CN111371789A - Authentication device, server, authentication system, and authentication method based on confusion incentive - Google Patents

Authentication device, server, authentication system, and authentication method based on confusion incentive Download PDF

Info

Publication number
CN111371789A
CN111371789A CN202010146250.1A CN202010146250A CN111371789A CN 111371789 A CN111371789 A CN 111371789A CN 202010146250 A CN202010146250 A CN 202010146250A CN 111371789 A CN111371789 A CN 111371789A
Authority
CN
China
Prior art keywords
authentication
incentive
confusion
value
values
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010146250.1A
Other languages
Chinese (zh)
Other versions
CN111371789B (en
Inventor
张吉良
粟海翰
张伟哲
丁勇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Peng Cheng Laboratory
Original Assignee
Peng Cheng Laboratory
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Peng Cheng Laboratory filed Critical Peng Cheng Laboratory
Priority to CN202010146250.1A priority Critical patent/CN111371789B/en
Publication of CN111371789A publication Critical patent/CN111371789A/en
Application granted granted Critical
Publication of CN111371789B publication Critical patent/CN111371789B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention discloses an authentication method based on confusion incentive, which comprises the following steps: the authentication method comprises the steps that when receiving an excitation sent by a server, authentication equipment obtains an authentication key, wherein the authentication key comprises a first key part and a second key part; generating a obfuscated incentive from the first key portion, the second key portion and the incentive; and generating a response according to the confusion stimulus, and sending the response to the server so that the server can authenticate the authentication equipment according to the stimulus and the response. The invention also discloses an authentication device, a server and a computer readable storage medium. The incentive authentication method provided by the invention has high safety.

Description

Authentication device, server, authentication system, and authentication method based on confusion incentive
Technical Field
The invention relates to the technical field of information security, in particular to authentication equipment, a server, an authentication system and an authentication method based on confusion incentive.
Background
With The rapid development of The Internet of Things (IoT), strengthening The information security of IoT is not very slow. IoT connects all items with the internet through sensing technology, radio frequency identification technology, communication technology, computer networks, and database technology. Therefore, the information interaction between people, people and objects and between objects without limitation of areas can be realized, and meanwhile, people can extract object information, control objects and monitor the objects in a remote and real-time manner more conveniently and quickly. However, the internet of things devices are usually networked by default, and they also employ open-source hardware and software, and an attacker can use these open-source information to make malicious attacks on the IoT, so the internet of things devices are in urgent need to deploy security defense mechanisms.
In the field of information security, a key and authentication are two major core technologies, a key system is a security foundation and is one of means for realizing perception of information privacy protection, and authentication is the most direct frontmost defense line of information security. The traditional key generation and authentication technology mostly takes a classical cryptography method as a core, and needs security key storage and a high-complexity cryptography algorithm, which inevitably occupies a large amount of storage and calculation resources. However, most of the devices of the internet of things have limited energy consumption, weak computing power and small storage resources, and the traditional cryptology defense mechanisms are difficult to deploy, so that the devices of the internet of things are not usually deployed with a high-security defense mechanism. The compromise of the security of the low-power module of the internet of things can cause serious threat to the whole internet of things system. Therefore, a new lightweight key generation and equipment authentication mechanism is developed, a safe and credible internet of things is established, and an attacker is prevented from maliciously attacking the internet of things by using weak links of the internet of things and becomes a hotspot of current security research of the internet of things.
The proposal of Physical Unclonable Functions (PUFs) provides an alternative scheme for the security of the Internet of things, and the key of the PUFs is generated by process and material deviations in the chip manufacturing process, so that the key is powered off and disappears, and the PUFs do not need to be stored, thereby having the advantages of low cost, unclonable property and the like. Even if the same design is used, it is difficult to predict and clone it because the same stimulus is input and the process variation in the chip manufacturing process will make it respond differently. Therefore, the PUF has a wide application prospect in the field of hardware security, such as device authentication, key generation, and the like. The strong PUF is a PUF with a huge number of challenge-response pairs (CRPs), and can generate an exponential number of CRPs according to requirements, and the characteristic makes the strong PUF well support a lightweight identity authentication mechanism based on the CRPs in networking security. However, an attacker can perform machine learning-based modeling attacks on a PUF by collecting a certain number of CRPs exchanged over a communication channel, seriously threatening the security of the PUF. That is, in the prior art, the security of the incentive authentication mode is low.
Disclosure of Invention
The invention mainly aims to provide an authentication device, a server, an authentication system and an authentication method based on confusion incentive, and aims to solve the problem of low security of an incentive authentication mode.
In order to achieve the above object, the present invention provides an authentication method based on a confusion incentive, which includes the following steps:
the authentication method comprises the steps that when receiving an excitation sent by a server, authentication equipment obtains an authentication key, wherein the authentication key comprises a first key part and a second key part;
generating a obfuscated incentive from the first key portion, the second key portion and the incentive;
and generating a response according to the confusion stimulus, and sending the response to the server so that the server can authenticate the authentication equipment according to the stimulus and the response.
In an embodiment, the step of generating a obfuscated stimulus from the first key portion, the second key portion and the stimulus comprises:
generating intermediate values corresponding to the second values according to the first values forming the second key part and the second values forming the excitation;
generating the obfuscated stimulus in dependence on respective third values constituting the first key portion and respective intermediate values.
In an embodiment, the step of generating intermediate values corresponding to respective first values constituting the second key part and respective second values constituting the stimulus on the basis of the respective first values constituting the second key part and the respective intermediate values, and the step of generating the obfuscated stimulus on the basis of respective third values constituting the first key part and the respective intermediate values, comprises:
determining a first target value corresponding to each second value constituting the stimulus among the respective first values of the second key part, wherein the first target values include one or more;
determining second target values in each second value in the excitation according to the first target values, and performing exclusive-or operation on each second value and the second target value corresponding to the second value to obtain the intermediate value corresponding to each second value;
determining a third target value corresponding to the second value among respective third values constituting the first key part;
performing exclusive-or operation on the intermediate value corresponding to each second numerical value and a third target numerical value corresponding to the second numerical value to obtain a confusion incentive numerical value;
and combining the confusion incentive values according to the position serial numbers of the second values in the incentive array to obtain the confusion incentive.
In one embodiment, the step of determining a second target value among the respective second values in the stimulus based on the first target value comprises:
determining a position number of the second numerical value in the excited array;
and determining a value to be determined which is positioned before the position serial number in each second value in the excitation to be determined as the second target value, wherein the value to be determined is a preset value.
In an embodiment, the authentication device is provided with a stimulus cache structure, where the stimulus cache structure is configured to store each intermediate value, and when receiving an output instruction, the stimulus cache structure outputs an intermediate value corresponding to the output instruction, so that the authentication device generates the confusion stimulus according to the intermediate value and the third value of the first key portion.
In order to achieve the above object, the present invention further provides an authentication method based on a confusion incentive, which includes the following steps:
after receiving a response sent by authentication equipment, a server acquires an authentication key and a stimulus sent to the authentication equipment, wherein the authentication key comprises a first key part and a second key part;
generating an authentication obfuscation incentive from the first key portion, the second key portion and the incentive;
determining an authentication response according to the authentication confusion stimulus, and determining a hamming distance between the response and the authentication response;
and when the Hamming distance is smaller than or equal to a preset threshold value, judging that the authentication of the authentication equipment passes.
In an embodiment, the step of generating an authentication obfuscation incentive from the first key portion, the second key portion and the incentive comprises:
generating intermediate values corresponding to the second values according to the first values forming the second key part and the second values forming the excitation;
generating the authentication confusion stimulus in dependence on the respective third values and the respective intermediate values constituting the first key portion.
In one embodiment, the generating of the intermediate value corresponding to each of the second numerical values is based on each of the first numerical values constituting the second key portion and each of the second numerical values constituting the stimulus; the step of generating the authentication confusion stimulus in dependence on the respective third values and the respective intermediate values constituting the first key portion comprises:
determining a first target value corresponding to each second value constituting the stimulus among the respective first values of the second key part, wherein the first target values include one or more;
determining second target values in each second value in the excitation according to the first target values, and performing exclusive-or operation on each second value and the second target value corresponding to the second value to obtain the intermediate value corresponding to each second value;
determining a third target value corresponding to the second value among respective third values constituting the first key part;
performing exclusive-or operation on the intermediate value corresponding to each second numerical value and a third target numerical value corresponding to the second numerical value to obtain a confusion incentive numerical value;
and combining the confusion incentive values according to the position serial numbers of the second values in the incentive array to obtain the authentication confusion incentive.
In one embodiment, the step of determining a second target value among the respective second values in the stimulus based on the first target value comprises:
determining a position number of the second numerical value in the excited array;
and determining a value to be determined which is positioned before the position serial number in each second value in the excitation to be determined as the second target value, wherein the value to be determined is a preset value.
In an embodiment, the server is provided with an incentive cache structure, the incentive cache structure is configured to store each of the intermediate values, and when receiving an output instruction, the incentive cache structure outputs the intermediate value corresponding to the output instruction, so that the server generates the authentication confusion incentive according to the intermediate value and the third numerical value of the first key portion.
In one embodiment, the server includes a learning model trained from authentication obfuscated stimuli and responses, the step of determining an authentication response from the authentication obfuscated stimuli includes:
inputting the authentication confusion stimulus into the learning model to obtain the authentication response output by the learning model.
In one embodiment, the step of learning model training comprises:
generating a plurality of stimuli and sending each of the stimuli to the authentication device, wherein the authentication device generates a confusion stimulus corresponding to each of the stimuli and a response corresponding to each of the confusion stimuli;
receiving each response fed back by the authentication device, and generating an authentication confusion stimulus for each stimulus;
and training a preset model according to each authentication confusion stimulus and each response to obtain the learning model.
To achieve the above object, the present invention also provides an authentication device comprising a memory, a processor, and an authentication program stored in the memory and executable on the processor, the authentication program, when executed by the processor, implementing the steps of the confusion incentive based authentication method as described above.
To achieve the above object, the present invention further provides a server, which includes a memory, a processor, and an authentication program stored in the memory and executable on the processor, wherein the authentication program, when executed by the processor, implements the steps of the confusion incentive based authentication method described above.
In order to achieve the above object, the present invention further provides an authentication system comprising an authentication device and a server, the authentication device being in communication connection with the server, wherein,
the authentication device is used for acquiring an authentication key when receiving a stimulus sent by a server, generating a confusion stimulus according to a first key part and a second key part in the authentication key and the stimulus, generating a response according to the confusion stimulus, and sending the response to the server so that the server authenticates the authentication device according to the stimulus and the response;
the server is used for acquiring an authentication key and a stimulus sent to the authentication equipment after receiving a response sent by the authentication equipment, generating an authentication confusion stimulus according to a first key part and a second key part in the authentication key and the stimulus, determining an authentication response according to the authentication confusion stimulus so as to determine a Hamming distance between the response and the authentication response, and judging that the authentication of the authentication equipment passes when the Hamming distance is smaller than or equal to a preset threshold value.
To achieve the above object, the present invention also provides a computer-readable storage medium storing an authentication program which, when executed by a processor, implements the steps of the confusion incentive-based authentication method as described above.
According to the authentication device, the server, the authentication system and the authentication method based on the confusion excitation, when the authentication device receives the excitation sent by the server, the authentication key is obtained, the confusion excitation is generated according to the first key part and the second key part in the authentication key and the excitation, and then the response is generated according to the confusion excitation, so that the response is sent to the server, and the server authenticates the authentication device based on the response and the excitation. Because an attacker cannot know the two keys of the authentication key, even if the attacker collects the excitation and the response, the mapping relation between the excitation and the response established by the attacker is not effective, namely the attacker cannot collect the effective mapping relation between the excitation and the response to carry out machine learning modeling attack, and the excitation authentication method provided by the invention has higher safety.
Drawings
Fig. 1 is a schematic hardware configuration diagram of an authentication device/server according to an embodiment of the present invention;
FIG. 2 is a flowchart illustrating a first embodiment of a confusion incentive-based authentication method according to the present invention;
FIG. 3 is a flowchart illustrating a second embodiment of the confusion incentive-based authentication method according to the present invention;
fig. 4 is a detailed flowchart of step S210 in a third embodiment of the authentication method based on confusion incentive according to the present invention;
FIG. 5 is a schematic flow chart of the authentication device generating the confusion incentive according to the present invention;
fig. 6 is a schematic structural diagram of an excitation cache structure in the authentication device/server according to the present invention;
FIG. 7 is a flowchart illustrating a method for authentication based on confusion incentive according to a fourth embodiment of the present invention;
fig. 8 is a detailed flowchart of step S600 in the fifth embodiment of the authentication method based on confusion incentive according to the present invention.
The implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
The main solution of the embodiment of the invention is as follows: the authentication method comprises the steps that when receiving an excitation sent by a server, authentication equipment obtains an authentication key, wherein the authentication key comprises a first key part and a second key part; generating a obfuscated incentive from the first key portion, the second key portion and the incentive; and generating a response according to the confusion stimulus, and sending the response to the server so that the server can authenticate the authentication equipment according to the stimulus and the response.
Because an attacker cannot know the two keys of the authentication key, even if the attacker collects the excitation and the response, the mapping relation between the excitation and the response established by the attacker is not effective, namely the attacker cannot collect the effective mapping relation between the excitation and the response to carry out machine learning modeling attack, and the excitation authentication method provided by the invention has higher safety.
As shown in fig. 1, fig. 1 is a schematic diagram of a hardware structure of an authentication device/server according to an embodiment of the present invention.
As shown in fig. 1, the embodiment of the present invention relates to an authentication device and a server, and the authentication device and the server may include: a processor 1001, such as a CPU, a communication bus 1002, and a memory 1003. Wherein a communication bus 1002 is used to enable connective communication between these components. The memory 1003 may be a high-speed RAM memory or a non-volatile memory (e.g., a disk memory). The memory 1003 may alternatively be a storage device separate from the processor 1001.
Those skilled in the art will appreciate that the architecture shown in fig. 1 does not constitute a limitation of the authentication device/server and may include more or fewer components than those shown, or some components may be combined, or a different arrangement of components.
As shown in fig. 1, the memory 1003, which is a kind of computer storage medium, may include therein an operating system and an authentication program.
In the apparatus shown in fig. 1, the processor 1001 may be configured to call an authentication program stored in the memory 1003, and perform the following operations:
the authentication method comprises the steps that when receiving an excitation sent by a server, authentication equipment obtains an authentication key, wherein the authentication key comprises a first key part and a second key part;
generating a obfuscated incentive from the first key portion, the second key portion and the incentive;
and generating a response according to the confusion stimulus, and sending the response to the server so that the server can authenticate the authentication equipment according to the stimulus and the response.
In one embodiment, the processor 1001 may call the authentication program stored in the memory 1003, and further perform the following operations:
generating intermediate values corresponding to the second values according to the first values forming the second key part and the second values forming the excitation;
generating the obfuscated stimulus in dependence on respective third values constituting the first key portion and respective intermediate values.
In one embodiment, the processor 1001 may call the authentication program stored in the memory 1003, and further perform the following operations:
determining a first target value corresponding to each second value constituting the stimulus among the respective first values of the second key part, wherein the first target values include one or more;
determining second target values in each second value in the excitation according to the first target values, and performing exclusive-or operation on each second value and the second target value corresponding to the second value to obtain the intermediate value corresponding to each second value;
determining a third target value corresponding to the second value among respective third values constituting the first key part;
performing exclusive-or operation on the intermediate value corresponding to each second numerical value and a third target numerical value corresponding to the second numerical value to obtain a confusion incentive numerical value;
and combining the confusion incentive values according to the position serial numbers of the second values in the incentive array to obtain the confusion incentive.
In one embodiment, the processor 1001 may call the authentication program stored in the memory 1003, and further perform the following operations:
determining a position number of the second numerical value in the excited array;
and determining a value to be determined which is positioned before the position serial number in each second value in the excitation to be determined as the second target value, wherein the value to be determined is a preset value.
In one embodiment, the processor 1001 may call the authentication program stored in the memory 1003, and further perform the following operations:
and the authentication equipment is provided with an excitation cache structure, the excitation cache structure is used for storing each intermediate value, and when receiving an output instruction, the excitation cache structure outputs the intermediate value corresponding to the output instruction so that the authentication equipment can generate the confusion excitation according to the intermediate value and the third numerical value of the first key part.
In one embodiment, the processor 1001 may call the authentication program stored in the memory 1003, and further perform the following operations:
after receiving a response sent by authentication equipment, a server acquires an authentication key and a stimulus sent to the authentication equipment, wherein the authentication key comprises a first key part and a second key part;
generating an authentication obfuscation incentive from the first key portion, the second key portion and the incentive;
determining an authentication response according to the authentication confusion stimulus, and determining a hamming distance between the response and the authentication response;
and when the Hamming distance is smaller than or equal to a preset threshold value, judging that the authentication of the authentication equipment passes.
In one embodiment, the processor 1001 may call the authentication program stored in the memory 1003, and further perform the following operations:
generating intermediate values corresponding to the second values according to the first values forming the second key part and the second values forming the excitation;
generating the authentication confusion stimulus in dependence on the respective third values and the respective intermediate values constituting the first key portion.
In one embodiment, the processor 1001 may call the authentication program stored in the memory 1003, and further perform the following operations:
determining a first target value corresponding to each second value constituting the stimulus among the respective first values of the second key part, wherein the first target values include one or more;
determining second target values in each second value in the excitation according to the first target values, and performing exclusive-or operation on each second value and the second target value corresponding to the second value to obtain the intermediate value corresponding to each second value;
determining a third target value corresponding to the second value among respective third values constituting the first key part;
performing exclusive-or operation on the intermediate value corresponding to each second numerical value and a third target numerical value corresponding to the second numerical value to obtain a confusion incentive numerical value;
and combining the confusion incentive values according to the position serial numbers of the second values in the incentive array to obtain the authentication confusion incentive.
In one embodiment, the processor 1001 may call the authentication program stored in the memory 1003, and further perform the following operations:
determining a position number of the second numerical value in the excited array;
and determining a value to be determined which is positioned before the position serial number in each second value in the excitation to be determined as the second target value, wherein the value to be determined is a preset value.
In one embodiment, the processor 1001 may call the authentication program stored in the memory 1003, and further perform the following operations:
and the server is provided with an excitation cache structure, the excitation cache structure is used for storing each intermediate value, and when receiving an output instruction, the excitation cache structure outputs the intermediate value corresponding to the output instruction so as to enable the server to generate the authentication confusion excitation according to the intermediate value and the third numerical value of the first key part.
In one embodiment, the processor 1001 may call the authentication program stored in the memory 1003, and further perform the following operations:
inputting the authentication confusion stimulus into the learning model to obtain the authentication response output by the learning model.
In one embodiment, the processor 1001 may call the authentication program stored in the memory 1003, and further perform the following operations:
generating a plurality of stimuli and sending each of the stimuli to the authentication device, wherein the authentication device generates a confusion stimulus corresponding to each of the stimuli and a response corresponding to each of the confusion stimuli;
receiving each response fed back by the authentication device, and generating an authentication confusion stimulus for each stimulus;
and training a preset model according to each authentication confusion stimulus and each response to obtain the learning model.
Based on the hardware construction, various embodiments of the authentication method based on confusion incentive are provided.
Referring to fig. 2, a first embodiment of the present invention provides a power allocation method, including the steps of:
step S100, when receiving an excitation sent by a server, an authentication device acquires an authentication key, wherein the authentication key comprises a first key part and a second key part;
in the present embodiment, the execution subject is an authentication device. When the authentication device accesses the server, the server needs to verify the authentication device, and the server randomly generates the excitation C ═ C1,c2,…,cnAnd sends the stimulus C to the authentication device. The authentication device shares an authentication key with the server, and the authentication key K is composed of a first key part K1And a second key part k2And (4) forming. The authentication device acquires the authentication key K and the first key part K after receiving the stimulus C1And a second key part k2. The first key part and the second key part are both composed of a group of values, and the excitation C and the first key part k1And a second key part k2Can be 8 bits, or can be any other arbitrary number of bits, and C in C is excited1-cnFirst key part k1And the second key part k2The specific numerical value in (1) is a binary number, but may be other binary numbers, such as octal, etc.
Step S200, generating confusion incentive according to the first key part, the second key part and the incentive;
after obtaining the first key part, the second key part and the excitation, the authentication device can obtain the first key part and the second key part according to the first key part and the second key partThe key portion and the incentive generate a obfuscated incentive. In particular, the first key portion k may be divided1Excitation for obfuscating the output, second key part k2The method is used for hiding the time sequence information, namely, the value in the excitation is operated according to the value in the second key part to obtain an intermediate value, and the intermediate value and the value in the first key part are operated to obtain the confusion excitation.
Specifically, c can bei、ci-1、ci-2Calculating to obtain giI represents the position number of the numerical value, and giAnd k is1iPerforming an operation to obtain ci', each ci'then, the confusion excitation C' can be obtained by combining according to the position serial numbers.
In this embodiment, the algorithm for operating on the value in the stimulus according to the value in the second key section and the algorithm for operating on the intermediate value and the value in the first key section may be any suitable algorithm, for example, the algorithm may be an exclusive-or algorithm, and may also be a custom algorithm.
Of course, the second key portion k may also be used2Excitation for obfuscating the output, first key part k1And the method is used for hiding the time sequence information and obtaining confusion excitation by operating with the excitation C. The procedure for generating the confusion stimulus is the same as the above-mentioned procedure, and will not be described herein again.
Step S300, generating a response according to the confusion stimulus, and sending the response to the server so that the server can authenticate the authentication equipment according to the stimulus and the response.
The authentication device is provided with a PUF (physical unclonable function), the authentication device inputs confusion stimulus into the PUF to obtain a response output by the PUF, and the authentication device further outputs a response R1And sending to the server, so that the server authenticates the authentication device according to the stimulus and the response. Specifically, when the server sends the stimulus C to the authentication device, the server also generates the obfuscated stimulus C' based on the stimulus C and the authentication key, since the authentication key stored in the server is identical to the authentication key stored in the authentication device, and the algorithm for performing the stimulus obfuscation stored in the server is identical to the algorithm for performing the stimulus obfuscation stored in the authentication deviceSince the algorithms are identical and the flow of performing the excitation confusion is identical, the confusion stimulus C ' generated by the server is identical to the confusion stimulus C ' generated by the authentication device, and the confusion stimulus C ' generated by the server is defined as the authentication confusion stimulus C ″ for distinction. The server learns the confusing stimulus C' and response R generated by the authentication device1Thereby forming an authentication obfuscated stimulus C' and a response R2The server obtains a response R according to the mapping relation and the authentication confusion stimulus C2Then calculate R1And R2The hamming distance between two character strings with equal length is the number of different characters at the corresponding positions of the two character strings. For example, the Hamming distance between 1011101 and 1001001 is 2; the hamming distance between 2143896 and 2233796 is 3; the hamming distance between "toned" and "roses" is 3. And when the Hamming distance is less than or equal to the preset threshold, the authentication equipment can be judged to pass the authentication.
In this embodiment, when the authentication device authenticates with the server, the information transmitted by the communication channel is the stimulus C and the response R1Due to the response R1The method is based on two-part key generation and excitation of the authentication key, and an attacker cannot obtain the two-part key of the authentication key and cannot know a confusion algorithm between the two-part key and the excitation C, so that the attacker can respond to the excitation C and the response R1The mapping is not established effectively, i.e. the attacker cannot transmit the stimulus C and the response R according to the communication channel between the authentication device and the server1And accessing the server illegally.
In the technical solution provided in this embodiment, when receiving a stimulus sent by a server, an authentication device acquires an authentication key, generates an obfuscated stimulus according to a first key portion and a second key portion of the authentication key and the stimulus, and generates a response according to the obfuscated stimulus, so that the response is sent to the server, and the server authenticates the authentication device based on the response and the stimulus. Because an attacker cannot know the two keys of the authentication key, even if the attacker collects the excitation and the response, the mapping relation between the excitation and the response established by the attacker is not effective, namely the attacker cannot collect the effective mapping relation between the excitation and the response to carry out machine learning modeling attack, and the excitation authentication method provided by the invention has higher safety.
Referring to fig. 3, fig. 3 is a second embodiment of the authentication method based on the confusing incentive according to the present invention, and based on the first embodiment, the step S200 includes:
step S210, generating intermediate values corresponding to the respective second values according to the respective first values constituting the second key portion and the respective second values constituting the stimuli, and generating the confusion stimuli according to the respective third values constituting the first key portion and the respective intermediate values.
In this embodiment, the second key part k will be constituted2Is defined as a first value, each value constituting the stimulus C is defined as a second value, and k constituting the first key part1The value of (d) is defined as the third value.
The authentication device determines a first target value corresponding to the second value among the first values in the second key portion, and the position number of the first target value may have a functional relationship with the position number of the second value, for example, the position numbers of the first target value and the second target value are the same. The authentication device determines a second target value corresponding to the second value in the incentive according to the first target value, that is, the second target value may be a second value other than the current second value in the incentive, and the determination manner of the second target value may be determined according to the first value of the second key portion. The authentication equipment obtains an intermediate value by operating the second numerical value and the second target numerical value. The authentication device determines a third target value corresponding to the second value in the first key part, the authentication device performs exclusive-or operation on the intermediate value and the third target value to obtain a confusion incentive value, a plurality of confusion incentive values are obtained, and the authentication device combines all the confusion incentive values according to the position serial number of each second value to obtain confusion incentive.
In addition, the authentication device may directly perform an exclusive or operation on the first target value and the second value to obtain an intermediate value corresponding to the second value, where the number of the second target values may be multiple. And then, operating the intermediate value and the third numerical value to obtain a confusion incentive value, so that the authentication equipment can obtain the confusion incentive value corresponding to each second numerical value. And the authentication equipment combines the confusion incentive values according to the position serial number of each second value so as to obtain the confusion incentive.
In this embodiment, the authentication device generates an intermediate value corresponding to each second value according to each first value constituting the second key portion and each second value constituting the stimulus, and generates the confusion stimulus according to each third value and each intermediate value of the first key portion, thereby sending a response generated according to the confusion stimulus to the server, so as to prevent an attacker from learning an effective mapping relationship between the stimulus and the response, and improve the security of the stimulus authentication method.
Referring to fig. 4, fig. 4 is a third embodiment of the authentication method based on the confusing incentive according to the present invention, and based on the second embodiment, the step S210 includes:
step S211, determining, in the respective first values of the second key portion, a first target value corresponding to each second value constituting the incentive, where the first target values include one or more values;
step S212, determining a second target value from the second values in the excitation according to the first target value, and performing an exclusive or operation on each second value and the second target value corresponding to the second value to obtain the intermediate value corresponding to each second value;
step S213 of determining a third target value corresponding to the second value among the respective third values constituting the first key part;
step S214, carrying out XOR operation on the intermediate value corresponding to each second numerical value and a third target numerical value corresponding to the second numerical value to obtain a confusion incentive numerical value;
step S215, combining the confusion incentive values according to the position serial numbers of the second values in the incentive array to obtain the confusion incentive.
In this embodiment, the authentication device determines a first target value corresponding to the second value, performs an exclusive or operation on the first target value and the second value to obtain an intermediate value, and performs an exclusive or operation on the intermediate value and the third value to obtain a confusion incentive value.
Specifically, the authentication device disassembles the second value constituting the stimulus C into C1-cnSplitting the first value constituting the second key part into k21-k2nAnd a third value constituting the first key portion is decomposed into k11-k1nThe authentication device sequentially sends c1-cnIs determined as the current second value and is at k21-k2nDetermine a current first value corresponding to the current second value, where the position number of the current first value is the same as that of the current second value, e.g., the current second value is c4If the current first value is k24The current first value is the target first value. After determining the current first numerical value, the authentication device determines a second target numerical value corresponding to the current second numerical value in the excitation according to the current first numerical value, specifically, the authentication device determines a value to be determined before a position serial number of the current second numerical value in each second numerical value in the excitation to determine the value to be determined as the second target numerical value, where the value to be determined is a preset numerical value.
After the authentication equipment obtains the second target value, the authentication equipment performs exclusive-or operation on the second value and the second target value to obtain an intermediate value. Authentication device then k11-k1nObtaining a second value, a third target value, and performing an exclusive-or operation on the third target value and the intermediate value to obtain a confusion incentive value, where the position number of the second value is the same as the position number of the third target value, for example, the second value is c4Then the third target value is k14. And after obtaining the confusion incentive values corresponding to the second values in the incentive C, the authentication equipment combines the confusion incentive values according to the position serial numbers of the second values, thereby obtaining the confusion incentive.
Specifically, the generation flow of the confusion incentive is formed by the following three formulasAnd (4) deriving the formula.
Figure BDA0002400274500000141
Figure BDA0002400274500000142
And
Figure BDA0002400274500000143
the second value is c2When the position number is 2, the second numerical value is c3When the position number is 3; the third value is k11When the position number is 1, the third value k12Position number is 2; and the first value is k21When the position number is 1, the first value k22And the position number is 2.
Referring to fig. 5, fig. 5 is a schematic diagram of the generation of a confusion stimulus. Suppose a key k210100101, wherein k2iRepresentation key k2At position i of (1), c in the figureiAnd gi(giIntermediate values, denoted by G) represents an exclusive or. For example, g3And { c1,c3With connecting lines to indicate
Figure BDA0002400274500000151
Wherein, c1Is a second target value, the second value is c3,g4And { c1,c3,c4With connecting lines to indicate
Figure BDA0002400274500000152
Wherein, c1、c3Is a second target value, the second value is c4I.e. only when k2When the ith bit of (1) is ciAs a second target value to add subsequent obfuscation.
In the technical scheme provided by this embodiment, the authentication device performs xor operation on the first key part, the second key part and the stimulus of the authentication key to generate the confusion stimulus, so as to generate a response according to the confusion stimulus and send the response to the server, thereby preventing an attacker from learning an effective mapping relationship between the stimulus and the response, and improving the security of the stimulus authentication mode.
In an embodiment, the authentication device is provided with an incentive buffering structure, the incentive buffering structure is used for storing each intermediate value, and when receiving the output instruction, the incentive buffering structure outputs the intermediate value corresponding to the output instruction, so that the authentication device generates the confusion incentive according to the intermediate value and the third value of the first key part. Excitation buffer structure as shown in fig. 6, fig. 6 includes a and b, and the excitation buffer structure in a is composed of two NOR latches and several alternative multiplexers. The NOR latch keeps the original output unchanged when S is equal to R is equal to 0; when S is 0 and R is 1, Q is set to 1; when S is 1 and R is 0, Q is set to 0; s ═ R ═ 1 makes no sense. The value of the intermediate value gi needs to be buffered in giJ-th bit g ofijFor example, the stimulus cache structure has three operations:
1. read operation (Ro): in calculating gijBefore, NOR-type latch2 is in the hold transition and the output is tp, so there is
Figure BDA0002400274500000153
2. Write operation (Wo): calculated good gijThereafter, NOR-type latch1 is in hold transition and g is put intoijCache, at this time NOR-type latch2 will gijWriting with tp ═ gij
3. Hold operation (Hold operation, Ho): NOR-type latch1 and NOR-type latch2 are in the hold state at the same time.
The read operation, write operation and hold operation are performed by the key k2Control, assume k210100101, the control signal to activate the buffer structure is 1010010110100101. If the control signal is 1, exciting the cache structure to execute read-write operation; if the control signal is 0, the cache structure is activated to perform a hold operation. b is an example of a cache gi, assuming k2Has a single signal duration of T. We first set tp to 0 by RST, k in the first half of time T12=1,c ij1 or moreAnd ps 0, yielding Q1 (g)ij)=cij⊕ tp equals 1, and k is the second half of time T12=1,cij1 and ps 1, S20, R2 1 and Q2(tp) gi, and j 1, which can be used to obtain G in the confusion process1,g2,…,gt}. Xoring the last G with key k2 yields the obfuscated stimulus C' ═ C1,c′2,...,c′n}。
In this embodiment, the stimulus caching structure obfuscates the stimulus in combination with the stimulus and the key, and thus does not affect the uniqueness and stability of the PUF.
The invention also provides an authentication method based on confusion incentive.
Referring to fig. 7, fig. 7 is a fourth embodiment of the authentication method based on the confusion incentive according to the present invention, which includes the following steps:
step S400, after receiving a response sent by authentication equipment, a server acquires an authentication key and a stimulus sent to the authentication equipment, wherein the authentication key comprises a first key part and a second key part;
in this embodiment, the execution subject is a server. When the authentication device accesses the server, the server needs to verify the authentication device, and the server randomly generates the excitation C ═ C1,c2,…,cnAnd sends the stimulus C to the authentication device. The authentication device shares an authentication key with the server, and the authentication key K is composed of a first key part K1And a second key part k2And (4) forming. The authentication device generates a response upon receiving the stimulus C and sends the response to the server. After receiving the response, the server acquires an authentication key shared with the authentication device and an incentive C sent to the authentication device.
Step S500, generating an authentication confusion incentive according to the first key part, the second key part and the incentive;
the server generates the authentication confusion incentive according to the first key part, the second key part and the incentive, and the process and the principle of generating the authentication confusion incentive by the server are the same as those of generating the confusion incentive by the authentication equipment, and are not described again here.
Step S600, determining an authentication response according to the authentication confusion stimulus, and determining a Hamming distance between the response and the authentication response;
step S700, when the Hamming distance is smaller than or equal to a preset threshold, the authentication of the authentication equipment is judged to be passed.
The server learns the confusing stimulus C' and response R generated by the authentication device1Thereby forming an authentication obfuscated stimulus C' and a response R2The server obtains a response R according to the mapping relation and the authentication confusion stimulus C2Then calculate R2And R2The hamming distance between two character strings with equal length is the number of different characters at the corresponding positions of the two character strings. For example, the Hamming distance between 1011101 and 1001001 is 2; the hamming distance between 2143896 and 2233796 is 3; the hamming distance between "toned" and "roses" is 3. And when the Hamming distance is less than or equal to the preset threshold, the authentication equipment can be judged to pass the authentication.
In this embodiment, when the authentication device authenticates with the server, the information transmitted by the communication channel is the stimulus C and the response R1Due to the response R1The method is based on two-part key generation and excitation of the authentication key, and an attacker cannot obtain the two-part key of the authentication key and cannot know a confusion algorithm between the two-part key and the excitation C, so that the attacker can respond to the excitation C and the response R1The mapping is not established effectively, i.e. the attacker cannot transmit the stimulus C and the response R according to the communication channel between the authentication device and the server1And accessing the server illegally.
In addition, the server is further provided with an excitation cache structure, and the specific structure and the working principle of the excitation cache structure refer to the above description, which is not described herein again.
In the technical scheme provided by this embodiment, when receiving a response sent by the authentication device, the server obtains the authentication key and the stimulus, generates the authentication confusion stimulus according to the first key part and the second key part in the authentication key and the stimulus, and generates the authentication response according to the authentication confusion stimulus, thereby determining the hamming distance between the authentication response and the response, and determining that the authentication of the authentication device is successful when the hamming distance is less than or equal to the preset threshold. Because an attacker cannot know the two keys of the authentication key, even if the attacker collects the stimulus and the response, the mapping relation between the stimulus and the response established by the attacker is not effective, that is, the attacker cannot collect the effective mapping relation between the stimulus and the response to carry out machine learning modeling attack, and the security of the stimulus authentication mode provided by the embodiment is high.
Referring to fig. 8, fig. 8 is a fifth embodiment of the authentication method based on confusing incentives, and based on the fourth embodiment, the step S600 includes:
step S610, inputting the authentication confusion excitation into the learning model to obtain the authentication response output by the learning model;
step S620, determining a hamming distance between the response and the authentication response.
In this embodiment, the server is provided with a learning model, and the learning model is obtained by performing an authentication confusion incentive and response training.
In particular, the server generates a plurality of stimuli to form an input set X ═ X1,x2,…,xwW denotes the input set size of X, which is then sent to the authentication device. After receiving X, the authentication device generates a corresponding confusion stimulus for each stimulus, and generates a response from the confusion stimulus, that is, the authentication device obtains each response to form an output set Y ═ Y1,y2,…,yωAnd sending Y to the server.
The server generates an authentication confusion stimulus according to each stimulus in the output set X, and inputs the authentication confusion stimulus and the response into the preset model, so as to train the preset model to obtain a learning model, namely the learning model learns the mapping relation between the authentication confusion stimulus and the authentication response. It will be appreciated that the server may generate corresponding learning models for different authentication devices according to the principles described above, with different authentication devices referring to different principles of generating confusing stimuli.
In the technical scheme provided by the embodiment, the learning model is stored in the server, and the server inputs the authentication confusion excitation into the learning model, so that the authentication response is quickly obtained to authenticate the authentication equipment, and the authentication time of the authentication equipment is saved.
The invention also provides an authentication device comprising a memory, a processor and an authentication program stored in the memory and executable on the processor, the authentication program, when executed by the processor, implementing the steps of the obfuscated incentive based authentication method as described in the above embodiments.
The present invention also provides a server comprising a memory, a processor and an authentication program stored in the memory and executable on the processor, the authentication program, when executed by the processor, implementing the steps of the confusion incentive based authentication method as described in the above embodiments.
The invention also provides an authentication system, comprising an authentication device and a server, wherein the authentication device is in communication connection with the server,
the authentication device is used for acquiring an authentication key when receiving a stimulus sent by a server, generating a confusion stimulus according to a first key part and a second key part in the authentication key and the stimulus, generating a response according to the confusion stimulus, and sending the response to the server so that the server authenticates the authentication device according to the stimulus and the response;
the server is used for acquiring an authentication key and a stimulus sent to the authentication equipment after receiving a response sent by the authentication equipment, generating an authentication confusion stimulus according to a first key part and a second key part in the authentication key and the stimulus, determining an authentication response according to the authentication confusion stimulus so as to determine a Hamming distance between the response and the authentication response, and judging that the authentication of the authentication equipment passes when the Hamming distance is smaller than or equal to a preset threshold value.
The present invention also provides a computer-readable storage medium storing an authentication program which, when executed by a processor, implements the steps of the confusion incentive-based authentication method as described in the above embodiments.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or system. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or system that comprises the element.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium (e.g., ROM/RAM, magnetic disk, optical disk) as described above and includes instructions for enabling a terminal device (e.g., a mobile phone, a computer, a server, an air conditioner, or a network device) to execute the method according to the embodiments of the present invention.
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.

Claims (16)

1. An authentication method based on confusion incentive, the authentication method based on confusion incentive comprises the following steps:
the authentication method comprises the steps that when receiving an excitation sent by a server, authentication equipment obtains an authentication key, wherein the authentication key comprises a first key part and a second key part;
generating a obfuscated incentive from the first key portion, the second key portion and the incentive;
and generating a response according to the confusion stimulus, and sending the response to the server so that the server can authenticate the authentication equipment according to the stimulus and the response.
2. A confusion incentive-based authentication method as claimed in claim 1, wherein said step of generating a confusion incentive based on the first key part, the second key part and the incentive comprises:
generating intermediate values corresponding to the second values according to the first values forming the second key part and the second values forming the excitation;
generating the obfuscated stimulus in dependence on respective third values constituting the first key portion and respective intermediate values.
3. A confusion incentive-based authentication method as claimed in claim 2, wherein said step of generating intermediate values corresponding to respective second numerical values based on respective first numerical values constituting said second key part and respective second numerical values constituting said incentive, and generating said confusion incentive based on respective third numerical values constituting said first key part and respective intermediate values comprises:
determining a first target value corresponding to each second value constituting the stimulus among the respective first values of the second key part, wherein the first target values include one or more;
determining second target values in each second value in the excitation according to the first target values, and performing exclusive-or operation on each second value and the second target value corresponding to the second value to obtain the intermediate value corresponding to each second value;
determining a third target value corresponding to the second value among respective third values constituting the first key part;
performing exclusive-or operation on the intermediate value corresponding to each second numerical value and a third target numerical value corresponding to the second numerical value to obtain a confusion incentive numerical value;
and combining the confusion incentive values according to the position serial numbers of the second values in the incentive array to obtain the confusion incentive.
4. A confusion incentive-based authentication method as claimed in claim 3, wherein said step of determining a second target value among respective second values in the incentive based on the first target value comprises:
determining a position number of the second numerical value in the excited array;
and determining a value to be determined which is positioned before the position serial number in each second value in the excitation to be determined as the second target value, wherein the value to be determined is a preset value.
5. A confusion incentive-based authentication method according to any one of claims 2-4, wherein a incentive buffering structure is provided in the authentication device, the incentive buffering structure is configured to store each of the intermediate values, and when receiving an output instruction, the incentive buffering structure outputs the intermediate value corresponding to the output instruction, so that the authentication device can generate the confusion incentive according to the intermediate value and the third value of the first key portion.
6. An authentication method based on confusion incentive, the authentication method based on confusion incentive comprises the following steps:
after receiving a response sent by authentication equipment, a server acquires an authentication key and a stimulus sent to the authentication equipment, wherein the authentication key comprises a first key part and a second key part;
generating an authentication obfuscation incentive from the first key portion, the second key portion and the incentive;
determining an authentication response according to the authentication confusion stimulus, and determining a hamming distance between the response and the authentication response;
and when the Hamming distance is smaller than or equal to a preset threshold value, judging that the authentication of the authentication equipment passes.
7. A confusion incentive-based authentication method as claimed in claim 6, wherein said step of generating an authentication confusion incentive based on the first key part, the second key part and the incentive comprises:
generating intermediate values corresponding to the second values according to the first values forming the second key part and the second values forming the excitation;
generating the authentication confusion stimulus in dependence on the respective third values and the respective intermediate values constituting the first key portion.
8. A confusion incentive-based authentication method as claimed in claim 7, wherein said generating an intermediate value for each of said second values based on each of said first values constituting said second key portion and each of said second values constituting said incentive; the step of generating the authentication confusion stimulus in dependence on the respective third values and the respective intermediate values constituting the first key portion comprises:
determining a first target value corresponding to each second value constituting the stimulus among the respective first values of the second key part, wherein the first target values include one or more;
determining second target values in each second value in the excitation according to the first target values, and performing exclusive-or operation on each second value and the second target value corresponding to the second value to obtain the intermediate value corresponding to each second value;
determining a third target value corresponding to the second value among respective third values constituting the first key part;
performing exclusive-or operation on the intermediate value corresponding to each second numerical value and a third target numerical value corresponding to the second numerical value to obtain a confusion incentive numerical value;
and combining the confusion incentive values according to the position serial numbers of the second values in the incentive array to obtain the authentication confusion incentive.
9. A confusion incentive-based authentication method as claimed in claim 8, wherein said step of determining a second target value among respective second values in the incentive based on the first target value comprises:
determining a position number of the second numerical value in the excited array;
and determining a value to be determined which is positioned before the position serial number in each second value in the excitation to be determined as the second target value, wherein the value to be determined is a preset value.
10. The confusion incentive-based authentication method as claimed in claim 7, wherein a incentive buffering structure is provided in the server, the incentive buffering structure is configured to store each of the intermediate values, and when receiving an output instruction, the incentive buffering structure outputs the intermediate value corresponding to the output instruction, so that the server can generate the authentication confusion incentive according to the intermediate value and the third value of the first key portion.
11. A confusion incentive-based authentication method as claimed in any one of claims 6 to 10 wherein said server comprises a learning model trained on authentication confusion incentives and responses, said step of determining an authentication response from said authentication confusion incentives comprising:
inputting the authentication confusion stimulus into the learning model to obtain the authentication response output by the learning model.
12. A confusion incentive-based authentication method as claimed in claim 11, wherein said step of learning model training comprises:
generating a plurality of stimuli and sending each of the stimuli to the authentication device, wherein the authentication device generates a confusion stimulus corresponding to each of the stimuli and a response corresponding to each of the confusion stimuli;
receiving each response fed back by the authentication device, and generating an authentication confusion stimulus for each stimulus;
and training a preset model according to each authentication confusion stimulus and each response to obtain the learning model.
13. An authentication device comprising a memory, a processor and an authentication program stored in the memory and executable on the processor, the authentication program when executed by the processor implementing the steps of the confusion incentive based authentication method as claimed in any one of claims 1 to 6.
14. A server, characterized in that the server comprises a memory, a processor and an authentication program stored in the memory and executable on the processor, the authentication program, when executed by the processor, implementing the steps of the confusion incentive based authentication method as claimed in any one of claims 7-12.
15. An authentication system comprising an authentication device and a server, the authentication device being in communicative connection with the server, wherein,
the authentication device is used for acquiring an authentication key when receiving a stimulus sent by a server, generating a confusion stimulus according to a first key part and a second key part in the authentication key and the stimulus, generating a response according to the confusion stimulus, and sending the response to the server so that the server authenticates the authentication device according to the stimulus and the response;
the server is used for acquiring an authentication key and a stimulus sent to the authentication equipment after receiving a response sent by the authentication equipment, generating an authentication confusion stimulus according to a first key part and a second key part in the authentication key and the stimulus, determining an authentication response according to the authentication confusion stimulus so as to determine a Hamming distance between the response and the authentication response, and judging that the authentication of the authentication equipment passes when the Hamming distance is smaller than or equal to a preset threshold value.
16. A computer-readable storage medium, characterized in that the computer-readable storage medium stores an authentication program which, when executed by a processor, carries out the steps of the confusion incentive based authentication method as claimed in any one of claims 1-12.
CN202010146250.1A 2020-03-04 2020-03-04 Authentication device, server, authentication system, and authentication method based on confusion incentive Active CN111371789B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010146250.1A CN111371789B (en) 2020-03-04 2020-03-04 Authentication device, server, authentication system, and authentication method based on confusion incentive

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010146250.1A CN111371789B (en) 2020-03-04 2020-03-04 Authentication device, server, authentication system, and authentication method based on confusion incentive

Publications (2)

Publication Number Publication Date
CN111371789A true CN111371789A (en) 2020-07-03
CN111371789B CN111371789B (en) 2022-05-27

Family

ID=71211712

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010146250.1A Active CN111371789B (en) 2020-03-04 2020-03-04 Authentication device, server, authentication system, and authentication method based on confusion incentive

Country Status (1)

Country Link
CN (1) CN111371789B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106817223A (en) * 2017-01-11 2017-06-09 电子科技大学 A kind of dynamic and configurable key authentication system based on SoPC
CN108173662A (en) * 2018-02-12 2018-06-15 海信集团有限公司 The authentication method and device of a kind of equipment
CN109005040A (en) * 2018-09-10 2018-12-14 湖南大学 Dynamic multi-secrets key obscures PUF structure and its authentication method
CN109787761A (en) * 2019-02-20 2019-05-21 金陵科技学院 A kind of equipment certification and key distribution system and method based on physics unclonable function

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106817223A (en) * 2017-01-11 2017-06-09 电子科技大学 A kind of dynamic and configurable key authentication system based on SoPC
CN108173662A (en) * 2018-02-12 2018-06-15 海信集团有限公司 The authentication method and device of a kind of equipment
CN109005040A (en) * 2018-09-10 2018-12-14 湖南大学 Dynamic multi-secrets key obscures PUF structure and its authentication method
CN109787761A (en) * 2019-02-20 2019-05-21 金陵科技学院 A kind of equipment certification and key distribution system and method based on physics unclonable function

Also Published As

Publication number Publication date
CN111371789B (en) 2022-05-27

Similar Documents

Publication Publication Date Title
Li et al. Blockchain-based searchable symmetric encryption scheme
Ferdowsi et al. Deep learning for signal authentication and security in massive internet-of-things systems
CN109005040B (en) Dynamic multi-key confusion PUF (physical unclonable function) structure and authentication method thereof
US9077710B1 (en) Distributed storage of password data
CN107423632B (en) Customizable sensitive data desensitization method and system
Gasti et al. Secure, fast, and energy-efficient outsourced authentication for smartphones
Blocki et al. Designing proof of human-work puzzles for cryptocurrency and beyond
US20190007387A1 (en) Secure detection and management of compromised credentials
US7937586B2 (en) Defending against denial of service attacks
CN103198249A (en) Secure and usable protection of a roamable credentials store
Tian et al. Achieving flatness: Graph labeling can generate graphical honeywords
Andola et al. A secure searchable encryption scheme for cloud using hash-based indexing
Xiong et al. Towards neural network-based communication system: attack and defense
Kharod et al. An improved hashing based password security scheme using salting and differential masking
Kuvonchbek Method Authentication of Objects Information Communication
Malik et al. A homomorphic approach for security and privacy preservation of Smart Airports
Sun et al. Public data integrity auditing without homomorphic authenticators from indistinguishability obfuscation
Ullah et al. Deep self-learning based dynamic secret key generation for novel secure and efficient hashing algorithm
Gilbert et al. Generic attack on duplex-based aead modes using random function statistics
CN111371789B (en) Authentication device, server, authentication system, and authentication method based on confusion incentive
Liu et al. Adversarial attacks against profile HMM website fingerprinting detection model
KR100951034B1 (en) Method of producing searchable keyword encryption based on public key for minimizing data size of searchable keyword encryption and method of searching data based on public key through that
Sanjeevi et al. The improved DROP security based on hard AI problem in cloud
Zhang et al. Efficient Cloud-Based Private Set Intersection Protocol with Hidden Access Attribute and Integrity Verification.
Kim et al. Deep neural networks based key concealment scheme

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant