针对物理访问控制的拟态防御认证方法

doi:10.11959/j.issn.1000-436x.2020115

Abstract

Abstract:

To address the security problem of the vulnerability of the authentication methods of traditional physical access control systems,a mimic defense authentication method was designed based on the principle of mimic defense technique and its dynamic heterogeneous redundant architecture (DHR),using mobile 2D code as the interface and dynamic password as the core.First,the actuator pool of the authentication server was constructed.Then,a central controller consisting of functional modules such as input distribution agent,selector and voter was used to dynamically schedule heterogeneous redundant actuators from the actuator pool.Finally,a multimode ruling on the heterogeneous redundant actuator output to determine the authentication result was made by the voter.The experimental results show that the proposed authentication method has higher security and reliability compared to the traditional physical access control system authentication method,and at the same time,it can be used in combination with other authentication methods.

Key words: access control, QR code, heterogeneous redundancy, mimic defense

CLC Number:

TP393

Qinglei ZHOU,Shaohuan BAN,Yingjie HAN,Feng FENG. Mimic defense authentication method for physical access control[J]. Journal on Communications, 2020, 41(6): 80-87.

Figures/Tables 11

References 19

[1]	贾铁军, 侯丽波, 宋少婷 ,等. 网络安全实用技术[M]. 北京: 清华大学出版社, 2011.
	JIA T J , HOU L B , SONG S T ,et al. Practical network security technology[M]. Beijing: Tsinghua University PressPress, 2011.
[2]	李小燕 . 网络可信身份认证技术演变史及发展趋势研究[J]. 网络空间安全, 2018,9(11): 6-18.
	LI X Y . Study on evolution history and development trend of network trusted identity authentication technology[J]. Information Security and Technology, 2018,9(11): 6-18.
[3]	常玲, 赵蓓, 薛姗 ,等. 基于网络安全的身份认证技术研究[J]. 电信工程技术与标准化, 2019,32(2): 37-42.
	CHANG L , ZHAO P , XUE S ,et al. Research on identity authentication technology in network security[J]. Telecom Engineering Technics and Standardization, 2019,32(2): 37-42.
[4]	安迪, 杨超, 姜奇 ,等. 一种新的基于指纹与移动端协助的口令认证方法[J]. 计算机研究与发展, 2016,53(10): 2400-2411.
	AN D , YANG C , JIANG Q ,et al. A new password authentication method based on fingerprint and mobile phone assistance[J]. Journal of Computer Research and Development, 2016,53(10): 2400-2411.
[5]	周庆, 黄党志 . 基于 Ising 模型的 QR 码加密算法[J]. 计算机应用, 2013,33(10): 2861-2864.
	ZHOU Q , HUANG D Z . Encryption algorithm for QR code based on Ising model[J]. Journal of Computer Applications, 2013,33(10): 2861-2864.
[6]	韩林, 张春海, 徐建良 . 基于二维码的内外网物理隔离环境下的数据交换[J]. 计算机科学, 2016,43(S2): 520-522.
	HAN L , ZHANG C H , XU J L . Data exchange based on QR code in physically isolated internal and external network environment[J]. Computer Science, 2016,43(S2): 520-522.
[7]	古晓艳, 夏志强 . 基于二维码的高校教学设备管理系统的设计与实现[J]. 计算机科学, 2017,44(S1): 523-525.
	GU X Y , XIA Z Q . Design and implementation of teaching equipment management system based on two-dimensional code[J]. Computer Science, 2017,44(S1): 523-525.
[8]	MOHAN P , CHELLIAH S . An authentication technique for accessing de-duplicated data from private cloud using one time password[J]. International Journal of Information Security and Privacy, 2017,11(2): 1-10.
[9]	KAO Y , LUO G , LIN H ,et al. Physical access control based on QR code[C]// 2011 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery. Piscataway:IEEE Press, 2011: 285-288.
[10]	于英政 . QR 二维码相关技术的研究[D]. 北京:北京交通大学, 2014.
	YU Y Z . Research on related technologies of the QR 2-dimensional code[D]. Beijing:Beijing Jiaotong University, 2014.
[11]	邬江兴 . 网络空间拟态防御导论[M]. 北京: 科学出版社, 2017.
	WU J X . Introduction to cyberspace mimic defense[M]. Beijing: Science PressPress, 2017.
[12]	扈红超, 陈福才, 王禛鹏 . 拟态防御 DHR 模型若干问题探讨和性能评估[J]. 信息安全学报, 2016,1(4): 40-51.
	HU H C , CHEN F C , WANG Z P . Performance evaluations on DHR for cyberspace mimic defense[J]. Journal of Cyber Security, 2016,1(4): 40-51.
[13]	ZHUANG R , DELOACH S A , OU X . Towards a theory of moving target defense[C]// Proceedings of the First ACM Workshop on Moving Target Defense. New York:ACM Press, 2014: 31-40.
[14]	仝青, 张铮, 张为华 ,等. 拟态防御 Web 服务器设计与实现[J]. 软件学报, 2017,28(4): 883-897.
	TONG Q , ZHANG Z , ZHANG W H ,et al. Design and implementation of mimic defense Web server[J]. Journal of Software, 2017,28(4): 883-897.
[15]	王禛鹏, 扈红超, 程国振 . 一种基于拟态安全防御的DNS框架设计[J]. 电子学报, 2017,45(11): 2705-2714.
	WANG Z P , HU H C , CHENG G Z . A DNS architecture based on mimic security defense[J]. Acta Electronica Sinica, 2017,45(11): 2705-2714.
[16]	王禛鹏, 扈红超, 程国振 . MNOS:拟态网络操作系统设计与实现[J]. 计算机研究与发展, 2017,54(10): 2321-2333.
	WANG Z P , HU H C , CHENG G Z . Design and implementation of mimic network operating system[J]. Journal of Computer Research and Development, 2017,54(10): 2321-2333.
[17]	马海龙, 伊鹏, 江逸茗 ,等. 基于动态异构冗余机制的路由器拟态防御体系结构[J]. 信息安全学报, 2017,2(1): 29-42.
	MA H L , YI P , JIANG Y M ,et al. Dynamic heterogeneous redundancy based router architecture with mimic defenses[J]. Journal of Cyber Security, 2017,2(1): 29-42.
[18]	OUELHADJ D , PETROVIC S . A survey of dynamic scheduling in manufacturing systems[J]. Journal of Scheduling, 2009,12(4):417.
[19]	刘勤让, 林森杰, 顾泽宇 . 面向拟态安全防御的异构功能等价体调度算法[J]. 通信学报, 2018,39(7): 188-198.
	LIU Q R , LIN S J , GU Z Y . Heterogeneous redundancies scheduling algorithm for mimic security defense[J]. Journal on Communications, 2018,39(7): 188-198.

Metrics

Recommended 0

No Suggested Reading articles found!

异构层级	异构元素
处理器层	Intel、AMD、ARM、IBM
操作系统层	Windows(Windows 7,Windows 8,Windows 10; Windows Server 2003,Windows Server 2008)
操作系统层	Linux(Debian、RedHat、Ubuntu)
虚拟化层	VMware、VirtualBox、MiWorkspace
编译器层	GNU、Cygwin、MSVC、Borland

架构	穷举攻击	撞库攻击	重放攻击	中间人攻击	未知攻击
MD-PAC架构	是	是	是	是	是
OQAS架构	是	是	是	是	否
传统动态口令认证架构	否	是	是	是	否

符号	含义
T_{G_QR}	移动端生成含相关信息QR码耗时
T_{I_QR}	智能硬件终端识别QR码耗时
T_transfer	输入从客户端传输到一个执行体耗时
T_{max_transfer}	输入从客户端传输到执行体中最长耗时
T_AP	一个执行体处理任务耗时
T_{max_AP}	所有执行体中处理任务中最长耗时
T_SA	选调器处理耗时（调度执行体）
T_voter	表决器处理耗时

实验对象	操作系统	编程语言	脚本
	Windows 10	Python 3.6.2
MD-PAC	Ubuntu 16.04	Python 3.7.4	异构化处理
	CentOS 7（VMware）	Python 3.7.0
OQAS	CentOS 7（VMware）	Python 3.7.0	未异构化处理

Mimic defense authentication method for physical access control

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 11

References 19

Related Articles 15

Metrics

Recommended 0

[1]	Jin ZHANG, Qiang GE, Weihai XU, Yiming JIANG, Hailong MA, Hongtao YU. Design, implementation and formal verification of BGP proxy for mimic router [J]. Journal on Communications, 2023, 44(3): 33-44.
[2]	Wei JIN, Fenghua LI, Mingjie YU, Yunchuan GUO, Ziyan ZHOU, Liang FANG. HDFS-oriented cryptographic key resource control mechanism [J]. Journal on Communications, 2022, 43(9): 27-41.
[3]	Dacheng ZHOU, Hongchang CHEN, Guozhen CHENG, Weizhen HE, Ke SHANG, Hongchao HU. Design and implementation of adaptive mimic voting device oriented to persistent connection [J]. Journal on Communications, 2022, 43(6): 71-84.
[4]	Hongyong JIA, Yunfei PAN, Wenhe LIU, Junjie ZENG, Jianhui ZHANG. Executive dynamic scheduling algorithm based on high-order heterogeneity [J]. Journal on Communications, 2022, 43(3): 233-245.
[5]	Jiangtao DONG, Peiwen YAN, Ruizhong DU. Verifiable access control scheme based on unpaired CP-ABE in fog computing [J]. Journal on Communications, 2021, 42(8): 139-150.
[6]	Changgen PENG, Zongfeng PENG, Hongfa DING, Youliang TIAN, Rongfei LIU. Attribute-based revocable collaborative access control scheme [J]. Journal on Communications, 2021, 42(5): 75-86.
[7]	Zhengbin ZHU, Qinrang LIU, Dongpei LIU, Chong WANG. Research progress of mimic multi-execution scheduling algorithm [J]. Journal on Communications, 2021, 42(5): 179-190.
[8]	Zuobin YING, Yuanping SI, Jianfeng MA, Ximeng LIU. Blockchain-based distributed EHR fine-grained traceability scheme [J]. Journal on Communications, 2021, 42(5): 205-215.
[9]	Ting WU, Chengnan HU, Qingnan CHEN, Anbang CHEN, Qiuhua ZHENG. Defense-enhanced dynamic heterogeneous redundancy architecture based on executor partition [J]. Journal on Communications, 2021, 42(3): 122-134.
[10]	Ruizhong DU, Peiwen YAN, Yan LIU. Fine-grained attribute update and outsourcing computing access control scheme in fog computing [J]. Journal on Communications, 2021, 42(3): 160-170.
[11]	Jiawei ZHANG, Jianfeng MA, Zhuo MA, Teng LI. Time-based and privacy protection revocable and traceable data sharing scheme in cloud computing [J]. Journal on Communications, 2021, 42(10): 81-94.
[12]	Chuanxing PAN, Zheng ZHANG, Bolin MA, Yuan YAO, Xinsheng JI. Method against process control-flow hijacking based on mimic defense [J]. Journal on Communications, 2021, 42(1): 37-47.
[13]	Tianyi ZHU,Fenghua LI,Wei JIN,Yunchuan GUO,Liang FANG,Lin CHENG. Cross-domain access control policy mapping mechanism for balancing interoperability and autonomy [J]. Journal on Communications, 2020, 41(9): 29-48.
[14]	Shaohu DING,Ning QI,Yiwei GUO. Evaluation of mimic defense strategy based on M-FlipIt game model [J]. Journal on Communications, 2020, 41(7): 186-194.
[15]	Ke SONE,Qinrang LIU,Shuai WEI,Wenjian ZHANG,Libo TAN. Endogenous security architecture of Ethernet switch based on mimic defense [J]. Journal on Communications, 2020, 41(5): 18-26.