scheme, and the main research contents and achievements include the following aspects: (1) the privacy protection defect existing in the security identity authentication scheme for the existing resource limited environment, Three anonymous identity authentication schemes based on different security elements are proposed. First, a global mobile network anonymous identity authentication scheme based on smart card is proposed (SCBASUA-GMN). The protocol security analysis and the AVISPA simulation experiment result show that the SCBASUA-GMN scheme provides user anonymity to protect the user's privacy, and can resist various attacks such as replay attack, impersonation attack, off-line password guessing attack, and parallel session attack. In addition, that SCBASUA-GMN scheme also has the functions of mutual authentication, forward security, fairness of key negotiation and user-friendliness. Secondly, an anonymous identity authentication scheme based on biological characteristics (BBASSUA-WSN) is proposed for wireless sensor network application environment. The results of the AVISPA simulation show that the BBASSUA-WSN scheme has reached the pre-determined safety target, and the security analysis result shows that the scheme realizes the user anonymity and can resist the active and passive attacks including the man-in-the-the-middle attack, the sensor node capture attack, and the like. At the same time, the BBASSUA-WSN scheme also supports mutual authentication and key negotiation fairness. Finally, a global mobile network anonymous identity authentication scheme (DIDBASUA-GMN) based on dynamic identity is proposed, and the anonymity and data link property of the user are realized, and further privacy protection is provided for the mobile user during the roaming process. The security analysis shows that the DIDBASUA-GMN scheme can resist a variety of attacks, including side-channel attacks, smart card loss attacks, and the like. (2) Two types of security and light-weight authentication schemes are proposed for the implementation efficiency defects existing in the security identity authentication scheme of the existing resource-limited environment. On the one hand, aiming at the global mobile network application environment, a lightweight and high-efficiency identity authentication scheme (LEAS-GMN) is proposed. In ord to better meet that constraint of resource-constrained application, the LEAS-GMN scheme use only one-way hash function and exclusive-OR operation with small computational overhead. The comparison of the performance and computational overhead of the similar scheme shows that the CPU cycle and execution time required for the LEAS-GMN scheme are the least, and the implementation efficiency is superior to the similar scheme. And the security analysis verifies that the LEAS-GMN scheme can resist various attacks such as a masquerading attack, a known session key attack and the like, and also meets the predetermined safety requirements and targets while improving the execution efficiency. on the other hand, aiming at the network application environment of the wireless sensor, a lightweight and high-efficiency identity authentication scheme (LEAS-WSN) is proposed. The LEAS-WSN scheme only relates to the symmetric encryption and the hash function in the authentication process, and the comparison results with the performance and energy consumption of the similar scheme show that, The required computational overhead and the number of messages to be transmitted in the LEAS-WSN scheme are the least; the resulting cryptographic operations and communication power consumption are also minimized, and are applicable to a resource-limited WSN environment. Moreover, the security analysis and the BAN logic prove that the LEAS-WSN scheme achieves the expected safety target, and can resist various active and passive attacks such as the gateway node bypass attack, the man-in-the-the-the-the-the-the-the-the-the-the-the-the-the-the-the-middle attack. (3) Aiming at the security assessment of multiple identity authentication schemes in the same application environment, a multi-attribute evaluation method based on fuzzy number intuitionistic fuzzy sets is proposed. First, the fuzzy number intuitionistic fuzzy Hamacher weight geometric operator, the fuzzy number intuitionistic fuzzy Hamacher ordered weighted geometric operator and the fuzzy number intuitionistic fuzzy Hamacher hybrid geometric operator are extended. Secondly, a multi-attribute evaluation method based on fuzzy number intuitionistic fuzzy Hamacher hybrid geometric operator is proposed. Finally, the effectiveness of the method is verified through the security assessment example of the identity authentication scheme.
【学位授予单位】:太原理工大学
【学位级别】:博士
【学位授予年份】:2016
【分类号】:TP309
【相似文献】
相关期刊论文 前10条
1 葛丽娜,钟诚,石润华;基于椭圆曲线密码体制的网上考试系统身份认证方案[J];中国远程教育;2003年17期
2 葛丽娜,钟诚,石润华;网上考试系统的一种身份认证方案[J];微机发展;2003年09期
3 李定川;;统计局网上直报的身份认证方案[J];互联网天地;2004年02期
4 曾文杰,周南润,曾贵华;基于隐形传态的跨中心量子身份认证方案[J];光电子·激光;2005年01期
5 朱江宁;;一种安全的面向群体的身份认证方案[J];辽东学院学报;2006年02期
6 王承鑫;;“网上审批”系统身份认证方案设计[J];科技资讯;2006年23期
7 王承鑫;;“网上审批”系统身份认证方案设计[J];科技资讯;2007年05期
8 桑林琼;王玉柱;;具有零知识特性的身份认证方案设计及分析[J];重庆科技学院学报(自然科学版);2008年04期
9 杨建平;;具有零知识特性的身份认证方案的设计及分析[J];内蒙古农业大学学报(自然科学版);2010年03期
10 刘婷婷;王文彬;;云计算中基于公平的安全判定相等协议的身份认证方案[J];国防科技大学学报;2013年05期
相关会议论文 前5条
1 张庆南;黄昊;邓雷升;;一种生物特征与公钥密码相结合的多层次身份认证方案[A];第十一届保密通信与信息安全现状研讨会论文集[C];2009年
2 陈爱群;叶震;高柯俊;郑利平;姚传茂;;一种基于椭圆曲线数字签名的身份认证方案[A];全国第十五届计算机科学与技术应用学术会议论文集[C];2003年
3 高作佳;;一种使用智能卡的身份认证方案[A];2006北京地区高校研究生学术交流会——通信与信息技术会议论文集(下)[C];2006年
4 李艳平;苏万力;王育民;;基于ID的身份认证方案的安全性分析和改进[A];中国电子学会第十五届信息论学术年会暨第一届全国网络编码学术年会论文集(上册)[C];2008年
5 黄海;蔺大正;周剑蓉;;基于一般接入结构的共享验证的身份认证方案[A];2005通信理论与技术新进展——第十届全国青年通信学术会议论文集[C];2005年
相关重要报纸文章 前1条
1 本报评论员 周飙;网络社区的开放潮流[N];21世纪经济报道;2008年
相关博士学位论文 前1条
1 王颖;资源受限环境安全身份认证方案研究[D];太原理工大学;2016年
相关硕士学位论文 前10条
1 曹征;无线传感器网络节点认证协议研究[D];西南交通大学;2015年
2 殷瑛;机会网络身份认证方案研究[D];南京邮电大学;2015年
3 文生印;WLAN系统中身份认证的研究[D];南京邮电大学;2015年
4 凡思琼;基于智能卡的身份认证方案的研究[D];上海交通大学;2015年
5 林浩;基于生物特征的远程身份认证方案的研究[D];济南大学;2016年
6 陈平;基于一次性密钥的图像口令身份认证方案研究与设计[D];兰州大学;2008年
7 黄家斌;基于生物特征的身份认证方案[D];上海交通大学;2013年
8 徐雯丽;云计算环境下的身份认证研究[D];南京邮电大学;2013年
9 邓婕;身份认证方案的研究与设计[D];四川师范大学;2007年
10 杨秀青;远程用户身份认证方案研究[D];华东交通大学;2009年
,本文编号:2497617
本文链接:https://www.wllwen.com/shoufeilunwen/xxkjbs/2497617.html
