摘 要:通过采用一种基于密码的匿名验证系统,探讨了在匿名验证系统中针对第三方攻击者的用户匿名性的有效性。首先,在验证系统方案中展示了第三方攻击者可以指定哪个用户实际向服务器发送了访问请求,第三方攻击者可以根据此次攻击来链接到同一用户稍后发送的不同登录请求。其次,给出了一种有效的对抗这种攻击的方法,该方法因不需要存储用户的密码保护凭证,能更有效地保证用户访问的匿名性。
关键词:用户匿名;密码;用户验证;密码凭证
DOI:10.19850/j.cnki.2096-4706.2022.02.027
中图分类号:TP309.7 文献标识码:A 文章编号:2096-4706(2022)02-0107-04
A Scheme of Keeping User Anonymity in Password Authentication System
CHEN Jinmu
(Xiamen Ocean Vocational College, Xiamen 361102, China)
Abstract: By adopting an anonymous authentication system based on password, this paper discusses the effectiveness of user anonymity against third-party attackers in the anonymous authentication system. Firstly, the authentication system scheme shows that the third-party attacker can specify which user actually sent an access request to the server. The third-party attacker can link to different login requests sent by the same user later according to this attack. Secondly, an effective method against this attack is given. This method can more effectively ensure the anonymity of user access because it does not need to store the user’s password protection credentials.
Keywords: user anonymity; password; user authentication; password credential
参考文献:
[1] 罗远哲,刘瑞景,孟小钰,等 . 一种匿名认证方法及系统:CN112364331A [P].2021-02-12.
[2] 阮鸥,王子豪,张明武 . 一种高效的匿名口令认证密钥交换协议 [J]. 中南民族大学学报(自然科学版),2018,37(2):109-113+127.
[3] 胡如会,张起荣,贺道德 . 基于双线性映射直接匿名认证方案的改进 [J]. 科学技术与工程,2018,18(3):4.
[4] 王震,范佳,成林,等 . 可监管匿名认证方案 [J]. 软件学报,2019,030(006):1705-1720.
[5] 曹守启,何鑫,刘婉荣 . 一种改进的远程用户身份认证方案 [J]. 计算机工程与科学,2021,43(11):7.
[6] LUO S,HU J,CHEN Z. An Identity-Based One-Time Password Scheme with Anonymous Authentication [C]//2009 International Conference on Networks Security,Wireless Communications and Trusted Computing.Wuhan:IEEE,2009:864-867.
[7] CAMENISCH J,LYSYANSKAYA A. A Signature Scheme with Efficient Protocols [C]//SCN 2002:Security in Communication
Networks.Springer,2002:268–289. [8] YANG Y J,ZHOU J Y,WONG J W,et al. Towards practical anonymous password authentication [C]//ACSAC ‘10:Proceedings of the 26th Annual Computer Security Applications Conference.New York:Association for Computing Machinery,2010:59-68.
[9] PAILLIER P.Public-Key Cryptosystems Based on Composite Degree Residuosity Classes [C]//EUROCRYPT’99.Springer-Verlag,1999:223-238.
[10] AU M H,SUSILO W,MU Y. Constant-size dynamic k –TAA [C]// International Conference on Security and Cryptography for Networks.Springer,2006:111-125.
作者简介:陈金木(1985—),男,汉族,福建厦门人,信息系统项目管理师,实验师,本科,主要研究方向:计算机科学、软件技术、信息安全。