云计算环境下的匿名多因子认证协议研究

项目名称： 云计算环境下的匿名多因子认证协议研究

项目编号： No.61472016

项目类型： 面上项目

立项/批准年度： 2015

项目学科： 自动化技术、计算机技术

项目作者： 王平

作者单位： 北京大学

项目金额： 82万元

中文摘要： 身份认证是确保云计算系统安全可靠运行的关键技术，匿名性是用户隐私保护的重要属性。云计算环境对认证协议的安全性、效率和用户隐私有着比传统信息系统更高的要求，现有的协议由于认证因子单一、用户隐私信息泄露而难以适应实际的云计算环境。本项目研究基于口令、智能卡和生物特征相结合的多因子认证技术，拟实现1122的研究目标：（1）设计一个适合中国用户口令的安全强度评价方案；（2）构建一套口令+智能卡双因子匿名认证协议的综合评价指标体系；（3）提出两个单因子协议向多因子协议转化的通用框架；（4）设计两个可证明安全的混合云下跨域匿名多因子认证协议。拟重点解决：（1）基于汉英语系用户口令的语义级模式抽取问题；（2）评价指标元素间关联关系问题；（3）认证因子在云服务器端的私密性保护问题；（4）多因子协议的安全性证明问题。课题的开展将为云计算环境下用户身份认证问题的根本解决提供重要的理论依据和技术参考。

中文关键词： 云计算；多因子认证；匿名性；通用框架；安全模型

英文摘要： Identity Authentication is a key technique to provide security and dependability assurance for cloud systems, and anonymity is an important property to protect user privacy. As compared to traditional information systems， cloud environments are of more stringent requirements for authentication protocols in terms of security,efficiency and privacy. However, the currently available authentication protocols are unsuitable for cloud environments due to their singleness of authentication factors and no protection of user privacy. In this project, we will focus on the multi-factor authentication technique which is a combination of passwords,tokens and biometrics, and aim to achieve the following 1122 goals: (1)We design a scheme to evaluate the password strength of chinese users; (2)We develop a suite of comprehensive evaluation indicator system for anonymous password+smart card two-factor authentication protocols; (3)We propose two generic frameworks to construct multi-factor protocols from single-factor ones; (4)We advance two cross-realm anonymous multi-factor authentication protocols for hybrid cloud systems. In the meantime, the following four critical problems will be resloved: (1)How to extract the semantic patterns from passwords chosen by chinese users; (2)What are the relationships among the evaluation indicators;(3)How to protect the secrecy of user authention factors on the cloud server side; (4)How to prove the security of multi-factor protocols in a rigorous manner

英文关键词： Cloud Computing;Multi-Factor Authentication;Anonymity;Generic Framework;Security Model