基于智能卡和可撤除2DPalmPhasor码的远程用户身份认证方案.docVIP

  基于智能卡和可撤除 2DPalmPhasor 码的远 程用户身份认证方案# 张家树，白平，张莹 5 10 （西南交通大学信号与信息处理四川省重点实验室，成都 610031） 摘要：与其它身份认证方式相比,掌纹生物特征识别认证被认为是一种有效的身份认证技术。 不过，直接利用掌纹生物识别技术进行远程用户身份认证面临用户掌纹生物特征被盗的重放 攻击和其它远程伪造攻击。为此，本文设计一种基于智能卡和可撤除 2DPalmPhasor 码的远 程用户双向身份认证方案来增强其安全性。该方案使用智能卡存储 2DPalmPhasor 码，允许 用户自由修改口令，具有很好的可撤销性；同时采用双钥绑定框架解决了哈希函数对生物特 征类内差异的敏感性问题，并利用随机数机制有效地抵御重放攻击以及中间人攻击。分析表 明该方案实现了安全、高效、可靠、实用的远程双向身份认证。 关键词：信息安全；可撤除掌纹；远程身份认证；哈希函数；智能卡 中图分类号：TP393.0 15 Remote User Authentication Scheme Based on Cancelable Palmprint using Smart Cards Zhang Jiashu, Bai Ping, Zhang Ying (Sichuan Key Lab of Signal and Information Processing,Southwest Jiaotong University, 20 25 30 35 40 ChengDu 610031) Abstract: Palmprint-based authentication systems is widely accepted as a reliable form of authentication compared to other traditional schenmes. However, the open nature of remote authentication makes palmprint systems vulnerable to replay attack and other remote fraudulent attacks. Therefore, the usage of palmprint systems for remote authentication is still very limited. This paper proposes a new remote mutual authentication scheme based on cancelable palmprint using smart cards over an open network. In the proposed scheme, the cancelable 2DPalmPhasor codes are stored in the smart cards and users are allowed to modify their passwords freely, so the scheme has excellent cancelability. Moreover, dual-key-binding framework is adopted to solve the sensitive fundamental property of the one-way hash function and random number mechanism is used to resist replay attack and man-in-man attack. The analysis shows that the scheme provides secure, efficient, reliable and practical remote mutual authentication. Keywords: Information security; cancelable palmprint; remote authentication; hash encryption; smart-card 0 引言 远程用户身份认证方案是一种利用服务器验证用户身份是否真实的一种机制.基于口令 的智能卡认证方式[1]曾广泛地应用于远程身份认证中。然而，这种方法对字典攻击和重放攻 击的抵抗能力较低。生物特征具有唯一性、普遍性等特点，被广泛应用于身份认证中，为远 程身份认证技术的性能完善和安全性的提高带来了新的发展契机。 2002 年，Lee[2] 等首先提出了一种将指纹和智能卡相结合的远程身份认证方案。Hsieh[3] 分析指出