计算机工程与应用 ›› 2017, Vol. 53 ›› Issue (17): 123-129.DOI: 10.3778/j.issn.1002-8331.1605-0141

• 网络、通信与安全 • 上一篇    下一篇

多服务器环境下可实现访问控制的身份认证方案

张  敏1,2,何远德1,张  阳3   

  1. 1.西南民族大学 外国语学院,成都 610041
    2.西南交通大学 信号与信息处理四川省重点实验室,成都 610031
    3.西南民族大学学报 编辑部,成都 610041
  • 出版日期:2017-09-01 发布日期:2017-09-12

Authentication scheme for multi-server enviroment based on Chebyshev chaotic map with access control

ZHANG Min1,2, HE Yuande1, ZHANG Yang3   

  1. 1.School of Foreign Languages, Southwest University for Nationalities, Chengdu 610041, China
    2.Sichuan Province Key Lab of Signal and Information Processing, Southwest Jiaotong University, Chengdu 610031, China
    3.Editorial?Department,?Journal of?Southwest University for Nationalities, Chengdu 610041, China
  • Online:2017-09-01 Published:2017-09-12

摘要: 相比单服务,多服务器环境的认证方案具有不需要用户重复注册和记忆多个密码等优点,近年来受到学界关注。2015年,屈娟等人提出一个多服务器环境下基于切比雪夫多项式的三因素身份认证方案。相比目前其他多服务器环境的身份认证方案,该方案具有一定新意。但通过分析可以发现该方案仍然存在如下缺陷:容易受到重复注册攻击;生物特征处理不恰当;认证过程严重依赖注册中心,容易遭受拒绝服务器攻击以及系统整体健壮性不高;协议部分设计存在不合理之处。为了解决上述问题,提出基于安全概略和切比雪夫多项式的三因素身份认证方案。通过分析可知该方案虽然计算量有所提升但是能较好解决屈娟等人所提方案存在的安全威胁,同时该方案也能实现访问控制。

关键词: 多服务器, 身份认证, 安全概略, 切比雪夫多项式, 三因素

Abstract: Compared with single-server authentication scheme, the protocol for multi-server has a lot of advantages such as the user doesn’t need to remember various passwords and register for every application servers. In 2015, Qu Juan et al proposed a new scheme based on chaotic map for multi-server environment. From the analysis, this protocol still has a lot of disadvantages: it is vulnerable to suffer repeat registration attack; the method for processing biometrics is not right; the authentication scheme is not robust; there are some design flaws in this paper. In order to solve these problems, a new three factor authentication scheme based on secure sketch and Chebyshev chaotic map has been proposed. From the analysis, the proposed scheme not only has higher security but also deals with biometric more appropriately than Qu et al’s scheme. Furthermore, an access control method has been introduced in it for the purpose of making different users enjoy different access privileges. At the same time, the proposed scheme can achieve key agreement not only between the user and application servers but also between application servers and the Register Center(RC).

Key words: multi-server, authentication, secure sketch, Chebyshev chaotic map, three-factor