信息网络安全 ›› 2021, Vol. 21 ›› Issue (4): 1-9.doi: 10.3969/j.issn.1671-1122.2021.04.001

• 等级保护 •    下一篇

基于SM9算法的移动互联网身份认证方案研究

张昱, 孙光民(), 李煜   

  1. 北京工业大学信息学部,北京 100124
  • 收稿日期:2020-12-10 出版日期:2021-04-10 发布日期:2021-05-14
  • 通讯作者: 孙光民 E-mail:gmsun@bjut.edu.cn
  • 作者简介:张昱(1978—),男,山东,博士研究生,主要研究方向为网络安全、神经网络|孙光民(1960—),男,山西,教授,博士,主要研究方向为模式识别、神经网络、网络安全|李煜(1986—),男,北京,副教授,博士,主要研究方向为模式识别、遥感图像处理、深度学习及应用
  • 基金资助:
    国家自然科学基金(41706201)

Research on Mobile Internet Authentication Scheme Based on SM9 Algorithm

ZHANG Yu, SUN Guangmin(), LI Yu   

  1. Department of information, Beijing University of Technology, Beijing 100124, China
  • Received:2020-12-10 Online:2021-04-10 Published:2021-05-14
  • Contact: SUN Guangmin E-mail:gmsun@bjut.edu.cn

摘要:

移动互联网单服务器环境下传统身份认证方案存在用户需要针对不同的服务器记忆相应的不同口令,以及传统认证方式中的口令泄漏等安全问题。为解决以上问题,文章提出一种移动互联网单服务器环境下基于SM9算法的身份认证方案。用户针对不同的应用系统,仅需记忆统一的标识和口令,即可在不同的应用系统中通过身份认证,从而获得应用服务和访问资源的权限。文章方案将SM9标识密码算法与口令隐藏相结合,采用一次一密的方式实现密文传输、双向认证,达到了更高的安全性和健壮性,并能减轻用户的记忆负担,给用户带来更好的应用体验。通过安全性分析,文章方案能抵抗重放攻击、仿冒攻击、智能设备丢失攻击等常见攻击。通过性能对比,文章方案比同类方案具有更强的鲁棒性、更高的安全性、更好的便捷性和更少的计算成本,在移动支付、非接触门禁等高安全性需求场景中有较大的应用价值。

关键词: SM9算法, 移动互联网, 单服务器环境, 身份认证

Abstract:

The traditional authentication scheme in the single-server environment of the mobile internet has security problems, such as users needing to memorize different passwords corresponding to different servers, password leakage in traditional authentication methods, and so on. In order to solve the problems described above, this paper proposes a single-server environment authentication scheme based on SM9 algorithm for mobile internet. For different application systems, users that only needed to memorize a unified identification and password could pass through authentication in different application systems and obtained application services and resources. The proposed scheme combined the SM9 algorithm and password hiding to realize ciphertext transmission and mutual authentication, achieved higher security and robustness with one-time key. At the same time, the proposed scheme could reduce the user’s memory burden and offer a better application experience. Through security analysis, the proposed scheme can provide resistance to replay attacks, counterfeiting attacks, smartphone loss attacks and other common attacks. Through performance comparison, the proposed scheme has stronger robustness, higher security, better convenience and less computation cost than other similar schemes, and has high application value in high security scenario, such as mobile payment and contactless access control.

Key words: SM9 algorithm, mobile internet, single-server environment, authentication

中图分类号: