基于生物识别技术的多云服务器认证方案研究

doi:10.3969/j.issn.1671-1122.2019.06.006

信息网络安全 ›› 2019, Vol. 19 ›› Issue (6): 45-52.doi: 10.3969/j.issn.1671-1122.2019.06.006

基于生物识别技术的多云服务器认证方案研究

亢保元, 颉明明(), 司林

天津工业大学计算机科学与技术学院,天津 300387

收稿日期:2018-05-02 出版日期:2019-06-10 发布日期:2020-05-11
作者简介:
作者简介：亢保元（1965—）,男,陕西,教授,博士,主要研究方向为密码学、信息安全、数字签名、身份认证与密钥共识等;颉明明（1991—）,男,甘肃,硕士研究生,主要研究方向为密码学、信息安全、身份认证与密钥共识等;司林（1993—）,男,内蒙古,硕士研究生,主要研究方向为密码学、信息安全、身份认证与密钥共识等。
基金资助:
国家自然科学基金[51378350];天津市应用基础与前沿技术研究计划[15JCYBJC15900]

Research on a Biometrics-based Multi-cloud Server Authentication Scheme

Baoyuan KANG, Mingming XIE(), Lin SI

School of Computer Science and Technology, Tianjin Polytechnic University, Tianjin 300387

Received:2018-05-02 Online:2019-06-10 Published:2020-05-11

摘要/Abstract

摘要：

无线通信技术的进步推动了移动服务的快速发展,传统的单服务器已经不能满足多用户的大规模访问。为了解决这个问题,人们提出了多云服务器认证方案。基于口令或基于智能卡的身份认证方案在多云服务器环境下的安全性较差,而生物特征与个人具有一一对应的关系,因此生物特征已成为增强认证方案安全性的一个重要因素。近年,KUMARI等人提出了一个基于生物识别的多云服务器环境下的认证方案,然而,该方案不能抵抗重放攻击。同时,该方案在相互认证阶段存在漏洞,缺少相互认证时的关键参数,导致用户与服务器无法进行相互认证。因此,文章通过增加时戳及必要的参数存储,改进了KUMARI等人的方案。安全性分析表明,改进方案不但能够抵抗重放攻击及常见的内部攻击、离线口令猜测攻击等,而且还能使用户与服务器进行有效的认证。

关键词: 认证方案, 云服务器, 智能卡, 生物特征, 安全性

Abstract:

The progress of wireless communication technology has promoted the development of mobile services. The traditional single server has been unable to accept the multi-user large-scale access. In order to solve this problem, a lot of cloud server authentication scheme are proposed. Based on passwords and smart cards authentication schemes are less security in multi-cloud server environment. Due to biometric technology is closely related to the physical characteristics of the individual, so it has been become the first choice to enhance security. Recently, KUMARI put forward an authentication scheme based on biometric technology in cloud server environment. However, we find that their schemes cannot resist replay attacks. At the same time, the scheme also has loopholes in the mutual authentication stage and lack the mutual authentication key parameters, which lead to users and servers cannot authenticate each other. Therefore, this paper improves KUMARI’s scheme by adding time-stamp and necessary parameter storage. Security analysis shows that the improved scheme not only resists replay attacks, offline password guessing attacks and other common attacks, but also enables users and servers to perform effective authentication.

Key words: authentication scheme, cloud server, smart card, biometric technology, security

中图分类号:

TP309

亢保元, 颉明明, 司林. 基于生物识别技术的多云服务器认证方案研究[J]. 信息网络安全, 2019, 19(6): 45-52.

Baoyuan KANG, Mingming XIE, Lin SI. Research on a Biometrics-based Multi-cloud Server Authentication Scheme[J]. Netinfo Security, 2019, 19(6): 45-52.

图/表 3

参考文献 18

[1]	HE Debiao, ZEADALLY S, KUMAR N, et al.Efficient and Anonymous Mobile User Authentication Protocol Using Self-certified Public Key Cryptography for Multi-server Architectures[J]. IEEE Transactions on Information Forensics and Security, 2016, 11(9): 2052-2064.
[2]	MA Chunguang, WANG Ding, ZHAO Sendong.Security Flaws in Two Improved Remote User Authentication Schemes Using Smart Cards[J]. International Journal of Communication Systems, 2014, 27(10): 2215-2227.
[3]	XIE Qi.Improvement of a Security Enhanced One-time Two-factor Authentication and Key Agreement Scheme[J]. Scientia Iranica, 2012, 19(6): 1856-1860.
[4]	HE Debiao, CHEN Yitao, CHEN Jianhua.Cryptanalysis and Improvement of an Extended Chaotic Maps-based Key Agreement Protocol[J]. Nonlinear Dynamics, 2012, 69(3): 1149-1157.
[5]	MESSERGES T, DABBISH E, SLOAN R.Examining Smart-card Security under the Threat of Power Analysis Attacks[J]. IEEE Transactions on Computer, 2002, 51(5): 541-552.
[6]	LI Xiong, NIU Jianwei, KHAN M, et al.Robust Biometrics Based Three-factor Remote User Authentication Scheme with Key Agreement[C]//IEEE. International Symposium on Biometrics and Security Technologies, July 2, 2013, Chengdu, China. New Jersey: IEEE, 2013: 105-110.
[7]	YOON E, YOO K.Robust Biometrics-based Multi-server Authentication with Key Agreement Scheme for Smart Cards on Elliptic Curve Cryptosystem[J]. The Journal of Supercomputing, 2013, 63(1): 235-255.
[8]	HE Debiao, WANG Ding.Robust Biometrics-based Authentication Scheme for Multi-server Environment[J]. IEEE Systems Journal, 2015, 9(3): 816-823.
[9]	ODELU V, DAS A, GOSWAMI A.A Secure Biometrics-based Multi-server Authentication Protocol Using Smart Cards[J]. IEEE Transactions on Information Forensics and Security, 2015, 10(9): 1953-1966.
[10]	WU Fan, XU Lili, KUMARI S, et al.A Novel and Provably Secure Biometrics-based Three-factor Remote Authentication Scheme for Mobile client-server Networks[J]. Computer and Electronics Engineering, 2015, 45(C): 274-285.
[11]	SHEN H, GAO C, HE D, et al.New Biometrics-based Authentication Scheme for Multi-server Environment in Critical Systems[J]. Journal of Ambient Intelligence and Humanized Computing, 2015, 6(6): 825-834.
[12]	YOU Lin, LIANG Jiahao.Research on Secure Identity Authentication Based on Homonorphic Encryption and Biometric[J]. Netinfo Security, 2018, 18(4): 1-8.
	游林,梁家豪.基于同态加密与生物特征的安全身份认证研究[J].信息网络安全,2018,18(4):1-8.
[13]	CHUANG M C, CHEN Mengchang.An Anonymous Multi-server Authenticated Key Agreement Scheme Based on Trust Computing Using Smart Cards and Biometrics[J]. Expert Systems with Applications, 2014, 41(4): 1411-1418.
[14]	MISHRA D, DAS A, MUKHOPADHYAY S.A Secure User Anonymity-preserving Biometric-based Multi-server Authenticated Key Agreement Scheme Using Smart Cards[J]. Expert Systems with Applications, 2014, 41(18): 8129-8143.
[15]	LIN Hao, WEN Fengtong, DU Chunxia.An Improved Anonymous Multi-server Authenticated Key Agreement Scheme Using Smart Cards and Biometrics[J]. Wireless Personal Communications, 2015, 84(4): 2351-2362.
[16]	LU Yanrong, LI Lixiang, PENG Haipeng, et al.A Biometrics and Smart Cards-based Authentication Scheme for Multi-server Environments[J]. Security and Communication Networks, 2015, 8(17): 3219-3228.
[17]	ZHANG Lei, WANG Bin, YU Lili.A Hash Function-based Attribute Generalization Privacy Protection Scheme[J]. Netinfo Security, 2018, 18(3): 14-25.
	张磊,王斌,于莉莉.基于Hash函数的属性泛隐私保护方案[J].信息网络安全,2018,18(3):14-25.
[18]	KUMARI S, LI Xiong, WU Fan, et al. Design of a Provably Secure Biometrics-based Multi-cloud-server Authentication Scheme[EB/OL]. , 2018-1-22.

符号	描述
n, p	两个大素数
U_i, RA, CS_j	用户、注册机构、云服务器
E	攻击者
F_p	有限域
E_p	椭圆曲线
G	加法循环群
ID_i	U_i的身份
BiO_i	U_i的身份特征
SC_i	U_i的智能卡
S, P_uB	注册机构的私钥及公钥
$\oplus$	异或操作
h(.), H(.)	单项哈希函数
((V_i^)_x, (V_i^)_y)	(V_i^*)点的横纵坐标
Rec_i	RA对用户U_i的记录

基于生物识别技术的多云服务器认证方案研究

Research on a Biometrics-based Multi-cloud Server Authentication Scheme

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

图/表 3

参考文献 18

相关文章 15

编辑推荐

Metrics

本文评价

[1]	王生玉, 汪金苗, 董清风, 朱瑞瑾. 基于属性加密技术研究综述[J]. 信息网络安全, 2019, 19(9): 76-80.
[2]	张富友, 王琼霄, 宋利. 基于生物特征识别的统一身份认证系统研究[J]. 信息网络安全, 2019, 19(9): 86-90.
[3]	韩益亮, 王众. 基于多变量和LRPC码的抗量子密码方案研究[J]. 信息网络安全, 2019, 19(8): 36-43.
[4]	王耀杰, 钮可, 杨晓元. 基于生成对抗网络的图像隐藏方案[J]. 信息网络安全, 2019, 19(5): 54-60.
[5]	左黎明, 胡凯雨, 张梦丽, 夏萍萍. 一种具有双向安全性的基于身份的短签名方案[J]. 信息网络安全, 2018, 18(7): 47-54.
[6]	游林, 梁家豪. 基于同态加密与生物特征的安全身份认证研究[J]. 信息网络安全, 2018, 18(4): 1-8.
[7]	宋新霞, 马佳敏, 陈智罡, 陈克非. 基于SEAL的虹膜特征密文认证系统[J]. 信息网络安全, 2018, 18(12): 15-22.
[8]	姜红, 亢保元, 李春青. 改进的保护身份的云共享数据完整性公开审计方案[J]. 信息网络安全, 2018, 18(10): 85-91.
[9]	齐健, 陈小明, 游伟青. 基于fuzzing测试的网络协议安全评估方法研究[J]. 信息网络安全, 2017, 17(3): 59-65.
[10]	孙长辉, 张令臣, 高能. 一种基于智能卡认证的LVS集群方案设计[J]. 信息网络安全, 2017, 17(2): 59-65.
[11]	黄鹏, 曾贵华. 连续变量量子密钥分发实际安全性研究进展[J]. 信息网络安全, 2017, 17(11): 7-12.
[12]	刘学芬, 孙荣辛, 夏鲁宁, 李伟. 面向MySQL的安全隐患检测方法研究[J]. 信息网络安全, 2016, 16(9): 1-5.
[13]	魏成坤, 刘向东, 石兆军. 基于OAuth2.0的认证授权技术研究[J]. 信息网络安全, 2016, 16(9): 6-11.
[14]	张俊芙, 胡爱群. 基于智能卡的远程文件安全管理系统设计和开发[J]. 信息网络安全, 2016, 16(8): 68-73.
[15]	陆德彪, 和晟姣, 王剑. 基于通信顺序进程方法的RSSP-II通信协议安全性分析[J]. 信息网络安全, 2016, 16(7): 7-8.