通信学报 ›› 2019, Vol. 40 ›› Issue (2): 174-187.doi: 10.11959/j.issn.1000-436x.2019044
徐渊1,杨超2,杨力3
修回日期:
2018-09-23
出版日期:
2019-02-01
发布日期:
2019-03-04
作者简介:
徐渊(1991- ),女,陕西西安人,西安财经大学助理实验师,主要研究方向为云计算、网络安全。|杨超(1979- ),男,陕西西安人,博士,西安电子科技大学教授、博士生导师,主要研究方向为密码学、信息和网络安全。|杨力(1977- ),男,陕西西安人,博士,西安电子科技大学教授、博士生导师,主要研究方向为移动互联网安全、云计算安全和可信计算技术。
基金资助:
Yuan XU1,Chao YANG2,Li YANG3
Revised:
2018-09-23
Online:
2019-02-01
Published:
2019-03-04
Supported by:
摘要:
针对口令认证系统中用户频繁重复使用同一弱口令的问题,提出一种基于服务器与便携移动设备间秘密共享的单一口令认证方法,允许远程用户使用单一口令和多个在线服务进行安全认证,且客户端PC无需存储用户的任何秘密信息;即使移动设备丢失或被盗,也不会损害用户信息。安全性分析与性能测试结果表明,新方法大大提高了用户私密信息的安全性,可以抵御字典攻击、蜜罐攻击、跨站点编程攻击及网络钓鱼攻击,减轻用户记忆负担,缓解存储压力,易于部署。
中图分类号:
徐渊,杨超,杨力. 基于移动端协助的远程用户单一口令认证方法[J]. 通信学报, 2019, 40(2): 174-187.
Yuan XU,Chao YANG,Li YANG. Single password authentication method for remote user based on mobile terminal assistance[J]. Journal on Communications, 2019, 40(2): 174-187.
表4
场景1认证阶段时间/ms"
次数 | tA1 | tA2 | tA3 | tA4 | tA5 | tA6 | 总时间TA |
1 | 634.95 | 12.16 | 3 852.79 | 2 685.00 | 3 020.25 | 551.69 | 10 756.84 |
2 | 588.71 | 12.12 | 3 088.24 | 2 451.40 | 3 008.86 | 537.88 | 9 687.21 |
3 | 693.18 | 12.13 | 3 462.55 | 2 693.89 | 2 968.58 | 542.65 | 10 372.98 |
4 | 603.26 | 11.90 | 3 762.82 | 2 729.93 | 2 958.64 | 568.11 | 10 634.66 |
5 | 666.91 | 11.71 | 3 490.51 | 2 743.85 | 2 938.28 | 581.18 | 10 432.44 |
6 | 588.29 | 11.72 | 3 472.58 | 2 701.08 | 2 943.11 | 567.73 | 10 284.51 |
7 | 586.82 | 11.81 | 3 976.51 | 2 492.83 | 2 964.37 | 565.19 | 10 597.53 |
8 | 696.74 | 11.88 | 3 415.59 | 3 150.62 | 2 929.69 | 574.21 | 10 778.73 |
9 | 705.49 | 13.57 | 3 787.21 | 2 816.02 | 2 916.69 | 579.40 | 10 818.38 |
10 | 667.10 | 11.78 | 3 217.01 | 2 690.37 | 2 895.12 | 551.87 | 10 033.25 |
表6
场景2中的情况1认证阶段时间/ms"
用户 | tA1 | tA2 | tA3 | tA4 | tA5 | tA6 | 总时间TA |
user1 | 706.66 | 11.18 | 3 870.38 | 2 476.76 | 2 896.26 | 620.59 | 10581.83 |
user2 | 656.90 | 11.67 | 3 021.22 | 2 516.65 | 2 972.40 | 540.37 | 9719.21 |
user3 | 590.32 | 11.40 | 3 942.38 | 2 667.09 | 2 940.90 | 564.04 | 10716.13 |
user4 | 636.21 | 11.50 | 3 436.28 | 2 472.99 | 2 917.59 | 563.28 | 10037.85 |
user5 | 661.22 | 11.52 | 3 441.83 | 2 480.50 | 2 936.19 | 548.34 | 10079.60 |
user6 | 696.98 | 11.67 | 3 155.77 | 2 690.94 | 2 919.25 | 545.47 | 10020.08 |
user7 | 583.52 | 11.43 | 3 485.63 | 2 716.33 | 2 896.02 | 561.31 | 10254.24 |
user8 | 580.69 | 12.01 | 3 730.85 | 2 517.52 | 2 949.34 | 561.96 | 10352.37 |
user9 | 591.99 | 11.73 | 3 333.63 | 2 476.16 | 2 992.37 | 551.10 | 9956.98 |
user10 | 696.74 | 11.47 | 3 313.86 | 2 507.97 | 2 933.24 | 548.51 | 10011.79 |
表8
场景2中的情况2认证阶段时间/ms"
次数 | tA1 | tA2 | tA3 | tA4 | tA5 | tA6 | 总时间TA |
user1 | 674.89 | 11.56 | 3 589.07 | 2 487.21 | 2 682.28 | 539.95 | 10 291.97 |
user2 | 652.75 | 11.64 | 3 538.29 | 2 702.91 | 3 001.16 | 627.43 | 10 534.18 |
user3 | 598.73 | 11.67 | 3 730.33 | 2 710.31 | 3 160.28 | 524.04 | 10 735.36 |
user4 | 597.75 | 11.60 | 3 389.03 | 2 670.76 | 2 921.73 | 532.14 | 10 123.01 |
user5 | 602.49 | 11.78 | 3 558.93 | 2 792.32 | 3 042.90 | 543.13 | 10 551.55 |
user6 | 679.08 | 12.04 | 3 584.63 | 2 780.92 | 2 851.92 | 583.65 | 10 492.24 |
user7 | 705.12 | 11.57 | 3 401.68 | 2 665.76 | 2 845.77 | 550.11 | 10 180.01 |
user8 | 602.14 | 11.81 | 3 769.10 | 2 786.24 | 2 858.46 | 562.39 | 10 590.14 |
user9 | 627.65 | 12.54 | 3 329.07 | 2 664.68 | 2 886.40 | 558.95 | 10 079.29 |
user10 | 611.41 | 11.89 | 3 564.91 | 2 682.28 | 2 844.04 | 529.52 | 10 244.05 |
[1] | FLORENCIO D , HERLEY C . A large-scale study of Web password habits[C]// Proceeding of the 16th international conference on World Wide Web. 2007,ACM, 2007: 657-666. |
[2] | CARSON N . In:2004,Mark Zuckerberg broke into a facebook user’s private email account[EB]. Business Insider, 2010. |
[3] | BELLOVIN S M , MERRITT M . Encrypted key exchange:password-based protocols secure against dictionary attack[C]// Computer Society Symposium on Research in Security and Privacy. 1992: 72-84. |
[4] | WU T D , . The secure remote password protocol[C]// The Network and Distributed System Security Symposium. 1998,98: 97-111. |
[5] | JABLON D P . Strong password-only authenticated key exchange[J]. ACM SIGCOMM Computer Communications Review, 1996,26(5): 5-26. |
[6] | BELLOVIN S M , MERRITT M . Augmented encrypted key exchange:a password-based protocol secure against dictionary attacks and password file compromise[C]// The 1st ACM Conference on Computer and Communications Security. ACM, 1993: 244-250. |
[7] | GENTRY C , MACKENZIE P , RAMZAN Z . A method for making password-based key exchange resilient to server compromise[C]// Annual international Cryptology Conference. Springer Berlin Heidelberg, 2006: 142-159. |
[8] | BOYEN X , . Hidden credential retrieval from a reusable password[C]// Proceedings of the 4th International Symposium on Information,Computer,and Communications Security. ACM, 2009: 228-238. |
[9] | BOYEN X , . Hpake:password authentication secure against cross-site user impersonation[C]// International Conference on Cryptology and Network Security. 2009: 279-298. |
[10] | JUNG J , LEE D , KIM J ,et al. Cryptanalysis and improvement of efficient password-based user authentication scheme using hash function[C]// The 10th International Conference on Ubiquitous Information Management and Communication. 2016:23. |
[11] | WEI J , LIU W , HU X . Secure and efficient smart card based remote user password authentication scheme[J]. International Journal of Network Security, 2016,18(4): 782-792. |
[12] | TSAI C Y , PAN C S , HWANG M S . An improved password authentication scheme for smart card[C]// International Conference on Intelligent and Interactive Systems and Applications. 2016: 194-199. |
[13] | OM H , BANERJEE S . A password authentication method for remote users based on smart card and biometrics[J]. Journal of Discrete Mathematical Sciences & Cryptography, 2017,20(3): 595-610. |
[14] | GIRI D , SHERRATT R S , MAITRA T . A novel and efficient session spanning biometric and password based three-factor authentication protocol for consumer USB Mass Storage Devices[J]. IEEE Transactions on Consumer Electronics, 2016,62(3): 283-291. |
[15] | 李晓伟, 杨邓奇, 陈本辉 ,等. 基于生物特征和口令的双因子认证与密钥协商协议[J]. 通信学报, 2017,38(7): 89-95. |
LI X W , YANG D Q , CHEN B H ,et al. Two-factor authenticated key agreement protocol based on biometric feature and password[J]. Journal on Communications, 2017,38(7): 89-95. | |
[16] | WU M , GARFINKEL S , MILLER R . Secure web authentication with mobile phones[J]. Dimacs Workshop on Usable Privacy & Security Software, 2004. |
[17] | 安迪, 杨超, 姜奇 ,等. 一种新的基于指纹与移动端协助的口令认证方法[J]. 计算机研究与发展, 2016,53(10): 2400-2411. |
AN D , YANG C , JIANG Q ,et al. A new password authentication method based on fingerprint and mobile phone assistance[J]. Journal of Computer Research and Development, 2016,53(10): 2400-2411. | |
[18] | MCCUNE J M , PERRIG A , REITER M K . Seeing-is-believe:using camera phones for human-verifiable authentication[C]// Security and Privacy,2005 IEEE Symposium on. IEEE, 2005: 110-124. |
[19] | STARNBERGER G , FROIHOFER L , GOESCHKA K M . QR-TAN:secure mobile transaction authentication[C]// International Conference on Availability,Reliability and Security. 2009: 578-583. |
[20] | ACAR T , BELENKIY M , KüP?ü A . Single password authentication[J]. Computer Networks, 2013,57(13): 2597-2614. |
[21] | BAGHERZANDI A , JARECKI S , SAXENA N ,et al. Password-protected secret sharing[C]// The 18th ACM conference on Computer and Communications Security. 2011: 433-444. |
[22] | CAMENISCH J , LYSYANSKAYA A , NEVEN G . Practical yet universally composable two-server password-authenticated secret sharing[C]// Proceedings of the 2012 ACM Conference on Computer and Communications Security. 2012: 525-536. |
[1] | 廉欢欢, 侯慧莹, 赵运磊. 后量子基于验证元的三方口令认证密钥交换协议[J]. 通信学报, 2022, 43(4): 95-106. |
[2] | 尹安琪, 郭渊博, 汪定, 曲彤洲, 陈琳. 可证明安全的抗量子两服务器口令认证密钥交换协议[J]. 通信学报, 2022, 43(3): 14-29. |
[3] | 郭渊博, 尹安琪. 基于格的口令认证密钥交换协议综述[J]. 通信学报, 2022, 43(12): 172-187. |
[4] | 熊金波, 周永洁, 毕仁万, 万良, 田有亮. 边缘协同的轻量级隐私保护分类框架[J]. 通信学报, 2022, 43(1): 127-137. |
[5] | 刘海, 田有亮, 唐莹, Jianbing Ni, 马建峰. 面向理性用户的秘密重构设计模型[J]. 通信学报, 2021, 42(11): 54-65. |
[6] | 熊金波,毕仁万,陈前昕,刘西蒙. 边缘协作的轻量级安全区域建议网络[J]. 通信学报, 2020, 41(10): 188-201. |
[7] | 周翰逊,陈晨,冯润泽,熊俊坤,潘宏,郭薇. 基于值导数GRU的移动恶意软件流量检测方法[J]. 通信学报, 2020, 41(1): 102-113. |
[8] | 胡建伟,车欣,周漫,崔艳鹏. 基于高斯混合模型的增量聚类方法识别恶意软件家族[J]. 通信学报, 2019, 40(6): 148-159. |
[9] | 张艳硕,李文敬,陈雷,毕伟,杨涛. 基于特征值的可验证特殊门限秘密共享方案[J]. 通信学报, 2018, 39(8): 169-175. |
[10] | 王彩芬,陈丽. 基于格的用户匿名三方口令认证密钥协商协议[J]. 通信学报, 2018, 39(2): 21-30. |
[11] | 于金霞,廉欢欢,汤永利,史梦瑶,赵宗渠. 格上基于口令的三方认证密钥交换协议[J]. 通信学报, 2018, 39(11): 87-97. |
[12] | 张恩,裴瑶瑶,杜蛟. 基于RLWE的密文策略属性代理重加密[J]. 通信学报, 2018, 39(11): 129-137. |
[13] | 梁建武,刘晓书,程资. 基于图态和中国剩余定理的量子秘密共享方案[J]. 通信学报, 2018, 39(10): 72-78. |
[14] | 张恩,耿魁,金伟,李勇俊,孙韵清,李凤华. 抗隐蔽敌手的云外包秘密共享方案[J]. 通信学报, 2017, 38(5): 57-65. |
[15] | 杨宏宇,徐晋. 基于改进随机森林算法的Android恶意软件检测[J]. 通信学报, 2017, 38(4): 8-16. |
阅读次数 | ||||||
全文 |
|
|||||
摘要 |
|
|||||
|