基于可信计算的移动终端用户认证方案  被引量:40

Trusted Computing Based User Authentication for Mobile Equipment

在线阅读下载全文

作  者:郑宇[1] 何大可[1] 何明星[2] 

机构地区:[1]西南交通大学信息安全与国家计算网格实验室,成都610031 [2]西华大学数学与计算机学院,成都610039

出  处:《计算机学报》2006年第8期1255-1264,共10页Chinese Journal of Computers

基  金:国家自然科学基金(60473030);现代通信科技重点实验室基金(51436050404QT2202)资助.

摘  要:针对移动终端(ME)的特性,提出了结合USIM(UniversalSubscriberIdentityModule)和TPM(可信平台模块)的可信移动平台(TMP),并以智能手机主流处理器为基础,讨论了TMP的设计案例以及TPM在ME中的三种构建方法.在提出的TMP框架内,利用RSA-KEM(密钥封装)机制和Hash函数,设计了口令、指纹和USIM相结合的用户域认证方案,实现了用户和ME、用户和USIM间的相互认证,强化了用户域的安全,并可满足TMP标准草案中安全等级3对用户认证的要求.该方案在不要求使用者与ME预先协商信任关系的前提下,既可区分攻击者和合法用户,又可辨别ME的主人和普通使用者,并能在认证过程中及早发现攻击行为,避免不必要的计算花销.定量及定性分析表明,该方案的离线和在线两种工作模式在三种不同的TPM架构下的安全性、通用性和执行效率均优于TMP标准中引用的方案,且获得了比Lee等众方法更高的安全性和通用性.In this paper, according to the features of mobile equipment (ME) an example of constructing trusted mobile platform (TMP) is presented based on the smart phone's processor, along with which three alternative methods to build trusted platform module (TPM) are discussed as well. In the framework of TMP, through combining password and fingerprint with the USIM card via RSA-KEM (Key Encapsulate Mechanism) and Hash function, a user authentication scheme is proposed to improve the security of the user domain, which achieves the mutual identification among user, ME and USIM even if their public-key certificates are issued by different certificate authorities(CAs). Moreover, the user authentication can not only easily distinguish the valid users from the pretenders but also identify the owner of ME from the genuine operators without any pre-negotiation. The performance analysis and experimental test result show that no matter what kinds of TPM is employed authors' authentication scheme is more secure, efficient and flexible than the corresponding scheme presented in TMP draft standard and achieves advanced security and better flexibility as compared to the schemes proposed by Lee, Lin et al..

关 键 词:可信计算 可信移动平台 移动终端 身份认证 指纹 

分 类 号:TP309[自动化与计算机技术—计算机系统结构]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象