信息网络安全 ›› 2019, Vol. 19 ›› Issue (6): 45-52.doi: 10.3969/j.issn.1671-1122.2019.06.006

• 技术研究 • 上一篇    下一篇

基于生物识别技术的多云服务器认证方案研究

亢保元, 颉明明(), 司林   

  1. 天津工业大学计算机科学与技术学院,天津 300387
  • 收稿日期:2018-05-02 出版日期:2019-06-10 发布日期:2020-05-11
  • 作者简介:

    作者简介:亢保元(1965—),男,陕西,教授,博士,主要研究方向为密码学、信息安全、数字签名、身份认证与密钥共识等;颉明明(1991—),男,甘肃,硕士研究生,主要研究方向为密码学、信息安全、身份认证与密钥共识等;司林(1993—),男,内蒙古,硕士研究生,主要研究方向为密码学、信息安全、身份认证与密钥共识等。

  • 基金资助:
    国家自然科学基金[51378350];天津市应用基础与前沿技术研究计划[15JCYBJC15900]

Research on a Biometrics-based Multi-cloud Server Authentication Scheme

Baoyuan KANG, Mingming XIE(), Lin SI   

  1. School of Computer Science and Technology, Tianjin Polytechnic University, Tianjin 300387
  • Received:2018-05-02 Online:2019-06-10 Published:2020-05-11

摘要:

无线通信技术的进步推动了移动服务的快速发展,传统的单服务器已经不能满足多用户的大规模访问。为了解决这个问题,人们提出了多云服务器认证方案。基于口令或基于智能卡的身份认证方案在多云服务器环境下的安全性较差,而生物特征与个人具有一一对应的关系,因此生物特征已成为增强认证方案安全性的一个重要因素。近年,KUMARI等人提出了一个基于生物识别的多云服务器环境下的认证方案,然而,该方案不能抵抗重放攻击。同时,该方案在相互认证阶段存在漏洞,缺少相互认证时的关键参数,导致用户与服务器无法进行相互认证。因此,文章通过增加时戳及必要的参数存储,改进了KUMARI等人的方案。安全性分析表明,改进方案不但能够抵抗重放攻击及常见的内部攻击、离线口令猜测攻击等,而且还能使用户与服务器进行有效的认证。

关键词: 认证方案, 云服务器, 智能卡, 生物特征, 安全性

Abstract:

The progress of wireless communication technology has promoted the development of mobile services. The traditional single server has been unable to accept the multi-user large-scale access. In order to solve this problem, a lot of cloud server authentication scheme are proposed. Based on passwords and smart cards authentication schemes are less security in multi-cloud server environment. Due to biometric technology is closely related to the physical characteristics of the individual, so it has been become the first choice to enhance security. Recently, KUMARI put forward an authentication scheme based on biometric technology in cloud server environment. However, we find that their schemes cannot resist replay attacks. At the same time, the scheme also has loopholes in the mutual authentication stage and lack the mutual authentication key parameters, which lead to users and servers cannot authenticate each other. Therefore, this paper improves KUMARI’s scheme by adding time-stamp and necessary parameter storage. Security analysis shows that the improved scheme not only resists replay attacks, offline password guessing attacks and other common attacks, but also enables users and servers to perform effective authentication.

Key words: authentication scheme, cloud server, smart card, biometric technology, security

中图分类号: