基于移动端协助的远程用户单一口令认证方法

doi:10.11959/j.issn.1000-436x.2019044

Abstract

Abstract:

To address the issue that users frequently reuse their weak passwords in password-based authentication system,single password authentication based on secret sharing between server and mobile terminal (SPASS) was proposed,which allows a remote user to use a single password to authenticate to multiple services securely and has no need to store any secret of the user in the client PC.Even when the mobile device is lost or stolen,no damage to the user’s information will be induced.Security analysis and performance test show that SPASS greatly improves the security of the user’s secret information and resists dictionary attacks,honeypot attacks,cross-site scripting attacks etc.Furthermore,the proposed scheme can lighten burden of the user’s memory,reduce the storage pressure and easy to be deployed.

Key words: password-based authentication, secret sharing, authentication based on mobile terminal, malware, dictionary attack

CLC Number:

TP391

Yuan XU,Chao YANG,Li YANG. Single password authentication method for remote user based on mobile terminal assistance[J]. Journal on Communications, 2019, 40(2): 174-187.

Figures/Tables 26

References 22

[1]	FLORENCIO D , HERLEY C . A large-scale study of Web password habits[C]// Proceeding of the 16th international conference on World Wide Web. 2007,ACM, 2007: 657-666.
[2]	CARSON N . In:2004,Mark Zuckerberg broke into a facebook user’s private email account[EB]. Business Insider, 2010.
[3]	BELLOVIN S M , MERRITT M . Encrypted key exchange:password-based protocols secure against dictionary attack[C]// Computer Society Symposium on Research in Security and Privacy. 1992: 72-84.
[4]	WU T D , . The secure remote password protocol[C]// The Network and Distributed System Security Symposium. 1998,98: 97-111.
[5]	JABLON D P . Strong password-only authenticated key exchange[J]. ACM SIGCOMM Computer Communications Review, 1996,26(5): 5-26.
[6]	BELLOVIN S M , MERRITT M . Augmented encrypted key exchange:a password-based protocol secure against dictionary attacks and password file compromise[C]// The 1st ACM Conference on Computer and Communications Security. ACM, 1993: 244-250.
[7]	GENTRY C , MACKENZIE P , RAMZAN Z . A method for making password-based key exchange resilient to server compromise[C]// Annual international Cryptology Conference. Springer Berlin Heidelberg, 2006: 142-159.
[8]	BOYEN X , . Hidden credential retrieval from a reusable password[C]// Proceedings of the 4th International Symposium on Information,Computer,and Communications Security. ACM, 2009: 228-238.
[9]	BOYEN X , . Hpake:password authentication secure against cross-site user impersonation[C]// International Conference on Cryptology and Network Security. 2009: 279-298.
[10]	JUNG J , LEE D , KIM J ,et al. Cryptanalysis and improvement of efficient password-based user authentication scheme using hash function[C]// The 10th International Conference on Ubiquitous Information Management and Communication. 2016:23.
[11]	WEI J , LIU W , HU X . Secure and efficient smart card based remote user password authentication scheme[J]. International Journal of Network Security, 2016,18(4): 782-792.
[12]	TSAI C Y , PAN C S , HWANG M S . An improved password authentication scheme for smart card[C]// International Conference on Intelligent and Interactive Systems and Applications. 2016: 194-199.
[13]	OM H , BANERJEE S . A password authentication method for remote users based on smart card and biometrics[J]. Journal of Discrete Mathematical Sciences ＆ Cryptography, 2017,20(3): 595-610.
[14]	GIRI D , SHERRATT R S , MAITRA T . A novel and efficient session spanning biometric and password based three-factor authentication protocol for consumer USB Mass Storage Devices[J]. IEEE Transactions on Consumer Electronics, 2016,62(3): 283-291.
[15]	李晓伟, 杨邓奇, 陈本辉 ,等. 基于生物特征和口令的双因子认证与密钥协商协议[J]. 通信学报, 2017,38(7): 89-95.
	LI X W , YANG D Q , CHEN B H ,et al. Two-factor authenticated key agreement protocol based on biometric feature and password[J]. Journal on Communications, 2017,38(7): 89-95.
[16]	WU M , GARFINKEL S , MILLER R . Secure web authentication with mobile phones[J]. Dimacs Workshop on Usable Privacy ＆ Security Software, 2004.
[17]	安迪, 杨超, 姜奇 ,等. 一种新的基于指纹与移动端协助的口令认证方法[J]. 计算机研究与发展, 2016,53(10): 2400-2411.
	AN D , YANG C , JIANG Q ,et al. A new password authentication method based on fingerprint and mobile phone assistance[J]. Journal of Computer Research and Development, 2016,53(10): 2400-2411.
[18]	MCCUNE J M , PERRIG A , REITER M K . Seeing-is-believe:using camera phones for human-verifiable authentication[C]// Security and Privacy,2005 IEEE Symposium on. IEEE, 2005: 110-124.
[19]	STARNBERGER G , FROIHOFER L , GOESCHKA K M . QR-TAN:secure mobile transaction authentication[C]// International Conference on Availability,Reliability and Security. 2009: 578-583.
[20]	ACAR T , BELENKIY M , KüP?ü A . Single password authentication[J]. Computer Networks, 2013,57(13): 2597-2614.
[21]	BAGHERZANDI A , JARECKI S , SAXENA N ,et al. Password-protected secret sharing[C]// The 18th ACM conference on Computer and Communications Security. 2011: 433-444.
[22]	CAMENISCH J , LYSYANSKAYA A , NEVEN G . Practical yet universally composable two-server password-authenticated secret sharing[C]// Proceedings of the 2012 ACM Conference on Computer and Communications Security. 2012: 525-536.

Metrics

Recommended 0

No Suggested Reading articles found!

服务商	硬盘	CPU	内存	操作系统	带宽
阿里云	40 GB	1核	2 GB	Windows Sever2008	R2 5 Mbit/s
				企业版64位中文版

服务商	硬盘	CPU	内存	操作系统
Dell Inc.Vostro 270	500 GB	4核	4 GB	Windows7 64位

次数	t_R1	t_R2	总时间T_R
1	554.04	11.83	565.87
2	562.12	12.04	574.16
3	589.61	12.26	601.87
4	597.05	11.92	608.97
5	688.92	11.85	700.77
6	566.47	11.62	578.08
7	565.16	11.68	576.84
8	600.3	11.65	611.95
9	566.57	11.78	578.35
10	563.02	11.91	574.93

次数	t_A1	t_A2	t_A3	t_A4	t_A5	t_A6	总时间T_A
1	634.95	12.16	3 852.79	2 685.00	3 020.25	551.69	10 756.84
2	588.71	12.12	3 088.24	2 451.40	3 008.86	537.88	9 687.21
3	693.18	12.13	3 462.55	2 693.89	2 968.58	542.65	10 372.98
4	603.26	11.90	3 762.82	2 729.93	2 958.64	568.11	10 634.66
5	666.91	11.71	3 490.51	2 743.85	2 938.28	581.18	10 432.44
6	588.29	11.72	3 472.58	2 701.08	2 943.11	567.73	10 284.51
7	586.82	11.81	3 976.51	2 492.83	2 964.37	565.19	10 597.53
8	696.74	11.88	3 415.59	3 150.62	2 929.69	574.21	10 778.73
9	705.49	13.57	3 787.21	2 816.02	2 916.69	579.40	10 818.38
10	667.10	11.78	3 217.01	2 690.37	2 895.12	551.87	10 033.25

用户	t_R1	t_R2	总时间T_R
user1	593.71	11.32	605.03
user2	660.72	11.43	672.15
user3	555.57	11.91	567.48
user4	633.15	11.41	644.56
user5	574.02	12.16	586.18
user6	571.38	11.66	583.04
user7	672.64	11.63	684.27
user8	564.88	11.52	576.40
user9	600.78	11.44	612.22
user10	563.25	11.39	574.93

Single password authentication method for remote user based on mobile terminal assistance

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 26

References 22

Related Articles 15

Metrics

Recommended 0

设备	t_R1	t_R2	总时间T_R
安卓模拟器	555.89	11.71	567.60
Sony	564.45	11.59	576.04
魅族	532.69	11.69	544.38

安全指标	mobile SPA	SPASS
双向认证	是	是
抗口令丢失攻击	弱	强
抗中间人攻击	弱	强
抗字典攻击	弱	强
抗恶意软件攻击	弱	强
抗服务器内部攻击	弱	强

[1]	Jinbo XIONG, Yongjie ZHOU, Renwan BI, Liang WAN, Youliang TIAN. Towards edge-collaborative, lightweight and privacy-preserving classification framework [J]. Journal on Communications, 2022, 43(1): 127-137.
[2]	Hai LIU, Youliang TIAN, Ying TANG, Jianbing Ni, Jianfeng MA. Design models of secret reconstruction towards rational users [J]. Journal on Communications, 2021, 42(11): 54-65.
[3]	Jinbo XIONG,Renwan BI,Qianxin CHEN,Ximeng LIU. Towards edge-collaborative,lightweight and secure region proposal network [J]. Journal on Communications, 2020, 41(10): 188-201.
[4]	Hanxun ZHOU,Chen CHEN,Runze FENG,Junkun XIONG,Hong PAN,Wei GUO. Mobile malware traffic detection approach based on value-derivative GRU [J]. Journal on Communications, 2020, 41(1): 102-113.
[5]	HU Jianwei,CHE Xin,ZHOU Man,CUI Yanpeng. Incremental clustering method based on Gaussian mixture model to identify malware family [J]. Journal on Communications, 2019, 40(6): 148-159.
[6]	Yanshuo ZHANG,Wenjing LI,Lei CHEN,Wei BI,Tao YANG. Verifiable special threshold secret sharing scheme based on eigenvalue [J]. Journal on Communications, 2018, 39(8): 169-175.
[7]	Xin LIU,Qiuliang XU,Bin ZHANG,Bo ZHANG. k-times attribute-based authentication scheme using direct anonymous attestation [J]. Journal on Communications, 2018, 39(12): 113-133.
[8]	Yashu LIU,Zhihai WANG,Hanbing YAN,Yueran HOU,Yukun LAI. Method of anti-confusion texture feature descriptor for malware images [J]. Journal on Communications, 2018, 39(11): 44-53.
[9]	Fang QI,Yanmei LI,Zhe TANG. Revocable and traceable key-policy attribute-based encryption scheme [J]. Journal on Communications, 2018, 39(11): 63-69.
[10]	En ZHANG,Yaoyao PEI,Jiao DU. RLWE-based ciphertext-policy attribute proxy re-encryption [J]. Journal on Communications, 2018, 39(11): 129-137.
[11]	Jianwu LIANG,Xiaoshu LIU,Zi CHENG. Quantum secret sharing with graph states based on Chinese remainder theorem [J]. Journal on Communications, 2018, 39(10): 72-78.
[12]	Bo CHEN,Yong-tao PAN,Tie-ming CHEN. Android malware detection method based on SimHash [J]. Journal on Communications, 2017, 38(Z2): 30-36.
[13]	Bing-lin ZHAO,Xi MENG,Jin HAN,Jing WANG,Fu-dong LIU. Homology analysis of malware based on graph [J]. Journal on Communications, 2017, 38(Z2): 86-93.
[14]	En ZHANG,Kui GENG,Wei JIN,Yong-jun LI,Yun-qing SUN,Feng-hua LI. Cloud outsourcing secret sharing scheme against covert adversaries [J]. Journal on Communications, 2017, 38(5): 57-65.
[15]	Hong-yu YANG,Jin XU. Android malware detection based on improved random forest [J]. Journal on Communications, 2017, 38(4): 8-16.

用户	t_A1	t_A2	t_A3	t_A4	t_A5	t_A6	总时间T_A
user1	706.66	11.18	3 870.38	2 476.76	2 896.26	620.59	10581.83
user2	656.90	11.67	3 021.22	2 516.65	2 972.40	540.37	9719.21
user3	590.32	11.40	3 942.38	2 667.09	2 940.90	564.04	10716.13
user4	636.21	11.50	3 436.28	2 472.99	2 917.59	563.28	10037.85
user5	661.22	11.52	3 441.83	2 480.50	2 936.19	548.34	10079.60
user6	696.98	11.67	3 155.77	2 690.94	2 919.25	545.47	10020.08
user7	583.52	11.43	3 485.63	2 716.33	2 896.02	561.31	10254.24
user8	580.69	12.01	3 730.85	2 517.52	2 949.34	561.96	10352.37
user9	591.99	11.73	3 333.63	2 476.16	2 992.37	551.10	9956.98
user10	696.74	11.47	3 313.86	2 507.97	2 933.24	548.51	10011.79

用户	t_R1	t_R2	总时间T_R
user1	576.09	11.99	588.08
user2	677.24	11.78	689.02
user3	553.82	11.67	565.49
user4	577.40	12.14	589.54
user5	561.34	11.67	573.01
user6	600.80	11.78	612.58
user7	659.23	12.15	671.38
user8	638.52	11.69	650.21
user9	578.69	11.68	590.37
user10	556.91	12.04	568.95

次数	t_A1	t_A2	t_A3	t_A4	t_A5	t_A6	总时间T_A
user1	674.89	11.56	3 589.07	2 487.21	2 682.28	539.95	10 291.97
user2	652.75	11.64	3 538.29	2 702.91	3 001.16	627.43	10 534.18
user3	598.73	11.67	3 730.33	2 710.31	3 160.28	524.04	10 735.36
user4	597.75	11.60	3 389.03	2 670.76	2 921.73	532.14	10 123.01
user5	602.49	11.78	3 558.93	2 792.32	3 042.90	543.13	10 551.55
user6	679.08	12.04	3 584.63	2 780.92	2 851.92	583.65	10 492.24
user7	705.12	11.57	3 401.68	2 665.76	2 845.77	550.11	10 180.01
user8	602.14	11.81	3 769.10	2 786.24	2 858.46	562.39	10 590.14
user9	627.65	12.54	3 329.07	2 664.68	2 886.40	558.95	10 079.29
user10	611.41	11.89	3 564.91	2 682.28	2 844.04	529.52	10 244.05

设备	t_A1	t_A2	t_A3	t_A4	t_A5	t_A6	总时间T_A
安卓模拟器	655.94	12.14	3 746.96	2697.21	2 886.60	603.58	10 602.43
Sony	631.69	11.53	3 737.36	174.27	2 911.79	598.03	8 064.67
魅族	627.51	11.68	3 758.87	152.76	2 919.66	574.56	8 045.04