【摘要】：隨著時(shí)代與技術(shù)的進(jìn)步,互聯(lián)網(wǎng)正在深刻改變信息時(shí)代的社會(huì)生活,人們?cè)诰W(wǎng)上進(jìn)行的活動(dòng)越來越多。但凡事皆有利弊,網(wǎng)絡(luò)的普遍讓安全問題日益凸顯,比如網(wǎng)絡(luò)欺詐、病毒攻擊、釣魚網(wǎng)站等。身份認(rèn)證作為第一道安全屏障,它在整個(gè)網(wǎng)絡(luò)安全中扮演著必不可少的角色,是所有網(wǎng)絡(luò)安全的基礎(chǔ)。互聯(lián)網(wǎng)的身份認(rèn)證技術(shù)越來越受到人們的重視,人們也投入更多的研究到這個(gè)領(lǐng)域。首先,論文分析了已有S/Key系統(tǒng)的不足,指出其存在的安全威脅如小數(shù)攻擊、客戶端攻擊等,然后對(duì)其在兩個(gè)方面加以改進(jìn),改進(jìn)一是在生成動(dòng)態(tài)口令的算法中加入時(shí)間因素,解決了動(dòng)態(tài)循環(huán)問題;改進(jìn)二是客戶端利用認(rèn)證信息和用戶登錄時(shí)輸入的密碼,計(jì)算出上一次成功登錄的動(dòng)態(tài)口令,用這個(gè)口令與挑戰(zhàn)信息中用戶上一次成功登錄時(shí)使用的動(dòng)態(tài)口令作比較,完成對(duì)服務(wù)器的身份認(rèn)證。之后提出了一個(gè)多因素身份認(rèn)證方案,該方案的思想是基于改進(jìn)后的S/Key和指紋識(shí)別的結(jié)合使得它們各自的優(yōu)勢(shì)得以發(fā)揮,克服了單一因素身份認(rèn)證的不足。使用動(dòng)態(tài)口令來驗(yàn)證服務(wù)器,利用指紋特征驗(yàn)證客戶端的身份,有效避免了中間人攻擊。其次,重點(diǎn)介紹了方案中的關(guān)鍵技術(shù),方案利用SSL技術(shù)確保數(shù)據(jù)在網(wǎng)絡(luò)上傳輸?shù)陌踩?利用對(duì)稱加密和數(shù)字簽名確保認(rèn)證數(shù)據(jù)的完整性、保密性和不可否認(rèn)性,把動(dòng)態(tài)口令和指紋特征進(jìn)行有機(jī)結(jié)合,用動(dòng)態(tài)的口令去加密指紋特征值,有效解決了指紋特征在網(wǎng)絡(luò)傳輸中的安全問題。然后對(duì)指紋圖像處理過程中使用的算法進(jìn)行了詳細(xì)分析。指紋圖像增強(qiáng)使用了Gabor濾波器,二值化過程使用了局部自適應(yīng)閾值法,細(xì)化過程使用了快速并行細(xì)化算法,提取特征點(diǎn)使用的是8-鄰域編碼紋線跟蹤算法,然后對(duì)指紋匹配的基于最短距離和基于四叉樹這兩種點(diǎn)匹配算法進(jìn)行了比較與分析。最后,根據(jù)提出的方案設(shè)計(jì)了一個(gè)多因素身份認(rèn)證系統(tǒng),系統(tǒng)的重心在于對(duì)客戶端和服務(wù)器端的各個(gè)模塊的詳細(xì)設(shè)計(jì),然后使用Java技術(shù)加以實(shí)現(xiàn),客戶端用Applet實(shí)現(xiàn),服務(wù)器端用Servlet實(shí)現(xiàn),最后對(duì)系統(tǒng)進(jìn)行了模擬測(cè)試,從運(yùn)行測(cè)試結(jié)果和相關(guān)理論表明了本系統(tǒng)的可行性以及安全性。
[Abstract]:With the progress of the times and technology, the Internet is profoundly changing the social life of the information age, and more activities are carried out on the Internet. But there are pros and cons to everything, and the security issues are becoming increasingly prominent in the Internet, such as cyber fraud, virus attacks, phishing websites and so on. As the first security barrier, identity authentication plays an essential role in the whole network security and is the basis of all network security. People pay more and more attention to the identity authentication technology of Internet, and put more research into this field. Firstly, this paper analyzes the shortcomings of the existing S/Key system, points out the existing security threats such as decimal attacks, client-side attacks and so on, and then improves them in two aspects. The first one is to add time factor into the algorithm of generating dynamic password to solve the problem of dynamic cycle. The second improvement is that the client calculates the dynamic password of the last successful login by using the authentication information and the password entered when the user logs on, and compares this password with the dynamic password used by the user in the challenge information when he last successfully logged on. Complete the authentication of the server. Then a multi-factor authentication scheme is proposed. The idea of the scheme is based on the combination of improved S/Key and fingerprint identification to make their respective advantages play out and overcome the shortcomings of single factor identity authentication. The dynamic password is used to verify the server and the fingerprint feature is used to verify the identity of the client, which effectively avoids the man-in-the-middle attack. Secondly, the key technologies of the scheme are introduced. The scheme uses SSL technology to ensure the security of data transmission over the network, and uses symmetric encryption and digital signature to ensure the integrity, confidentiality and non-repudiation of the authentication data. The dynamic password and fingerprint feature are organically combined to encrypt the fingerprint eigenvalue with dynamic password, which effectively solves the security problem of fingerprint feature in network transmission. Then the algorithm used in fingerprint image processing is analyzed in detail. Gabor filter is used in fingerprint image enhancement, local adaptive threshold method is used in binary process, fast parallel thinning algorithm is used in thinning process, and 8-neighborhood coding line tracking algorithm is used to extract feature points. Then, two matching algorithms based on shortest distance and quadtree are compared and analyzed. Finally, a multi-factor identity authentication system is designed according to the proposed scheme. The focus of the system is the detailed design of each module of the client and server, and then it is realized by using Java technology, and the client is implemented by Applet. The server is implemented with Servlet. Finally, the system is simulated and tested. The feasibility and security of the system are demonstrated from the running test results and related theories.
【學(xué)位授予單位】：電子科技大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2017
【分類號(hào)】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前10條

1 劉壽臣;;Kerberos網(wǎng)絡(luò)認(rèn)證系統(tǒng)的關(guān)鍵技術(shù)分析[J];電腦知識(shí)與技術(shù);2016年16期

2 崔久強(qiáng);徐祺;;移動(dòng)互聯(lián)網(wǎng)身份認(rèn)證技術(shù)研究[J];信息安全與技術(shù);2015年07期

3 趙鑫;;一種動(dòng)態(tài)口令認(rèn)證協(xié)議的研究與改進(jìn)[J];通訊世界;2015年10期

4 張玉靜;g窕，

本文編號(hào)：2426596