Wu Lingfeng, Wen Yunhua, Yi Jinghai
School of Computer Science and Technology, Donghua University, Shanghai 201620, China.
State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China.
Entropy (Basel). 2024 Aug 5;26(8):667. doi: 10.3390/e26080667.
Remote data backup technology avoids the risk of data loss and tampering, and has higher security compared to local data backup solutions. However, the data transmission channel for remote data backup is not secure, and the backup server cannot be fully trusted, so users usually encrypt the data before uploading it to the remote server. As a result, how to protect this encryption key is crucial. We design a User-Centric Design (UCD) data backup scheme based on multi-factor authentication to protect this encryption key. Our scheme utilizes a secret sharing scheme to divide the encryption key into three parts, which are stored in the laptop, the smart card, and the server. The encryption key can be easily reconstructed from any two parts with user's private information password, identity and biometrics. As long as the biometrics has enough entropy, our scheme can resist replay attacks, impersonation user attacks, impersonation server attacks, malicious servers and offline password guessing attacks.
远程数据备份技术避免了数据丢失和篡改的风险,与本地数据备份解决方案相比具有更高的安全性。然而,远程数据备份的数据传输通道并不安全,备份服务器也不能完全信任,因此用户通常在将数据上传到远程服务器之前对其进行加密。因此,如何保护此加密密钥至关重要。我们设计了一种基于多因素认证的以用户为中心的设计(UCD)数据备份方案来保护此加密密钥。我们的方案利用秘密共享方案将加密密钥分为三部分,分别存储在笔记本电脑、智能卡和服务器中。通过用户的私人信息密码、身份和生物特征,加密密钥可以很容易地从任意两部分重建。只要生物特征具有足够的熵,我们的方案就可以抵御重放攻击、冒充用户攻击、冒充服务器攻击、恶意服务器和离线密码猜测攻击。
