多种环境下身份认证协议的研究与设计

发布时间：2018-07-16 20:45

【摘要】：身份认证协议是确保参与者在开放的网络环境中实现安全通信的一种重要手段,是各类应用系统安全的第一道关口,对网络与信息系统安全具有举足轻重的作用。通过身份认证协议,可以防止非法人员进入系统,并防止非法人员通过违法操作获取不正当利益、访问受控信息、恶意破坏系统数据的完整性等。目前身份认证技术已经广泛应用于网络信息安全中的数据保护、银行网络管理以及各种各样信息系统的安全保护等研究领域。但是随着应用场景的不断扩展,特定的身份认证协议不可能对所有的应用场景都适用,需要针对不同的应用环境设计相应的身份认证协议。同时,身份认证的目的是在不可靠的通信环境下实现参与者的安全通信,由于网络环境的不可靠性,存在着多种多样的攻击方式,从而导致了分析与设计身份认证协议的复杂性。本文分析了身份认证协议的研究背景和发展现状,说明了身份认证协议的设计原则,并指出了身份认证协议需满足的安全需求和功能需求。本文围绕身份认证协议中存在的问题展开研究,分别研究了单服务器身份认证协议、多服务器身份认证协议、三因素远程身份认证协议以及无线与移动环境下的身份认证协议,得到了若干有意义的结论： 1.当前,大多数基于ElGamal密码体制的单服务器身份认证协议都不具有良好的用户友好性,如用户不能自由地选择和变更自己的口令。同时,这些协议都不能保护用户身份的匿名,且都不支持会话密钥协商。针对现有的基于ElGamal的单服务器认证协议存在的问题,本文综合考虑身份认证的安全需求和功能需求,设计了一个具有高安全特性的基于智能卡和ElGamal密码体制的单服务器身份认证协议,同时使其具有相对较低的计算复杂度。 2.研究了Lee等人提出的基于动态身份的多服务器认证协议。在本协议中,注册中心负责系统参数的选取,用户和服务器的注册,而不直接参与到用户的认证过程中。我们发现Lee等人的协议不能提供正确的认证,不能抵抗伪造攻击和服务器模仿攻击,且用户和注册中心必须建立安全的信道以完成用户口令的变更。为解决Lee等人协议存在的安全问题,我们提出一个新的基于动态身份的多服务器认证协议,本协议满足多服务器环境下身份认证协议的实际功能需求和安全需求。 3.研究了Sood等人提出的基于动态身份的多服务器认证协议,在该协议中,注册中心直接参与用户的认证过程。分析了Sood等人协议存在的安全性缺陷,指出Sood等人协议易遭受匹配泄露攻击、智能卡丢失攻击,且由于设计上的缺陷导致注册中心无法在认证的过程中获取用户真实的身份标识,从而无法进行正确的认证和密钥协商。在此基础上,提出了一个新的注册中心直接参与用户认证的基于动态身份的多服务器认证协议,该协议改进了Sood等人协议存在的安全问题,且仅用极小的计算复杂度增量换取了更高的安全性和更多的功能特性。 4.研究了基于口令、智能卡和Biometric的三因素身份认证协议。对我国台湾学者Li和Hwang提出的三因素远程身份认证协议进行研究,发现Li-Hwang的协议不能提供恰当的认证,不能抵抗中间人攻击,此外,Li-Hwang协议通过比较Biometric的Hash函数值来进行Biometric的验证,由于每次提取Biometric存在一定的扰动,而Hash函数对数据的扰动十分敏感,Li-Hwang协议的Biometric认证不能有效的执行。我们详细描述了这些问题,并针对Li-Hwang协议存在的这些安全缺陷,提出一个新的基于Biometric的三因素远程身份认证协议。 5.研究了移动漫游网络的匿名身份认证协议。当前多数的移动漫游网络身份认证协议都不能真正确保用户身份的匿名性。为确保移动网络安全认证和漫游,基于椭圆曲线离散对数问题(ECDLP)和椭圆曲线计算Diffie-Hellman问题(ECDHP),提出了一个新的移动漫游网络匿名认证协议。本协议能真正确保用户的匿名,且能确保会话密钥的公平性。同时,本协议保持了无缝接入无线网络认证和漫游的计算有效性 6.研究了RFID相互认证协议。基于Periaswamy等人提出的RFID标签电子指纹检测方法,提出了一个适用于EPC Class1Generation2被动标签的RFID相互认证协议,本协议能防止非法阅读器读取标签信息,能抵抗重放攻击、DoS攻击等恶意攻击。同时,本协议可通过电子指纹方法检测克隆标签。
[Abstract]:The identity authentication protocol is an important means to ensure the security communication of the participants in the open network environment. It is the first gateway to the security of all kinds of application systems. It plays an important role in the security of the network and information system. Through the authentication protocol, it can prevent non lawmakers from entering the system and prevent illegal personnel from violated by illegal personnel. Legal operation obtains illegitimate interests, accesses controlled information, and destroys the integrity of system data.
At present, identity authentication technology has been widely used in the field of data protection in network information security, bank network management and all kinds of information system security protection. However, with the continuous expansion of application scenarios, specific authentication protocols can not apply to all application scenarios, and need to be applied to different applications. The identity authentication protocol of the environment is designed accordingly. At the same time, the purpose of identity authentication is to realize the security communication of the participants in the unreliable communication environment. Because of the unreliability of the network environment, there are a variety of attacks, which results in the complexity of the analysis and design of the identity authentication protocol. The research background and development status indicate the design principles of the identity authentication protocol, and point out the security requirements and functional requirements that the identity authentication protocol needs to meet. This paper focuses on the problems existing in the identity authentication protocol, and studies the single server authentication protocol, the multi server identity authentication protocol and the three factors remotely. The authentication protocol and the authentication protocol in wireless and mobile environment have obtained some meaningful conclusions:
1. currently, most of the single server authentication protocols based on ElGamal cryptosystems do not have good user friendliness, such as the user cannot freely choose and change their password. At the same time, these protocols can not protect the identity of the user and do not support the session key negotiation. For the existing single service based on ElGamal. In this paper, a single server identity authentication protocol with high security features based on smart card and ElGamal cryptosystem is designed in this paper, which has a relatively low computational complexity.
2. research on the multi server authentication protocol based on dynamic identity proposed by Lee et al. In this protocol, the registry is responsible for the selection of system parameters, the registration of users and servers, and not directly involved in the user authentication process. We find that the protocol of Lee and others can not provide the correct authentication, and can not resist forged attacks and servers. In order to solve the security problems of Lee and others, we propose a new dynamic identity based multi server authentication protocol. This protocol satisfies the actual functional requirements and security needs of the identity authentication protocol under multi server environment. Ask.
3. study the multi server authentication protocol based on dynamic identity proposed by Sood et al. In this protocol, the registration center directly participates in the authentication process of the user. The security defects of the Sood et al. Are analyzed. It is pointed out that the Sood and other protocols are vulnerable to match leak attack, smart card loss attack, and the design defects lead to registration. The center can not obtain the true identity of the user in the process of authentication, and thus can not carry out the correct authentication and key negotiation. On this basis, a new registration center directly participates in the user authentication based dynamic identity based multi server authentication protocol. The protocol improves the security problems existing in the Sood et al. Higher security and more functional features are achieved with only minimal computation complexity increment.
4. the three factor authentication protocol based on password, smart card and Biometric is studied. The three factor remote identity authentication protocol proposed by Li and Hwang of Taiwan scholar in China is studied. It is found that the protocol of Li-Hwang can not provide the proper authentication and can not resist the middleman attack. In addition, the Li-Hwang protocol compares the Biometric's Hash function value. To verify the Biometric, the Hash function is very sensitive to the disturbance of the data, and the Biometric authentication of the Li-Hwang protocol is not effective. We describe these problems in detail, and propose a new Biometric based three for the Li-Hwang protocol's security defects. Factor remote identity authentication protocol.
5. the anonymous identity authentication protocol of mobile roaming network is studied. Most of the current mobile roaming network identity authentication protocols can not really ensure the anonymity of user identity. In order to ensure the security authentication and roaming of mobile network, the Diffie-Hellman problem (ECDHP) based on elliptic curve discrete logarithm problem (ECDLP) and elliptic curve calculation (ECDHP) is proposed. A new anonymous authentication protocol for mobile roaming networks. This protocol can truly ensure the anonymity of the user and ensure the fairness of the session key. At the same time, this protocol maintains the computational effectiveness of seamless access to wireless network authentication and roaming.
6. the mutual authentication protocol of RFID is studied. Based on the RFID tag electronic fingerprint detection method proposed by Periaswamy and others, a RFID mutual authentication protocol suitable for EPC Class1Generation2 passive tag is proposed. This protocol can prevent the illegal reader from reading the label information, resisting the replay attack, and the DoS attack and other malicious attacks. Cloned tags can be detected by electronic fingerprinting.
【学位授予单位】：北京邮电大学
【学位级别】：博士
【学位授予年份】：2012
【分类号】：TP393.08

【引证文献】