###
计算机系统应用英文版:2016,25(11):41-50
本文二维码信息
码上扫一扫!
一种匿名口令鉴别构件系统
(1.中国科学院大学, 北京 100190;2.中国科学院软件研究所, 北京 100190)
A Kind of Anonymous Password Authentication Component System
(1.University of Chinese Academy of Sciences, Beijing 100090, China;2.Institute of Software, Chinese Academy of Sciences, Beijing 100090, China)
摘要
图/表
参考文献
相似文献
本文已被:浏览 1752次   下载 2429
Received:March 07, 2016    Revised:April 24, 2016
中文摘要: 作为隐私保护的重要手段,匿名鉴别机制引起了各界的广泛关注,口令鉴别作为应用最广泛的鉴别方式,研究设计仅依赖于口令的匿名鉴别系统具有重要意义.在此背景下,国际标准化组织ISO/IEC JTC1/SC27启动了ISO/IEC20009-4标准项目,专门针对基于口令的匿名鉴别机制开展标准化工作,目前收录了三种匿名口令鉴别协议.本文基于该标准中的SKI协议研究设计了一种匿名口令鉴别构件系统,同时系统可支持标准中收录的其它两种协议.本文针对该构件系统的安全性、匿名性以及性能方面进行了系统的分析设计,从系统初始化、匿名分组构建到标准协议执行等各环节进行了安全保护,填补了标准本身到实际应用的差距.本文主要解决了SKI协议应用时面临的安全及效率问题,包括:协议中“公告板信息不一致”将导致合法用户认证失败、群组公告信息的“首次请求”面临超长等待延时等问题.构件系统通过引入“双重公告信息”、“请求绑定会话”、“Cache机制”等多种手段解决了上述问题.最后,我们对匿名口令鉴别构件系统的性能进行了实验分析.目前尚未见国内外同类系统被提出.
Abstract:Anonymous authentication has attracted widespread attention of the public as an important means of privacy protection. It is significant to achieve anonymous mechanism based on password which is the most common method of user authentication and remains very widely used in cyberspace. In this scenario, ISO/IEC JTC1/SC27 launched the project of ISO/IEC20009-4 to prepare the standards for PAEA(password-based anonymous entity authentication) mechanisms. There are 3 kinds of protocols for PAEA specified in the ISO/IEC2009-4. This paper designs and specifies a kind of anonymous password entity-authentication component system based on the SKI mechanism, which is one of three kinds of protocols for PAEA in ISO/IEC20009-4. And the system can support the other two protocols at the same time. We analyze the security, anonymity and performance of the system and enhance the security of the processes of system initialization, construction of anonymous group and execution of the protocol. Our work has closed the gap between the theory and the application of the mechanisms. In this paper, we mainly solve the security and performance problems of SKI mechanism when SKI is applied in practice, including "Inconformity of Bulletin Information" which will lead to failure in authentication and the long latency of the "First Query" of a group's public bulletin information etc. And we solve all of them by introducing the solutions of "Dual Bulletin Information Scheme", "Cache System", "Query-Bound-Session Mechanism", etc. At last, we analyzethe performance of the system by do the testing experiences. For now, no domestic and foreign similar systems have been proposed.
文章编号:     中图分类号:    文献标志码:
基金项目:国家自然科学基金(61472409,61303247);国家自然科学基金重点项目(91118006);国家高技术研究发展计划(863)(2012AA01A403);国家重点基础研究计划(973)(2013CB338003)
引用文本:
周楠,张立武.一种匿名口令鉴别构件系统.计算机系统应用,2016,25(11):41-50
ZHOU Nan,ZHANG Li-Wu.A Kind of Anonymous Password Authentication Component System.COMPUTER SYSTEMS APPLICATIONS,2016,25(11):41-50