A Two-Factor Authentication Method for Database User Authentication

Abstract

The invention discloses a two-factor authentication method for database user identity verification. The steps include: 1) an initialization stage: the server S generates and stores a public-private key pair (k s , K S ); 2) Registration stage: client C communicates with smartphone D and server S at the same time, and converts the password pw input by user U into a random password rw; client C generates a public-private key pair for user U (k U , K U ), encrypt the private key k with rw U and public key K S , generate ciphertext c; client C sends the public key K U Send to server S, and send ciphertext c to mobile phone D; server S stores K U , the mobile phone D stores the ciphertext c; 3) Authentication stage: the user U verifies each other with the server S under the assistance of the mobile phone D, if both verifications pass, the server S agrees to the user U to access the database and establishes a temporary session key SK; otherwise Server S terminates the connection service. The invention can realize safe and efficient two-factor authentication.

Description

technical field [0001] The invention belongs to the technical field of information security, and relates to a practical and combinable user identity authentication method, in particular to a design and implementation method of a smart phone-based dual-factor identity authentication protocol for database users. Background technique [0002] A fundamental step in securing a database system is to verify the identity of the user accessing the database (authentication). A sophisticated authentication scheme helps protect users and the data they store from attackers. Existing database systems (such as Oracle, MySQL) provide a variety of authentication strategies to meet user needs, such as password-based authentication methods, token or smart card-based strong authentication methods, and public key infrastructure (PKI) authentication method, proxy authentication, etc. Among these authentication methods, password-based authentication is the most basic and convenient method. User...

AI Technical Summary

Problems solved by technology

Existing practical two-factor protocols based on smart phones are similar to the (1) type of two-factor protocols based on physical cards, such as Google Authenticator, FIDO, Duo, etc. Smart phones generate PIN codes and passwords and send them to the server together, smart phones and Passwords are verified separately, and the security of passwords cannot be guaranteed

In 2014, Shirvanian et al. proposed 13 methods based on the literature 3 (Shirvanian M, Jarecki S, Saxena N, et al. Two-factor protocols for mixed-bandwidth smart devices, but these protocols rely on public key infrastructure (PKI) and are vulnerable to PKI failure and password compromise

Existing protocols either have security issues, such as password leaks, password guessing attacks, etc., or have low performance and are not suitable for fast access to databases

Images