摘要
针对企业信息管理系统的安全性问题,提出一种基于椭圆曲线加密(ECC)的安全认证方案。首先,利用低计算复杂度的Montgomery型椭圆曲线对密钥进行加密。然后,通过服务器和用户之间的相互认证来保证访问安全。同时通过随机数机制确保每次认证的参数信息动态变化,以此提供匿名性和前向安全性。性能分析表明,该方案能够抵抗重放、用户伪装、服务器欺骗等攻击,具有较高的安全性能,且具有较低的资源开销。
For the issues that the security of enterprise information management system, a secure authentication scheme based on Elliptic Curve Cryptography(ECC) is proposed. Firstly, the key is encrypted by the Montgomery elliptic curve which with low computational complexity. Then, the mutual authentication between the server and the user is used to ensure access to security. At the same time, the random number mechanism is used to ensure the dynamic change of the parameter information in each authentication, so as to provide anonymity and forward security. Performance analysis shows that the proposed scheme can resist the attacks such as replay, user's disguise and server's deception, which has high security and low resource cost.
引文
[1]柳玉辉,刘德辉,赵大哲.一个可扩展企业应用系统安全模型的设计与实现[J].南京大学学报:自然科学版,2010,46(4):448-455.Liu Y H,Liu D H,Zhao D Z.Design of a scalable security model for enterprise application system[J].Journal of nanjing university(natural sciences),2010,46(4):448-455.
[2]黄敏,孙宪丽,王兴伟.协调的分布式决策虚拟企业风险管理模型[J].控制工程,2012,19(5):855-859.Huang M,Sun X L,Wang X W.Coordinative DDM Risk Management Model for Virtual Enterprises[J].Control Engineering of China,2012,19(5):855-859.
[3]张文芳,王小敏,郭伟,等.基于椭圆曲线密码体制的高效虚拟企业跨域认证方案[J].电子学报,2014,42(6):1095-1102.Zhang W F,Wang X M,Guo W,et al.An Efficient Inter-Enterprise Authentication Scheme for VE Based on the Elliptic Curve Cryptosystem[J].Acta Electronica Sinica,2014,42(6):1095-1102.
[4]Godor G,Imre S.Elliptic curve cryptography based authentication protocol for low-cost RFID tags[C]//RFID-Technologies and Applications(RFID-TA),2011 IEEE International Conference on IEEE,2011:386-393.
[5]Arshad R,Ikram N.Elliptic curve cryptography based mutual authentication scheme for session initiation protocol[J].Multimedia Tools&Applications,2011,66(2):1-14.
[6]Islam S H,Biswas G P.Design of improved password authentication and update scheme based on elliptic curve cryptography[J].Mathematical&Computer Modelling,2013,57(11):2703-2717.
[7]林幼平,张保灿,谢加良.一种基于移动云计算环境的高安全访问决策机制算法[J].湘潭大学自然科学学报,2017,39(4):77-80.Lin Y P,Zhang B C,Xie JL.A High Performance Access Decision Mechanism Based on Mobile Cloud Computing Environment[J].Natural Science Journal of Xiangtan University,2017,39(4):77-80.
[8]Xiao Y,Zhao Y.Study and Design of Enterprise Public Security Platform Based on PKI[C]//2014 13th International Symposium on Distributed Computing and Applications to Business,Engineering and Science(DCABES).IEEE Computer Society,2014:258-262.
[9]Alkhatib M,Jaafar,Azmi,Md Said M R,et al.Parallelizing GF(p)Montgomery Elliptic Curve Crypto-System Operations to Improve Security and Performance[J].Advanced Materials Research,2012,36(7):1906-1911.
[10]Farash M S.Cryptanalysis and improvement of an efficient mutual authentication RFID scheme based on elliptic curve cryptography[J].Journal of Supercomputing,2014,70(2):987-1001.
[11]庞世春,刘淑芬,从福仲,等.一种Montgomery型椭圆曲线的高效标量乘算法[J].电子学报,2011,39(4):865-868.Pang S C,Liu S F,Cong F Z,et al.An Efficient Scalar Multiplication Algorithm on Montgomery-Form Elliptic Curve[J].Acta Electronica Sinica,2011,39(4):865-868.
[12]王潮,时向勇,牛志华.基于Montgomery曲线改进ECDSA算法的研究[J].通信学报,2010,31(1):9-13.Wang C,Shi X Y,Niu Z H.The research of the promotion for ECDSA algorithm based on Montgomery-form ECC[J].Journal on communications,2010,31(1):9-13.