周炜,魏志强,王斌,王成钢

• 1:青岛理工大学计算机工程学院
• 2:中国海洋大学信息科学与工程学院

摘要(Abstract)：

社交认证是一种新型的基于社交网络进行的身份认证方式,已有的基于社交凭证的社交认证解决方案多是作为二因子认证系统的备用认证方式。本文提出一种面向移动终端的基于多种社交凭证的社交认证系统,可以作为更广泛应用的单因子认证系统的备用认证方式,且社交认证所需的信托人数量更少。在论证作为生成社交凭证基础的多种社交活动的基础上,给出了社交认证的系统架构和运行过程,详细论述了社交认证协议,最后通过系统实现和分析论证了所提出系统的有效性与安全性。

关键词(KeyWords)： 多种社交凭证;社交认证;信息安全

Abstract:

Keywords:

基金项目(Foundation): 国家自然科学基金项目(61502262);; 青岛市科技计划基础研究项目(KJZD-13-31-JCH);; 青岛经济技术开发区重点科技发展计划项目(2013-1-72)资助~~

作者(Author): 周炜,魏志强,王斌,王成钢

DOI: 10.16441/j.cnki.hdxb.20160075

参考文献(References)：

• [1]Ellison N B.Social network sites:Definition,history,and scholarship[J].Journal of Computer-Mediated Communication,2007,13(1):210-230.
• [2]Brainard J,Juels A,Rivest R L,et al.Fourth-factor authentication:Somebody you know[C]//ACM conference on Computer and Communications Security.VA,USA,2006:168-178.
• [3]Henk C.A.van Tilborg.,Encyclopedia of Cryptography and Security[M].US:Springer,2011:1341-1341.
• [4]Al Abdulwahid A,Clarke N,Furnell S,et al.The current use of authentication technologies:An investigative review[C]//2015IEEE International Conference on Cloud Computing(ICCC).Riyadh,Saudi Arabia,2015:1-8.
• [5]Javed A,Bletgen D,Kohlar F,et al.Secure Fallback Authentication and the Trusted Friend Attack[C]//2014IEEE 34th International Conference on Distributed Computing Systems Workshops(ICDCSW).Madrid,Spain,2014:22-28.
• [6]Zhan J,Fang X.Authentication Using Multi-level Social Networks[M].Berlin:Springer,2011:35-49.
• [7]Schechter S,Egelman S,Reeder R W.It’s not what you know,but who you know[C]//Proceedings of the 27th ACM SIGCHI Conference on Human Factors in Computing Systems(CHI).Toronto,Canada,2009:172-181.
• [8]Facebook Security.National Cybersecurity Awareness Month Updates[EB/OL].(2011-10-27)[2016-03-03].goo.gl/KdyYXJ.
• [9]Facebook Security.Introducing Trusted Contacts Facebook's Trusted Contacts[EB/OL].(2013-05-02)[2016-03-03].goo.gl/xHmVHA.
• [10]Shao C,Chen L,Fan S,et al.Social authentication identity:An alternate to internet real name system[C]//International Conference on Security and Privacy in Communication Systems.Beijing,China,2014:132-140.
• [11]Frankel A D,Maheswaran M.Feasibility of a socially aware authentication scheme[C]//2009 6th IEEE Consumer Communications and Networking Conference.Las Vegas,NV,2009:1-6.
• [12]Soleymani B,Maheswaran M.Social authentication protocol for mobile phones[C]//2009International Conference on Computational Science and Engineering.Vancouver,Canada,2009:436-441.
• [13]刘宴兵,刘飞飞.基于云计算的智能手机社交认证系统[J].通信学报,2012,33(1):28-34.Liu Yan-bing,Liu Fei-fei.Cloud computing based smartphone social authentication system[J].Journal on Communications.2012,33(1):28-34.
• [14]刘飞飞,刘宴兵.基于社交网络的智能手机轻型安全认证协议设计[J].重庆邮电大学学报(自然科学版),2013,25(1):132-137.Liu Fei-fei,Liu Yan-bing.Lightweight smart phone security authentication protocol based on social network[J].Journal of Chongqing University of Posts and Telecommunications(Natural Science Edition).2013,25(1):132-137.
• [15]腾讯.微信关闭帐号保护方法[EB/OL].(2015-12-02)[2016-03-03].http://kf.qq.com/faq/120813euEJVf131227UBna2i.html.Tecent.Method for closing account protection of WeChat[EB/OL].(2015-12-02)[2016-03-03].http://kf.qq.com/faq/120813euEJVf131227UBna2i.html.
• [16]Jablon D P.Strong password-only authenticated key exchange[J].ACM SIGCOMM Computer Communication Review,1996,26(5):5-26.
• [17]Rescorla E.RFC 2631:Diffie-Hellman Key Agreement Method[S].United States:1999.
• [18]Tanjent.MurmurHash[EB/OL].(2011-03-01)[2016-03-03].https://sites.google.com/site/murmurhash/.

文章评论(Comment)：