国家自然科学基金(61872060, 62002500); 四川省重点研发项目(2021YFG0158)
图形口令既可以减轻用户记忆传统文本口令的负担, 又可以简化用户输入口令的步骤, 近年来, 广泛应用于移动设备的用户认证. 现有的图形口令认证方案面临严峻的安全问题. 首先, 图形口令容易遭受肩窥攻击: 用户的登录过程被攻击者通过眼睛或者摄像头等方式偷窥导致图形口令泄露. 更为严重的是, 这类认证方案不能抵抗凭证泄露攻击: 服务器存储与用户图形口令有关的认证凭证并利用其验证用户身份, 攻击者如果得到服务器保存的凭证就可以通过离线口令猜测攻击恢复用户图形口令. 为了解决上述问题, 提出了一个安全的图形口令认证方案(GADL). GADL方案通过将随机的挑战值嵌入到用户的图形口令来抵御肩窥攻击, 因此攻击者即使捕获了用户的登录信息也无法得到用户图形口令. 为了解决服务器凭证数据库泄露问题, GADL方案采用了一种确定性的门限盲签名技术来保护用户图形口令. 该技术利用多个密钥服务器来协助用户生成凭证, 使得攻击者即使获得凭证也无法实施离线猜测攻击来获得用户口令. 给出的安全性分析证明了GADL方案可以抵抗上述攻击. 此外, 给出了全面的性能分析表明GADL方案在计算、存储和通信开销这3个方面性能较高, 且在移动设备上易于部署.
The graphical password mitigates the burden of memorizing traditional textual passwords and simplifies the process of entering passwords, which has been widely applied to user authentication of mobile devices in recent years. Existing graphical password authentication schemes face critical threats. First, graphical passwords are vulnerable to shoulder-surfing attacks, namely that users’ graphical passwords may be leaked if attackers capture their login information through eyes or cameras. More seriously, these schemes are subject to credential leakage attacks. In other words, as the server stores authentication credentials related to the graphical passwords of users to verify their identities, if attackers obtain these credentials, they can perform offline password guessing attacks to retrieve users’ graphical passwords. To solve the above problems, this study proposes a secure graphical password authentication scheme, dubbed GADL. GADL embeds random challenge values into the graphical passwords of users to resist shoulder-surfing attacks, and thus attackers cannot obtain users’ passwords even if they capture their login information. To address credential database leakage of the server, GADL utilizes a deterministic threshold blind signature technique to protect users’ graphical passwords. In this technique, multiple key servers are utilized to assist users in the credential generation, which ensures that attackers cannot perform offline guessing attacks to obtain any knowledge of users’ passwords even if they obtain users’ credentials. The security analysis given in this study proves that GADL is resistant to the aforementioned attacks. In addition, the comprehensive performance evaluation of GADL demonstrates its high performance in terms of computation, storage, and communication overhead and proves that it can be easily deployed on mobile devices.