引用本文
  • 钱文飞,王平建,贾世杰,张琼露,陈天宇,牛莹姣.一种适用于高并发场景的基于SM2协作签名算法身份鉴别方案[J].信息安全学报,已采用    [点击复制]
  • Qian Wenfei,Wang Pingjian,Jia Shijie,Zhang Qionglu,Chen Tianyu,Niu Yingjiao.An identity authentication scheme for high concurrency scenarios based on SM2 collaborative signature algorithm[J].Journal of Cyber Security,Accept   [点击复制]
【打印本页】 【下载PDF全文】 查看/发表评论下载PDF阅读器关闭

过刊浏览    高级检索

本文已被:浏览 2751次   下载 313  
一种适用于高并发场景的基于SM2协作签名算法身份鉴别方案
钱文飞, 王平建, 贾世杰, 张琼露, 陈天宇, 牛莹姣
0
(State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences)
摘要:
随着移动互联网和智能终端的快速发展,基于移动智能终端完成的业务量成爆发式增长,保证高并发场景下用户身份真实性的重要性日益凸显。用户身份真实性是保证移动业务安全运行的首要条件,业界通常采用静态口令方案来鉴别用户的真实性。但是,静态口令方案中的用户口令或其杂凑值会被传输并存储至服务端,面临严重的中间人、拖库、撞库等攻击的风险。为解决上述问题,本文提出了一种基于SM2算法的协作签名算法(SM2-CSA),并基于此算法提出了一种适用于高并发场景下的身份鉴别方案(HC-IAS),能够满足移动业务高并发的需求,解决静态口令方案存在的服务端存储口令或其杂凑值引入的安全问题,从而可有效抵抗网络钓鱼和中间人组合攻击等威胁。最后,本文基于所提方案设计并实现了SM2协作签名登录原型系统,并对其进行安全和性能测试,测试结果表明相比已有方案,本方案具有较好的安全性和易用性。
关键词:  口令  钓鱼攻击  中间人攻击  SM2算法  身份鉴别
DOI:10.19363/J.cnki.cn10-1380/tn.2023.08.43
投稿时间:2021-09-07修订日期:2021-11-11
基金项目:
An identity authentication scheme for high concurrency scenarios based on SM2 collaborative signature algorithm
Qian Wenfei, Wang Pingjian, Jia Shijie, Zhang Qionglu, Chen Tianyu, Niu Yingjiao
(State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences)
Abstract:
With the rapid development of mobile Internet and smart terminals, the volume of mobile business is exploding, and the importance of ensuring the authenticity of user identities in high concurrency scenarios is becoming increasing-ly important. The authenticity of user identity is the primary condition to ensure the secure operation of mobile business, and the industry usually adopts static password schemes to identify the authenticity of users. However, the passwords or their hash values in static password schemes are transmitted and stored on the server side, which ex-poses them to serious risks of Man-In-the-Middle, Drag Attack and Credential Stuffing Attack. To solve the above problems, we propose an SM2 Collaborative Signature Algorithm (SM2-CSA) based on which an identity authenti-cation scheme (HC-IAS) for high concurrency scenarios is proposed, which can meet the needs of high concurrency in mobile services and solve the security problems introduced by storing the password or its hash value on the serv-er side of the static password scheme, so that it can effectively resist threats such as phishing, phishing and man-in-the-middle combination attacks. Finally, this paper designs and implements a prototype SM2 collaborative signature login system based on the proposed scheme, and conducts security and performance tests on it. The test results show that this scheme has better security and ease of use than the existing schemes.
Key words:  password  phishing attack  man-in-the-middle attack  SM2 algorithm  authentication