基于社交网络的安全性身份认证的研究

项目名称： 基于社交网络的安全性身份认证的研究

项目编号： No.61502262

项目类型： 青年科学基金项目

立项/批准年度： 2016

项目学科： 自动化技术、计算机技术

项目作者： 周炜

作者单位： 青岛理工大学

项目金额： 19万元

中文摘要： 随着社交网络应用的快速发展，通过社交系统中信托人对社交者进行担保的方式实施的用户身份认证，即社交认证逐步得到广泛应用。本项目研究社交认证的概念及形式化表示，探讨如何构建基于多种社交凭证的社交认证系统。针对当前多数社交认证仅应用单一社交知识的情况，研究实现基于多种类型社交知识的新型社交认证系统。针对信托人选取的问题，项目提出应用信任模型的方法予以解决。在研究针对社交认证系统的安全攻击及应对防御措施的基础上，项目提出一种综合利用包括社交认证在内的四种认证方式，尤其综合利用基于线上线下的社交凭证和社交知识的多层次多因子式的统一社交认证系统。项目提出的统一认证系统可抵御多种认证攻击并且年平均停机时间在3小时以内。统一认证系统的应用每年可减少由于安全问题导致的经济损失百万元以上。

中文关键词： 安全机制；认证；社交网络；安全性分析；安全需求

英文摘要： As the rapid developing of social networks application, authentication implemented through the vouching of trustees in the social network systems, which is called social authentication, is gradually widely used. We focus on the research of conceptualizing and formalizing of social authentication and study how to build social authentication system based on multiple kinds of social credentials in this project. As most current social authentication systems only apply single kind of social knowledge, we study how to implement new social authentication system which applies other multiple kinds of social knowledge. Trust models are applied to solve the problem of the selection of trustees in this project. Based on the research on attacks and countermeasures on the social authentication system, we propose a unified social authentication system which synthesizes four kinds of authentications that including social authentication in this project. The unified social authentication system which especially synthesizing online and offline social credentials and social knowledge can be regarded as a multilayer and multifactor system. The proposed unified social authentication system can defend various attacks on authentication and will be down for less than 3 hours annually. By utilizing the unified social authentication system, economic loss of Million Yuan due to secure problems can be avoided.

英文关键词： secure mechanism;authentication;social networks;secure analysis;secure requirement