【摘要】：作為保障信息安全的重要機(jī)制,身份認(rèn)證技術(shù)能有效鑒別通信參與者的真實(shí)身份,是實(shí)現(xiàn)信息系統(tǒng)機(jī)密性和完整性的重要手段。然而,在不同的應(yīng)用環(huán)境中,參與身份認(rèn)證過程的通信實(shí)體不盡相同,實(shí)體之間的認(rèn)證關(guān)系也不相同,并最終導(dǎo)致產(chǎn)生不同的安全和效率需求。資源受限環(huán)境作為身份認(rèn)證方案的典型應(yīng)用場景,在參與通信的實(shí)體中存在特定資源或能力受限的自然約束,身份認(rèn)證方案的安全需求和執(zhí)行效率之間的矛盾關(guān)系顯得尤為突出。本文的研究工作圍繞資源受限環(huán)境安全身份認(rèn)證方案展開,主要的研究內(nèi)容和成果包括以下幾個(gè)方面:(1)針對現(xiàn)有資源受限環(huán)境安全身份認(rèn)證方案中存在的隱私保護(hù)缺陷,分別提出三種基于不同安全要素的匿名身份認(rèn)證方案。首先,提出一種基于智能卡的全球移動網(wǎng)絡(luò)匿名身份認(rèn)證方案(SCBASUA-GMN)。方案的安全性分析和AVISPA仿真實(shí)驗(yàn)結(jié)果表明,SCBASUA-GMN方案提供用戶匿名性以保護(hù)用戶隱私,并且可以抵抗重放攻擊、假冒攻擊、離線口令猜測攻擊以及平行會話攻擊等多種攻擊。此外,SCBASUA-GMN方案還具備相互認(rèn)證、前向安全性、密鑰協(xié)商公平性以及用戶友好性等功能。其次,針對無線傳感器網(wǎng)絡(luò)應(yīng)用環(huán)境,提出一種基于生物特征的匿名身份認(rèn)證方案(BBASUA-WSN)。通過AVISPA仿真實(shí)驗(yàn)驗(yàn)證了BBASUA-WSN方案達(dá)到了預(yù)定的安全目標(biāo),安全性分析結(jié)果表明方案實(shí)現(xiàn)了用戶匿名性并可以抵抗包括中間人攻擊、傳感器節(jié)點(diǎn)捕獲攻擊等主動和被動攻擊。與此同時(shí),BBASUA-WSN方案也支持相互認(rèn)證和密鑰協(xié)商公平性。最后,提出一種基于動態(tài)身份的全球移動網(wǎng)絡(luò)匿名身份認(rèn)證方案(DIDBASUA-GMN),實(shí)現(xiàn)了用戶匿名性和數(shù)據(jù)抗鏈接性,為移動用戶在漫游過程中提供更進(jìn)一步的隱私保護(hù)。安全性分析表明,DIDBASUA-GMN方案可以抵抗包括側(cè)信道攻擊、智能卡丟失攻擊等在內(nèi)的多種攻擊。(2)針對現(xiàn)有資源受限環(huán)境安全身份認(rèn)證方案中存在的執(zhí)行效率缺陷,分別提出兩種安全輕量級身份認(rèn)證方案。一方面,針對全球移動網(wǎng)絡(luò)應(yīng)用環(huán)境,提出一種輕量級高效身份認(rèn)證方案(LEAS-GMN)。為了更好地適應(yīng)資源受限應(yīng)用約束,LEAS-GMN方案只采用了計(jì)算開銷小的單向哈希函數(shù)和異或運(yùn)算。與同類方案的性能和計(jì)算開銷對比結(jié)果表明,LEAS-GMN方案所需的CPU周期和執(zhí)行時(shí)間是最少的,在執(zhí)行效率方面要優(yōu)于同類方案。而且安全性分析驗(yàn)證了LEAS-GMN方案可以抵抗偽裝攻擊、已知會話密鑰攻擊等多種攻擊,在提高執(zhí)行效率的同時(shí)也滿足預(yù)定的安全需求和目標(biāo)。另一方面,針對無線傳感器網(wǎng)絡(luò)應(yīng)用環(huán)境,提出一種輕量級高效身份認(rèn)證方案(LEAS-WSN)。LEAS-WSN方案在認(rèn)證過程中只涉及對稱加密和哈希函數(shù),與同類方案的性能和能耗對比結(jié)果表明,LEAS-WSN方案所需的計(jì)算開銷和傳輸?shù)南?shù)量都是最少的;隨之產(chǎn)生的密碼運(yùn)算和通信能耗也最少,適用于資源受限的WSN環(huán)境。而且,安全性分析和BAN邏輯證明結(jié)果表明LEAS-WSN方案達(dá)到了預(yù)期的安全目標(biāo),并可以抵抗網(wǎng)關(guān)節(jié)點(diǎn)旁路攻擊、中間人攻擊等多種主動和被動攻擊。(3)針對相同應(yīng)用環(huán)境中多個(gè)身份認(rèn)證方案安全性評估問題,提出一種基于模糊數(shù)直覺模糊集的多屬性評估方法。首先擴(kuò)展定義了模糊數(shù)直覺模糊Hamacher加權(quán)幾何算子、模糊數(shù)直覺模糊Hamacher有序加權(quán)幾何算子以及模糊數(shù)直覺模糊Hamacher混合幾何算子。其次,提出一種基于模糊數(shù)直覺模糊Hamacher混合幾何算子的多屬性評估方法。最后,通過身份認(rèn)證方案安全性評估實(shí)例驗(yàn)證了方法的有效性。
[Abstract]:As an important mechanism to guarantee the information security, the identity authentication technology can effectively identify the real identity of the communication participants, and is an important means to realize the confidentiality and integrity of the information system. However, in different application environments, the communication entities involved in the identity authentication process are different, and the authentication relationship between the entities is not the same, and ultimately results in different security and efficiency requirements. As a typical application scenario of the identity authentication scheme, the resource-limited environment is a natural constraint with limited resources or capacity limitation in the entity participating in the communication, and the contradiction between the security requirements and the execution efficiency of the identity authentication scheme is particularly prominent. The research work of this paper is carried out around the resource limited environment security identity authentication scheme, and the main research contents and achievements include the following aspects: (1) the privacy protection defect existing in the security identity authentication scheme for the existing resource limited environment, Three anonymous identity authentication schemes based on different security elements are proposed. First, a global mobile network anonymous identity authentication scheme based on smart card is proposed (SCBASUA-GMN). The protocol security analysis and the AVISPA simulation experiment result show that the SCBASUA-GMN scheme provides user anonymity to protect the user's privacy, and can resist various attacks such as replay attack, impersonation attack, off-line password guessing attack, and parallel session attack. In addition, that SCBASUA-GMN scheme also has the functions of mutual authentication, forward security, fairness of key negotiation and user-friendliness. Secondly, an anonymous identity authentication scheme based on biological characteristics (BBASSUA-WSN) is proposed for wireless sensor network application environment. The results of the AVISPA simulation show that the BBASSUA-WSN scheme has reached the pre-determined safety target, and the security analysis result shows that the scheme realizes the user anonymity and can resist the active and passive attacks including the man-in-the-the-middle attack, the sensor node capture attack, and the like. At the same time, the BBASSUA-WSN scheme also supports mutual authentication and key negotiation fairness. Finally, a global mobile network anonymous identity authentication scheme (DIDBASUA-GMN) based on dynamic identity is proposed, and the anonymity and data link property of the user are realized, and further privacy protection is provided for the mobile user during the roaming process. The security analysis shows that the DIDBASUA-GMN scheme can resist a variety of attacks, including side-channel attacks, smart card loss attacks, and the like. (2) Two types of security and light-weight authentication schemes are proposed for the implementation efficiency defects existing in the security identity authentication scheme of the existing resource-limited environment. On the one hand, aiming at the global mobile network application environment, a lightweight and high-efficiency identity authentication scheme (LEAS-GMN) is proposed. In ord to better meet that constraint of resource-constrained application, the LEAS-GMN scheme use only one-way hash function and exclusive-OR operation with small computational overhead. The comparison of the performance and computational overhead of the similar scheme shows that the CPU cycle and execution time required for the LEAS-GMN scheme are the least, and the implementation efficiency is superior to the similar scheme. And the security analysis verifies that the LEAS-GMN scheme can resist various attacks such as a masquerading attack, a known session key attack and the like, and also meets the predetermined safety requirements and targets while improving the execution efficiency. on the other hand, aiming at the network application environment of the wireless sensor, a lightweight and high-efficiency identity authentication scheme (LEAS-WSN) is proposed. The LEAS-WSN scheme only relates to the symmetric encryption and the hash function in the authentication process, and the comparison results with the performance and energy consumption of the similar scheme show that, The required computational overhead and the number of messages to be transmitted in the LEAS-WSN scheme are the least; the resulting cryptographic operations and communication power consumption are also minimized, and are applicable to a resource-limited WSN environment. Moreover, the security analysis and the BAN logic prove that the LEAS-WSN scheme achieves the expected safety target, and can resist various active and passive attacks such as the gateway node bypass attack, the man-in-the-the-the-the-the-the-the-the-the-the-the-the-the-the-the-middle attack. (3) Aiming at the security assessment of multiple identity authentication schemes in the same application environment, a multi-attribute evaluation method based on fuzzy number intuitionistic fuzzy sets is proposed. First, the fuzzy number intuitionistic fuzzy Hamacher weight geometric operator, the fuzzy number intuitionistic fuzzy Hamacher ordered weighted geometric operator and the fuzzy number intuitionistic fuzzy Hamacher hybrid geometric operator are extended. Secondly, a multi-attribute evaluation method based on fuzzy number intuitionistic fuzzy Hamacher hybrid geometric operator is proposed. Finally, the effectiveness of the method is verified through the security assessment example of the identity authentication scheme.
【學(xué)位授予單位】：太原理工大學(xué)
【學(xué)位級別】：博士
【學(xué)位授予年份】：2016
【分類號】：TP309

【相似文獻(xiàn)】

相關(guān)期刊論文 前10條

1 葛麗娜,鐘誠,石潤華;基于橢圓曲線密碼體制的網(wǎng)上考試系統(tǒng)身份認(rèn)證方案[J];中國遠(yuǎn)程教育;2003年17期

2 葛麗娜,鐘誠,石潤華;網(wǎng)上考試系統(tǒng)的一種身份認(rèn)證方案[J];微機(jī)發(fā)展;2003年09期

3 李定川;;統(tǒng)計(jì)局網(wǎng)上直報(bào)的身份認(rèn)證方案[J];互聯(lián)網(wǎng)天地;2004年02期

4 曾文杰,周南潤,曾貴華;基于隱形傳態(tài)的跨中心量子身份認(rèn)證方案[J];光電子·激光;2005年01期

5 朱江寧;;一種安全的面向群體的身份認(rèn)證方案[J];遼東學(xué)院學(xué)報(bào);2006年02期

6 王承鑫;;“網(wǎng)上審批”系統(tǒng)身份認(rèn)證方案設(shè)計(jì)[J];科技資訊;2006年23期

7 王承鑫;;“網(wǎng)上審批”系統(tǒng)身份認(rèn)證方案設(shè)計(jì)[J];科技資訊;2007年05期

8 桑林瓊;王玉柱;;具有零知識特性的身份認(rèn)證方案設(shè)計(jì)及分析[J];重慶科技學(xué)院學(xué)報(bào)(自然科學(xué)版);2008年04期

9 楊建平;;具有零知識特性的身份認(rèn)證方案的設(shè)計(jì)及分析[J];內(nèi)蒙古農(nóng)業(yè)大學(xué)學(xué)報(bào)(自然科學(xué)版);2010年03期

10 劉婷婷;王文彬;;云計(jì)算中基于公平的安全判定相等協(xié)議的身份認(rèn)證方案[J];國防科技大學(xué)學(xué)報(bào);2013年05期

相關(guān)會議論文 前5條

1 張慶南;黃昊;鄧?yán)咨?;一種生物特征與公鑰密碼相結(jié)合的多層次身份認(rèn)證方案[A];第十一屆保密通信與信息安全現(xiàn)狀研討會論文集[C];2009年

2 陳愛群;葉震;高柯俊;鄭利平;姚傳茂;;一種基于橢圓曲線數(shù)字簽名的身份認(rèn)證方案[A];全國第十五屆計(jì)算機(jī)科學(xué)與技術(shù)應(yīng)用學(xué)術(shù)會議論文集[C];2003年

3 高作佳;;一種使用智能卡的身份認(rèn)證方案[A];2006北京地區(qū)高校研究生學(xué)術(shù)交流會——通信與信息技術(shù)會議論文集（下）[C];2006年

4 李艷平;蘇萬力;王育民;;基于ID的身份認(rèn)證方案的安全性分析和改進(jìn)[A];中國電子學(xué)會第十五屆信息論學(xué)術(shù)年會暨第一屆全國網(wǎng)絡(luò)編碼學(xué)術(shù)年會論文集（上冊）[C];2008年

5 黃海;藺大正;周劍蓉;;基于一般接入結(jié)構(gòu)的共享驗(yàn)證的身份認(rèn)證方案[A];2005通信理論與技術(shù)新進(jìn)展——第十屆全國青年通信學(xué)術(shù)會議論文集[C];2005年

相關(guān)重要報(bào)紙文章 前1條

1 本報(bào)評論員 周飆;網(wǎng)絡(luò)社區(qū)的開放潮流[N];21世紀(jì)經(jīng)濟(jì)報(bào)道;2008年

相關(guān)博士學(xué)位論文 前1條

1 王穎;資源受限環(huán)境安全身份認(rèn)證方案研究[D];太原理工大學(xué);2016年

相關(guān)碩士學(xué)位論文 前10條

1 曹征;無線傳感器網(wǎng)絡(luò)節(jié)點(diǎn)認(rèn)證協(xié)議研究[D];西南交通大學(xué);2015年

2 殷瑛;機(jī)會網(wǎng)絡(luò)身份認(rèn)證方案研究[D];南京郵電大學(xué);2015年

3 文生印;WLAN系統(tǒng)中身份認(rèn)證的研究[D];南京郵電大學(xué);2015年

4 凡思瓊;基于智能卡的身份認(rèn)證方案的研究[D];上海交通大學(xué);2015年

5 林浩;基于生物特征的遠(yuǎn)程身份認(rèn)證方案的研究[D];濟(jì)南大學(xué);2016年

6 陳平;基于一次性密鑰的圖像口令身份認(rèn)證方案研究與設(shè)計(jì)[D];蘭州大學(xué);2008年

7 黃家斌;基于生物特征的身份認(rèn)證方案[D];上海交通大學(xué);2013年

8 徐雯麗;云計(jì)算環(huán)境下的身份認(rèn)證研究[D];南京郵電大學(xué);2013年

9 鄧婕;身份認(rèn)證方案的研究與設(shè)計(jì)[D];四川師范大學(xué);2007年

10 楊秀青;遠(yuǎn)程用戶身份認(rèn)證方案研究[D];華東交通大學(xué);2009年

，

本文編號：2497617