【作者】 李昕；

【导师】 傅鹂；

【作者基本信息】 重庆大学 ， 计算机软件与理论， 2007， 硕士

【摘要】 随着计算机技术和网络技术的发展,越来越多的企业和组织依靠网络这个平台来开展它们的业务,信息安全问题日益受到人们的重视。身份认证作为信息安全系统的第一道防线,是最重要的安全服务之一,也是实现其它安全服务的前提。现有的基于挑战-质询的身份认证模型的基本思想是:在进行身份认证的过程中,加入不确定因素以生成动态变化的认证信息,从而提高认证过程的安全性。但是这种模型尤其是在具体实现的时候表现出了其弱点和不足之处,不能有效抵抗窃听、假冒、重放、口令猜测、中间人攻击等攻击,从而不能提供足够的安全性。本文以身份认证技术和认证协议为研究重点,主要对关键技术点、模型的设计与分析、原型系统的程序实现与测试进行了说明。分析比较了相关的密码学技术与基本原理,身份认证的基本概念,常见的身份认证技术和身份认证模型(协议)。重点分析了挑战-质询机制,指出了它存在的安全缺陷,及针对这些缺陷存在的攻击方式和手段。在此基础上,提出了一种基于挑战-质询机制的改进的身份认证模型,并对改进模型进行了初步分析。对改进模型进行了仿真和实现,并进行了简单测试和分析。改进模型引入了随机盐和再HASH机制,实现了双向认证和双因素认证,提高了协议抵抗窃听、假冒、重放、口令猜测、中间人攻击等攻击手段的能力,从而提高了协议的安全性。最后,对研究工作进行了总结,并展望了进一步的研究工作。更多还原

【Abstract】 With the development of computer technology and network technology ,more and more enterprises and organizations conduct their business rely on the platform of networks ,and information security has become the focus of concern gradually for the people. As the first line of defense in information security system, entity authentication is one of the most important security service as well as the basis for other security services.The key idea of existing entity authentication models based on Challenge -Response is to keep the verification changing constantly through the way of import changing factors, which can enhance the security. But such schemes could show its weaknesses and inadequacies especially in the time of concrete implementation, and can not provide adequate security.This thesis focus on identity authentication technology and protocol, the key technical points, designing and analyzing of the authentication scheme, programming and testing of the prototype system are presented. Here cryptography theory and the concept, mechanism of identity authentication and protocols are discussed. Challenge-Response mechanism is detail analyzed and its’ security defects are given, and then common attack methods against these defects are analyzed. Finally an improved scheme is proposed and then the scheme is preliminary analyzed. On this basis, simulate and implement the scheme, and a simple test and analysis is conducted. Finally, the summary of the research is carried out, and the research work in the future is also suggested.in the improved model, the salt and the mechanism of re-hash are imported, mutual authentication and two-factor authentication are implemented, which can withstand attack methods such as eavesdrop、masquerade、replay、password guess attack、man-in-the-middle attack ,and the security is enhanced.更多还原