【摘要】：身份認證協(xié)議是確保參與者在開放的網(wǎng)絡(luò)環(huán)境中實現(xiàn)安全通信的一種重要手段,是各類應(yīng)用系統(tǒng)安全的第一道關(guān)口,對網(wǎng)絡(luò)與信息系統(tǒng)安全具有舉足輕重的作用。通過身份認證協(xié)議,可以防止非法人員進入系統(tǒng),并防止非法人員通過違法操作獲取不正當利益、訪問受控信息、惡意破壞系統(tǒng)數(shù)據(jù)的完整性等。 目前身份認證技術(shù)已經(jīng)廣泛應(yīng)用于網(wǎng)絡(luò)信息安全中的數(shù)據(jù)保護、銀行網(wǎng)絡(luò)管理以及各種各樣信息系統(tǒng)的安全保護等研究領(lǐng)域。但是隨著應(yīng)用場景的不斷擴展,特定的身份認證協(xié)議不可能對所有的應(yīng)用場景都適用,需要針對不同的應(yīng)用環(huán)境設(shè)計相應(yīng)的身份認證協(xié)議。同時,身份認證的目的是在不可靠的通信環(huán)境下實現(xiàn)參與者的安全通信,由于網(wǎng)絡(luò)環(huán)境的不可靠性,存在著多種多樣的攻擊方式,從而導致了分析與設(shè)計身份認證協(xié)議的復雜性。本文分析了身份認證協(xié)議的研究背景和發(fā)展現(xiàn)狀,說明了身份認證協(xié)議的設(shè)計原則,并指出了身份認證協(xié)議需滿足的安全需求和功能需求。本文圍繞身份認證協(xié)議中存在的問題展開研究,分別研究了單服務(wù)器身份認證協(xié)議、多服務(wù)器身份認證協(xié)議、三因素遠程身份認證協(xié)議以及無線與移動環(huán)境下的身份認證協(xié)議,得到了若干有意義的結(jié)論： 1.當前,大多數(shù)基于ElGamal密碼體制的單服務(wù)器身份認證協(xié)議都不具有良好的用戶友好性,如用戶不能自由地選擇和變更自己的口令。同時,這些協(xié)議都不能保護用戶身份的匿名,且都不支持會話密鑰協(xié)商。針對現(xiàn)有的基于ElGamal的單服務(wù)器認證協(xié)議存在的問題,本文綜合考慮身份認證的安全需求和功能需求,設(shè)計了一個具有高安全特性的基于智能卡和ElGamal密碼體制的單服務(wù)器身份認證協(xié)議,同時使其具有相對較低的計算復雜度。 2.研究了Lee等人提出的基于動態(tài)身份的多服務(wù)器認證協(xié)議。在本協(xié)議中,注冊中心負責系統(tǒng)參數(shù)的選取,用戶和服務(wù)器的注冊,而不直接參與到用戶的認證過程中。我們發(fā)現(xiàn)Lee等人的協(xié)議不能提供正確的認證,不能抵抗偽造攻擊和服務(wù)器模仿攻擊,且用戶和注冊中心必須建立安全的信道以完成用戶口令的變更。為解決Lee等人協(xié)議存在的安全問題,我們提出一個新的基于動態(tài)身份的多服務(wù)器認證協(xié)議,本協(xié)議滿足多服務(wù)器環(huán)境下身份認證協(xié)議的實際功能需求和安全需求。 3.研究了Sood等人提出的基于動態(tài)身份的多服務(wù)器認證協(xié)議,在該協(xié)議中,注冊中心直接參與用戶的認證過程。分析了Sood等人協(xié)議存在的安全性缺陷,指出Sood等人協(xié)議易遭受匹配泄露攻擊、智能卡丟失攻擊,且由于設(shè)計上的缺陷導致注冊中心無法在認證的過程中獲取用戶真實的身份標識,從而無法進行正確的認證和密鑰協(xié)商。在此基礎(chǔ)上,提出了一個新的注冊中心直接參與用戶認證的基于動態(tài)身份的多服務(wù)器認證協(xié)議,該協(xié)議改進了Sood等人協(xié)議存在的安全問題,且僅用極小的計算復雜度增量換取了更高的安全性和更多的功能特性。 4.研究了基于口令、智能卡和Biometric的三因素身份認證協(xié)議。對我國臺灣學者Li和Hwang提出的三因素遠程身份認證協(xié)議進行研究,發(fā)現(xiàn)Li-Hwang的協(xié)議不能提供恰當?shù)恼J證,不能抵抗中間人攻擊,此外,Li-Hwang協(xié)議通過比較Biometric的Hash函數(shù)值來進行Biometric的驗證,由于每次提取Biometric存在一定的擾動,而Hash函數(shù)對數(shù)據(jù)的擾動十分敏感,Li-Hwang協(xié)議的Biometric認證不能有效的執(zhí)行。我們詳細描述了這些問題,并針對Li-Hwang協(xié)議存在的這些安全缺陷,提出一個新的基于Biometric的三因素遠程身份認證協(xié)議。 5.研究了移動漫游網(wǎng)絡(luò)的匿名身份認證協(xié)議。當前多數(shù)的移動漫游網(wǎng)絡(luò)身份認證協(xié)議都不能真正確保用戶身份的匿名性。為確保移動網(wǎng)絡(luò)安全認證和漫游,基于橢圓曲線離散對數(shù)問題(ECDLP)和橢圓曲線計算Diffie-Hellman問題(ECDHP),提出了一個新的移動漫游網(wǎng)絡(luò)匿名認證協(xié)議。本協(xié)議能真正確保用戶的匿名,且能確保會話密鑰的公平性。同時,本協(xié)議保持了無縫接入無線網(wǎng)絡(luò)認證和漫游的計算有效性 6.研究了RFID相互認證協(xié)議�；赑eriaswamy等人提出的RFID標簽電子指紋檢測方法,提出了一個適用于EPC Class1Generation2被動標簽的RFID相互認證協(xié)議,本協(xié)議能防止非法閱讀器讀取標簽信息,能抵抗重放攻擊、DoS攻擊等惡意攻擊。同時,本協(xié)議可通過電子指紋方法檢測克隆標簽。
[Abstract]:The identity authentication protocol is an important means to ensure the security communication of the participants in the open network environment. It is the first gateway to the security of all kinds of application systems. It plays an important role in the security of the network and information system. Through the authentication protocol, it can prevent non lawmakers from entering the system and prevent illegal personnel from violated by illegal personnel. Legal operation obtains illegitimate interests, accesses controlled information, and destroys the integrity of system data.
At present, identity authentication technology has been widely used in the field of data protection in network information security, bank network management and all kinds of information system security protection. However, with the continuous expansion of application scenarios, specific authentication protocols can not apply to all application scenarios, and need to be applied to different applications. The identity authentication protocol of the environment is designed accordingly. At the same time, the purpose of identity authentication is to realize the security communication of the participants in the unreliable communication environment. Because of the unreliability of the network environment, there are a variety of attacks, which results in the complexity of the analysis and design of the identity authentication protocol. The research background and development status indicate the design principles of the identity authentication protocol, and point out the security requirements and functional requirements that the identity authentication protocol needs to meet. This paper focuses on the problems existing in the identity authentication protocol, and studies the single server authentication protocol, the multi server identity authentication protocol and the three factors remotely. The authentication protocol and the authentication protocol in wireless and mobile environment have obtained some meaningful conclusions:
1. currently, most of the single server authentication protocols based on ElGamal cryptosystems do not have good user friendliness, such as the user cannot freely choose and change their password. At the same time, these protocols can not protect the identity of the user and do not support the session key negotiation. For the existing single service based on ElGamal. In this paper, a single server identity authentication protocol with high security features based on smart card and ElGamal cryptosystem is designed in this paper, which has a relatively low computational complexity.
2. research on the multi server authentication protocol based on dynamic identity proposed by Lee et al. In this protocol, the registry is responsible for the selection of system parameters, the registration of users and servers, and not directly involved in the user authentication process. We find that the protocol of Lee and others can not provide the correct authentication, and can not resist forged attacks and servers. In order to solve the security problems of Lee and others, we propose a new dynamic identity based multi server authentication protocol. This protocol satisfies the actual functional requirements and security needs of the identity authentication protocol under multi server environment. Ask.
3. study the multi server authentication protocol based on dynamic identity proposed by Sood et al. In this protocol, the registration center directly participates in the authentication process of the user. The security defects of the Sood et al. Are analyzed. It is pointed out that the Sood and other protocols are vulnerable to match leak attack, smart card loss attack, and the design defects lead to registration. The center can not obtain the true identity of the user in the process of authentication, and thus can not carry out the correct authentication and key negotiation. On this basis, a new registration center directly participates in the user authentication based dynamic identity based multi server authentication protocol. The protocol improves the security problems existing in the Sood et al. Higher security and more functional features are achieved with only minimal computation complexity increment.
4. the three factor authentication protocol based on password, smart card and Biometric is studied. The three factor remote identity authentication protocol proposed by Li and Hwang of Taiwan scholar in China is studied. It is found that the protocol of Li-Hwang can not provide the proper authentication and can not resist the middleman attack. In addition, the Li-Hwang protocol compares the Biometric's Hash function value. To verify the Biometric, the Hash function is very sensitive to the disturbance of the data, and the Biometric authentication of the Li-Hwang protocol is not effective. We describe these problems in detail, and propose a new Biometric based three for the Li-Hwang protocol's security defects. Factor remote identity authentication protocol.
5. the anonymous identity authentication protocol of mobile roaming network is studied. Most of the current mobile roaming network identity authentication protocols can not really ensure the anonymity of user identity. In order to ensure the security authentication and roaming of mobile network, the Diffie-Hellman problem (ECDHP) based on elliptic curve discrete logarithm problem (ECDLP) and elliptic curve calculation (ECDHP) is proposed. A new anonymous authentication protocol for mobile roaming networks. This protocol can truly ensure the anonymity of the user and ensure the fairness of the session key. At the same time, this protocol maintains the computational effectiveness of seamless access to wireless network authentication and roaming.
6. the mutual authentication protocol of RFID is studied. Based on the RFID tag electronic fingerprint detection method proposed by Periaswamy and others, a RFID mutual authentication protocol suitable for EPC Class1Generation2 passive tag is proposed. This protocol can prevent the illegal reader from reading the label information, resisting the replay attack, and the DoS attack and other malicious attacks. Cloned tags can be detected by electronic fingerprinting.
【學位授予單位】：北京郵電大學
【學位級別】：博士
【學位授予年份】：2012
【分類號】：TP393.08

【引證文獻】

相關(guān)期刊論文 前1條

1 李俊根;何利力;郭亮;;煙草企業(yè)成品卷煙防偽加密系統(tǒng)總體設(shè)計[J];工業(yè)控制計算機;2013年05期

，

本文編號：2127622