摘要
移动互联网单服务器环境下传统身份认证方案存在用户需要针对不同的服务器记忆相应的不同口令,以及传统认证方式中的口令泄漏等安全问题。为解决以上问题,文章提出一种移动互联网单服务器环境下基于SM9算法的身份认证方案。用户针对不同的应用系统,仅需记忆统一的标识和口令,即可在不同的应用系统中通过身份认证,从而获得应用服务和访问资源的权限。文章方案将SM9标识密码算法与口令隐藏相结合,采用一次一密的方式实现密文传输、双向认证,达到了更高的安全性和健壮性,并能减轻用户的记忆负担,给用户带来更好的应用体验。通过安全性分析,文章方案能抵抗重放攻击、仿冒攻击、智能设备丢失攻击等常见攻击。通过性能对比,文章方案比同类方案具有更强的鲁棒性、更高的安全性、更好的便捷性和更少的计算成本,在移动支付、非接触门禁等高安全性需求场景中有较大的应用价值。
The traditional authentication scheme in the single-server environment of the mobile internet has security problems,such as users needing to memorize different passwords corresponding to different servers,password leakage in traditional authentication methods,and so on.In order to solve the problems described above,this paper proposes a singleserver environment authentication scheme based on SM9 algorithm for mobile internet.For different application systems,users that only needed to memorize a unified identification and password could pass through authentication in different application systems and obtained application services and resources・The proposed scheme combined the SM9 algorithm and password hiding to realize ciphertext transmission and mutual authentication,achieved higher security and robustness with one-time key.At the same time,the proposed scheme could reduce the user's memory burden and offer a better application experience.Through security analysis,the proposed scheme can provide resistance to replay attacks,counterfeiting attacks,smartphone loss attacks and other common attacks.Through performance comparison,the proposed scheme has stronger robustness,higher security,better convenience and less computation cost than other similar schemes,and has high application value in high security scenario,such as mobile payment and contactless access control.
作者
张昱
孙光民
李煜
ZHANG Yu;SUN Guangmin;LI Yu(Department of information,Beijing University of Technology,Beijing 100124,China)
出处
《信息网络安全》
CSCD
北大核心
2021年第4期1-9,共9页
Netinfo Security
基金
国家自然科学基金[41706201]。