支持商密SM9算法框架的多因素认证方案

A Multi-Factor Authentication Scheme Under the SM9 Algorithm Framework

无线传感器技术使用公开无线信道且存储和计算资源受限,这使其容易遭受潜在的主动攻击(篡改等)和被动攻击(监听等)。身份认证是保障信息系统安全的第一道防线,如何为无线传感器设备设计多因素认证方案是目前安全协议研究的热点。目前,大多数身份认证方案都基于国外密码标准设计,不符合国家核心技术自主可控的网络空间安全发展战略。商密SM9标识密码算法是中国密码标准,已由ISO/IEC标准化并被广泛使用。因此,该文研究如何在商密SM9标识密码算法框架下,将口令、生物特征以及智能卡相结合来设计多因素身份认证方案,并利用模糊验证技术和蜜罐口令方法增强口令安全。该文在随机谕言模型(Random Oracle Model, ROM)下证明了方案的安全性,并给出启发式安全分析。与相关身份认证方案的对比结果表明,该文提出的身份认证方案在提供安全性的同时能够适用于资源受限的无线传感器网络。

Wireless sensor networks use public wireless channels and their storage and computing resources are limited,making them vulnerable to active attacks and passive attacks.Identity authentication acts as the first line to ensure the security of information systems.Then,how to design multi-factor authentication schemes for wireless sensor devices is currently a hot topic.Nowadays,most existing schemes are based on foreign cryptographic standards that do not comply with the autonomous and controllable cyberspace security development strategy.SM9 is an identity-based cryptographic algorithm that has become a Chinese cryptographic standard recently.Therefore,this paper focuses on how to combine passwords,biometrics,and smart cards to design a multi-factor authentication scheme that can be used for wireless sensor networks under the framework of SM9.The proposed scheme applies the fuzzy verifier technique and the honeyword method to resist password guessing attacks and further enables session key negotiation and password update.The security is proved under the Random Oracle Model(ROM)and a heuristic security analysis is provided additionally.The comparison results show that the proposed scheme can be deployed to wireless sensor networks.