节点文献
基于生物特征的健壮的远程用户认证方案的设计与实现
The Design and Implementation of A Biometrics-based Robust Remote User Authentication Scheme
【作者】 张韶远;
【导师】 卢建朱;
【作者基本信息】 暨南大学 , 计算机软件与理论, 2012, 硕士
【摘要】 认证保证用户不能以欺骗的方式非法地访问系统资源。在访问控制的实现中,用户认证至关重要。在使用智能卡和生物信息进行远程访问的环境中,远程认证是保证其安全的措施之一。随着Internet中在线资源的快速增长和用户自我保护意识的增强,相互认证作为一种安全的方式,被用来同时保护资源拥有者和使用者的利益。在本论文中,我们将生物特征信息、单向哈希函数和智能卡等技术相结合,提出一种基于生物特征识别技术的双方身份认证方案。本论文利用时戳T生成一次性的共享信息h (h (U IDi||X S)||T),提高了系统的健壮性。服务器通过对用户登陆生成的认证信息进行认证,可防止包括重放攻击和拒绝服务攻击在内的所有已知攻击。用户与服务器仅仅需要两次握手就可实现相互认证,节约了系统的通信成本。论文中的认证算法只使用了异或运算和安全的单向哈希函数,提高了认证过程的效率。在Visual Studio2005上,我们使用C++编程语言实现了这一方案的一个原型系统。该系统使用智能卡读取器和指纹扫描仪,实现资源拥有者和使用者之间的相互认证。我们选用不同的hash函数进行试验,力图寻找最好的认证配置方式。实验结果表明我们的设计能抵御已知的攻击,其计算成本和通信成本对许多实际应用都是可接受的。
【Abstract】 Authentication assures that illegal users are not able to access system resourcesfraudulently. User authentication plays a significant role in access control. Remoteauthentication is one of the security measures for remote accessing in the environment usingsmart card and biometrics information. With the rapid growth of online resources in Internetand the improvement of self protection consciousness of users,mutual authentication isneeded to provide a secure way to simultaneously protect the interests of both the resourceowners and the users.In this thesis, we present an efficient biometrics-based mutual authentication scheme,which is based on personal biometrics, one-way hash function and smart card. Forenhancing the system security, we make use of a one-time key h (h (U IDi||X S)||T)generated by using the timestamp T. In the scheme, the authentication process can resist allknown attacks including replay attacks and the DOS attacks, and needs only twice onlinemessage transmissions. Analysis shows that the scheme is secure. Our scheme only uses XORoperation, random number generating and hash faction in order to provide a simplecomputation.A prototype system of this scheme is developed by using C++programming on VisualStudio2005platform. By combining a smart card reader with a fingerprint scanner, mutualauthentication can be achieved between a resource owner and a user. Our experiment withseveral different hash functions has been done to find out which solution is the best one. Theresults show that our design is secure to resist malicious attacks, and its computation andcommunication costs are acceptable for most practical applications.
【Key words】 Biometrics-based Authentication; Hash function; Remote user; Smart card;