基于国密算法和区块链的移动端安全eID及认证协议设计

doi:10.3969/j.issn.1671-1122.2018.07.002

摘要/Abstract

摘要：

当前,我国二代居民身份证的读取设备获取渠道多样,价格低廉,很容易被不法分子利用以获取公民的身份隐私信息,并实施诈骗、违规办理信用卡等犯罪行为。此外,一些需要对公民进行实名制验证的单位大都采取基于中心的认证方式,并且以明文方式大量地存储用户实名信息,存在隐私泄露的风险。SM2算法相较于传统认证方案中使用的RSA算法和国际标准的ECC算法具有安全性更高、存储空间更小、签名速度更快的特点,可以应用在当今广泛使用的智能手机等移动终端上。区块链技术具有去中心化、难篡改的特点,可以解决基于中心的认证方式中存在的单点失败和多认证授权机构（CA）信任难的问题。针对用户隐私泄露问题,文章基于SM2算法和区块链技术,并结合二维码、面部识别等技术,对传统身份认证服务系统进行了改进,提出了一种移动端的安全电子身份证系统,详细设计了基于SM2算法和区块链的身份认证协议。

关键词: SM2算法, 区块链, 身份认证, 移动终端

Abstract:

Currently, there are many accesses to gain the card readers of the second generation of resident identity cards, which are inexpensive and easy to be misused by the criminals to obtain citizens’ identity privacy information so that they can use it to commit fraud, illegally open up credit cards and other crimes. Besides, when people are checking in the hotels or opening an account in the banks, these institutions which need to verify citizens’ identity under real name mechanism mostly use the centralized authentication method and largely save their real name information in cleartext. Compared with the RSA algorithm and International criterion ECC algorithm that used in the traditional authentication, the SM2 algorithm has better security performance, less demand for storage space and higher speed of signing. So, it is appropriate to be applied in the smart phones and other popular mobile terminals. The blockchain technology has the feature of decentralition and it’s difficult to be tampered. It can effectively solve the problems lay in centralized authentication, including the single point failure and difficulty in the trust issue in multiple CA structure. Therefore, to solve the privacy leakage problems in above scenarios, the paper modified the conventional certification system, proposed an identity authentication system which is based on SM2 algorithm and blockchain technology and combined two-dimensional code and facial recognition technologies, and finally designed an identity authentication agreement elaborately.

Key words: SM2 algorithm, blockchain, identity authentication, mobile terminal

中图分类号:

TP309

胡卫, 吴邱涵, 刘胜利, 付伟. 基于国密算法和区块链的移动端安全eID及认证协议设计[J]. 信息网络安全, 2018, 18(7): 7-9.

Wei HU, Qiuhan WU, Shengli LIU, Wei FU. Design of Secure eID and Identity Authentication Agreement in Mobile Terminal Based on Guomi Algorithm and Blockchain[J]. Netinfo Security, 2018, 18(7): 7-9.

图/表 11

图1

图2

图3

表1

图4

图5

图6

图7

图8

图9

图10

参考文献 19

[1]	SHANG Ming, MA Yuan, LIN Jingqiang, et al.A Threshold Scheme for SM2 Elliptic Curve Cryptographic Algorithm[J]. Journal of Cryptologic Research, 2014, 1(2): 155-166.
	尚铭,马原,林璟锵,等. SM2椭圆曲线门限密码算法[J]. 密码学报,2014,1(2):155-166.
[2]	REN Zirong.A Third-party Authentication Service System Based on Mobile Terminal and PKI[D]. Shanghai: Shanghai Jiaotong University, 2014.
	任子荣. 基于移动终端和PKI技术的第三方身份认证服务系统[D]. 上海:上海交通大学,2014.
[3]	GU Guojin.Study and Implement of Authentication and Authorization System Based on SM2 Algorithm[D]. Jinan: Shandong University, 2013.
	谷国进. 基于SM2算法的认证授权系统研究与实现[D]. 济南:山东大学,2013.
[4]	WANG Jie.Design and Implementation of Certificate Status Query System Based on SM2[D]. Xi’an: Xidian University, 2015.
	王杰. 基于商密SM2算法的证书状态查询机制设计与实现[D]. 西安:西安电子科技大学,2015.
[5]	LI Zhaobin, LIU Dandan, HUANG Xin, et al.Design and Implementation of Secure Access Device Based on Guomi Algorithm[J]. Netinfo Security, 2016, 16(11): 19-27.
	李兆斌,刘丹丹,黄鑫,等. 基于国密算法的安全接入设备设计与实现[J]. 信息网络安全,2016,16(11):19-27.
[6]	LI Zichen, LIU Boya, WANG Peidong, et al.Two-way Authentication Protocol Based on SM2 and Zero Knowledge for Radio Frequency Identification[J]. Computer Engineering, 2017, 43(6): 97-100.
	李子臣,刘博雅,王培东,等. 基于SM2与零知识的射频识别双向认证协议[J]. 计算机工程,2017,43(6):97-100.
[7]	YAN Junzhi, PENG Jin, ZUO Min, et al.Blockchain Based PKI Certificate System[J]. Telecommunications Engineering Technology and Standardization, 2017, 30(11): 16-20.
	阎军智,彭晋,左敏,等. 基于区块链的PKI数字证书系统[J]. 电信工程技术与标准化,2017,30(11):16-20.
[8]	HUANG Xiaofang, XU Lei, YANG Xi.A Blockchain Model of Cloud Forensics[J].Journal of Beijing University of Posts and Telecommunications, 2017(5): 1-4.
	黄晓芳,徐蕾,杨茜. 一种区块链的云计算电子取证模型[J]. 北京邮电大学学报,2017(5):1-4.
[9]	MIN Xurong, DU Kui, DAI Yicong.Electronic Certification Sharing Platform Based on Blockchain Technology[J]. Command Information System and Technology, 2017, 8(2): 47-51.
	闵旭蓉,杜葵,戴逸聪. 基于区块链技术的电子证照共享平台设计[J]. 指挥信息系统与技术,2017,8(2):47-51.
[10]	XUE Tengfei, FU Qunchao, WANG Cong, et al.A Medical Data Sharing Model via Blockchain[J]. Acta Automatica Sinica, 2017, 43(9): 1555-1562.
	薛腾飞,傳群超,王枞,等. 基于区块链的医疗数据共享模型研究[J]. 自动化学报,2017,43(9):1555-1562.
[11]	WANG Jun, WU Peng, WANG Xiangyu, et al.The Outlook of Blockchain Technology for Construction Engineering Management[J]. Frontiers of Engineering Management, 2017, 4(1): 67-75.
[12]	CNNIC. 41st A Statistical Report on the Development of the Internet in China[EB/OL]. . 2018-1-31.
	CNNIC. 第41次《中国互联网络发展状况统计报告》[EB/OL]. . 2018-1-31.
[13]	LIU Yonglei, JIN Zhigang, GAO Tianying.Survey of Security Research in Mobile Payment System[J]. Netinfo Security, 2017, 17(2): 1-5.
	刘永磊,金志刚,高天迎. 移动支付系统安全性研究综述[J]. 信息网络安全,2017,17(2):1-5.
[14]	SHEN Yanzhao.Cryptanalysis of SM3 Cryptographic Hash Algorithm[D]. Shanghai: Donghua University, 2013.
	申延召. SM3密码哈希算法分析[D]. 上海:东华大学,2013.
[15]	ZHAO Kuo, XING Yongheng.Security Survey of Internet of Things Driven by Blockchain Technology[J]. Netinfo Security, 2017, 17(5): 1-6.
	赵阔,邢永恒. 区块链技术驱动下的物联网安全研究综述[J]. 信息网络安全,2017,17(5):1-6.
[16]	CAI Weide, YU Lian, WANG Rong, et al.Blockchain Application Development Techniques[J]. Journal of Software, 2017, 28(6): 1474-1487.
	蔡维德,郁莲,王荣,等. 基于区块链的应用系统开发方法研究[J]. 软件学报,2017,28(6):1474-1487.
[17]	NAKAMOTO S. Bitcoin: A Peer-to-Peer Electronic Cash System[EB/OL]. , 2017-12-11.
[18]	QING Sude, JIANG Ying, WANG Qiuye.Technology Principle and Significance of Blockchain[J].Telecommunications Network Technology, 2016(12): 14-20.
	卿苏德,姜莹,王秋野. 区块链的技术原理和意义[J]. 电信网技术,2016(12):14-20.
[19]	WANG Zhipeng, YANG Minghui, LV Liang.Research on Trusted Identity Architecture in Cyberspace Based on eID[J]. Netinfo Security, 2015, 15(9): 97-100.
	汪志鹏,杨明慧,吕良. 基于eID的网络可信身份体系建设研究[J]. 信息网络安全,2015,15(9):97-100.