摘要
针对Linux操作系统在传统身份认证过程中安全性不足的问题,基于PAM框架提出一个综合运用USB Key认证技术和硬件信息认证技术的身份认证系统。该系统把数字证书存放在USB Key中,并由USB Key产生一个随机数,通过验证PIN码保护证书读取安全,使用多个认证因子对用户进行身份认证,保证用户和被访问系统的安全。分析结果表明,系统不仅继承了PAM框架的可扩展性,而且具备抵抗重放攻击和中间人攻击的能力。
To solve the security problem in the traditional identity authentication process of Linux operating system,this paper proposes an identity authentication system based on the framework of PAM,which combines the USB Key certification and hardware information certification. It stores digital certification in the USB Key which would generate a random number,protects the certificate security in reading by verifying the PIN,and uses multiple authentication factors to ensure the security of user and the system. Analysis shows that the proposed system not only has the extensibility of the PAM framework but also has the ability to resist reply attack and man-in-the-middle attack.
出处
《信息工程大学学报》
2016年第1期65-70,共6页
Journal of Information Engineering University
基金
国家863计划资助项目(2009AA012200)
