| Identity authentication is a key mechanism to ensure the seurity of Cyberspace.Since the security of identity authentication approaches using only single factor is weak as they are prone to attacks,multiple factors including user's biometric features are preferred in recent identity authentication schemes.In this thesis,considering the issues of multi-factor identity authentication approaches in different application environments,using zero-knowledge proving techniques,we study the multi-factor remote authentication methods in order to improve the security and effectiveness of these approaches.While current schemes authenticate user's factors locally,we propose to authenticate user's multiple factors directly at remote servers.Several multi-factor identity authentication schemes are designed for single server scenarios,mobile cloud computing and internet-of-things environments,respectively.The main contributions of the article are as follows:For single server environment,a new secure remote multi-factor authentication scheme based on chaotic maps is proposed in this paper.It uses three factors includ-ing user identity(or user's credentials),user's password and biometric features.All factors are authenticated by remote servers as a part of secure keys and participate in the key agreement process.We proposed the concept of chaotic zero-knowledge proof firstly.It uses the Chebyshev chaotic map as the underlying cryptography mechanism,and realizes remote multi-factor authentication and key agreement com-bining the fuzzy extractor technique,which bring it the merits of small key size and low computing overhead.The scheme does not reveal any user sensitive information and can prevent adversaries from impersonating any users.The security of the pro-posed scheme is analyzed and proved using the Random-or-Real(RoR)model and Burrows-Abadi-Needham(BAN)logic.It is shown that the proposed scheme has more security attributes than other several approaches.It can resist more attacks and has less computing time and communication overhead.For mobile cloud computing environment,a new multi-factor authentication scheme is proposed.Based on zero-knowledge proof and fuzzy extractor techniques,it firstly achieves the goals simultaneously including remote muti-factor authentica-tion(remote servers can authenticate mulitiple factors),single registration(a single credential and single registration for accessing multiple servers)and centerless on-line authentication(registration center or trusted third party does not participate in the online authentication procedure).A new concept called zero-knowledge token(ZK-token)is proposed in the paper,and is implemented based on elliptic curve cryptography(ECC)and cryptographic hash functions.Comparing to other exist-ing solutions,the proposed scheme has better usability,scalability and security.The security of the scheme is analyzed using RoR model and BAN logic,and discussed for other known attacks.The scheme is implemented and tested,and the testing results have shown that the scheme has lower computation and communication cost.For scenarios of Internet of things(IoTs),it is shown that existing approaches suffer from strong privileged insider attacks and secret leakage impersonation at-tacks,and cannot provide secure and portable revocation methods.To tackle these problems,a robust multi-factor authentication scheme is proposed in this paper.It is based on zero-knowledge proof and combined with ECC and fuzzy extractor techniques,and satisfies the requirement of less interaction in scenarios of IoTs.The security of the proposed scheme is analyzed and verified using the RoR model and BAN logic.The comparison results have shown that the proposed scheme has less communication overhead,and security of identity authentication procedure is enhanced with the comparable level of computing time overhead. |
PDF Full Text Request