The Research On Key Technologies And Application Of Identity Authentication System

Identity authentication has always been a hot research topic for scholars at home and abroad,as it is a key technology to ensure legal users’ secure access to system resources.In recent years,with the rapid development of Internet technologies and information technologies,various new technologies including cloud computing and the Internet of Things have continuously emerged.These new technologies bring great convenience to people’s lives,and at the same time introduce new technical challenges to identity authentication.In particular,there are two main issues that need to be solved in the current identity authentication system,including how to improve the security and efficiency of password protection algorithms in the authentication schemes and how to design an identity authentication scheme oriented to practical application scenarios.This thesis researches on the above issues and the main research results include:(1)We propose an efficient public-key encryption algorithm for the password-based authentication protocol to solve the security problems faced by passwords and messages in the authentication protocol.The main cryptographic technology of this protocol is a special extractable hash proof system,called chameleon All-But-One Extractable Hash Proof System(shorted as Chameleon ABO-EHP).Further,a kind of efficient public-key encryption algorithm with chosen-ciphertext security using the chameleon ABO-EHP system is demonstrated.Simulation experiments and performance comparison analysis show that when transmitting sensitive short messages such as passwords,the time complexity of this algorithm is significantly better than that of others,providing an important theoretical basis and technical support for the data communication security of identity authentication protocols.(2)We put forth an anonymous certificateless aggregate signature scheme,solving the issues of identity authentication and privacy leaking in smart medical.It overcomes the key escrow problem,protects identity privacy,and authenticates the identity of the data owner.In particular,this scheme can perform batch authentication on the identity of different smart medical data owners.Based on the CDH(Computational Diffie-Hellman)assumption,the scheme is proven secure under the random oracle model,and can resist Type I and Type II adversaries faced by certificateless cryptosystems,achieving unforgeability against adaptively chosen message attacks.Besides,by combining the anonymous certificateless aggregated signature scheme with anonymous attribute-based encryption technology,a privacy-protected identity authentication scheme SSH(Secure Smart Health)in the smart medical system is proposed,which enables batch identity authentication,fine-grained access control and privacy protection.Simulation experiments and performance comparison analysis show that the SSH scheme is superior to existing technologies in terms of computational and communication overheads,and hence is more suitable for smart medical applications.(3)We present an anonymous authentication scheme based on accountable ring signature technology,aiming to solve the problem of accountability of anonymous authentication in big data transactions.This scheme can protect the privacy of the signer while authenticating the data,and effectively implement accountability and supervision of signers with privacy abuse behaviors.The unforgeability of the scheme is reduced to the CDH assumption,and the anonymity depends on the SGD(Subgroup Decision)assumption.In addition,the proposed accountable ring signature scheme is combined with the blockchain to address the data transaction issues of users in the big data market.A blockchain-based accountable anonymous authentication protocol is proposed to realize the privacy protection of seller users and the fairness of data transactions.The implementation result shows the high efficiency of the proposed ring signature algorithm and the actual deployment based on smart contracts demonstrates the validity and practicability of the protocol.(4)We describe a construction and an application of identity authentication protocols in the actual scenarios of USB mass storage devices,aiming to solve the problem that user permissions in USB mass storage devices have not yet achieved attribute-based permission control.In order to protect user data security in USB mass storage devices,the attribute-based permission control technology is used to achieve secure authentication of users of USB mass storage devices and fine-grained control of private data in USB mass storage devices.Security analysis shows that the scheme is able to defend multiple attacks such as the denial-of-service attack,the offline password guessing attack,and the user masquerading attack,the replay attack,and internal attack etc.The performance analysis shows that the scheme has better efficiencies in terms of user registration and file decryption.