ISSN 1000-1239 CN 11-1777/TP

计算机研究与发展 ›› 2015, Vol. 52 ›› Issue (11): 2645-2655.doi: 10.7544/issn1000-1239.2015.20140755

• 信息安全 • 上一篇    

增强的基于生物密钥智能卡远程身份认证方案

徐钦桂1,黄培灿1,杨桃栏2   

  1. 1(东莞理工学院计算机学院 广东东莞 523808); 2(国防科学技术大学计算机学院 长沙 410073) (dgxuqg@126.com)
  • 出版日期: 2015-11-01
  • 基金资助: 
    基金项目:国家自然科学基金项目(61300198,61402106);广东省科技计划基金项目(2007A060304003);东莞市高等院校科研机构科技计划项目(2012108102035,2012108102007)

An Enhanced Biometrics-Key-Based Remote User Authentication Scheme with Smart Card

Xu Qingui1, Huang Peican1, Yang Taolan2   

  1. 1(Computer Institute, Dongguan University of Technology, Dongguan, Guangdong 523808);2(College of Computer, National University of Defense Technology, Changsha 410073)
  • Online: 2015-11-01

摘要: 基于生物特征的智能卡身份认证提供智能卡硬件、口令验证、生物特征识别三重保护,给身份认证技术带来新的突破点.回顾了具有较高安全性能的Khan-Kumari方案工作原理,指出该方案存在身份密值封装不当、密值使用方式不合理、新鲜性检测功能缺失、认证双方交互不够充分等缺陷,可导致身份认证安全性受损.提出一个增强的基于生物密钥智能卡远程身份认证方案,用可相互验证的双要素对用户身份密值实施联合保护,基于新鲜性检测、识别重放消息,以融入时标的动态散列值密钥加密传输受保护参数,增加确认消息完善认证流程,增强了用户身份密值的保护强度,提高了对智能卡破解、消息重放、身份冒充、拒绝服务等攻击的抗击能力.安全性分析表明,增强方案以较低的计算与通信开销,有效修复了Khan-Kumari方案中的缺陷,安全性能获得显著增强,即使在两重保护失效条件下,发生身份冒充、认证失败的概率可控制在至10\+{-38}以下.

关键词: 双向身份认证, 智能卡, 生物密钥, 网络安全, 多因素认证

Abstract: Biometrics-based remote user authentication scheme with smart card enforces triple protection including smartcard hardware, user password authentication and biometrics recognition, which brings new breakthrough to authentication. Khan-Kumari scheme, which is characterized with high security performance, is reviewed. Four defects that may do harm to authentication are found in this scheme: flawed encapsulation of user identity secrets, improper access way of them, lack of message freshness check, and insufficient interaction between authentication parties. An enhanced biometrics-key-based remote user authentication scheme with smart card is put forward in this paper. Our scheme enforces four enhancing procedures: mutal verifiable dual factors are used to protect user identity secrets, and playback messages are recognized based on message freshness check, and protected parameters are transmitted after encrypted with dynamic Hash key integrating time flag, and authentication process is made be completed gracefully with acknowledgement message. With these measures, user identity protection is enhanced remarkably. Hence, resistance against smart card cracking, message replay, identity impersonation and service refusal is aggrandized. Security analysis shows that the enhanced scheme effectually fixes vulnerabilities found in Khan-Kumari scheme with small computation and communication cost, achieving remarkably enhanced security performance in defending against varying attacking means. Under the circumstances that even dual protection measures are compromised, the probability of impersonation and authentication failure caused by attacks can be made be less than 10\+{-38}.

Key words: mutual authentication, smart card, biometrics-key, network security, multi-factor authentication

中图分类号: