一个前向安全的基于RSA的多服务器的认证协议

摘要/Abstract

摘要： 设计安全、实用的多服务器下密钥协商协议是当前信息安全领域研究的热点。基于设计协议的一般准则,讨论了Wang等^[15]设计的一个匿名的基于生物特征的多服务器的密钥认证协议方案,指出了该协议无法抵抗服务器假冒攻击、智能卡丢失攻击、会话密钥泄露攻击;同时该方法因用户匿名性失效易造成用户隐私泄露的问题,所以不适用于实际应用。为了弥补这些缺陷,文中给出了一种基于RSA密钥的改进协议。在注册阶段,RC和服务器共享不同的密钥、时间标记等来有效抵抗服务器假冒攻击和实现匿名性、不可追踪性等。在登录阶段,协议采用公钥技术来实现用户动态身份的登录和保证前向安全性等。在认证阶段,协议包括3次相互认证,并对消息做新鲜性检测等,实现相互认证以防止重放攻击等。最后,协议对可能存在的攻击进行安全分析和效率分析,证明了改进协议能抵抗丢失智能卡攻击、匿名性等攻击。同时,该协议尽量保持了简单的运算。

关键词: RSA, 多服务器, 密钥协商, 匿名, 前向安全

Abstract: The design of secure and practical key agreement protocol under multi-server is a hot topic in the field of information security.Based on the general principles of protocol design,this paper discussed the research of an anonymous multi-server key authentication protocol scheme based on biological characteristics designed by Wang et al.It pointed out that server counterfeiting attack,smart card loss attack and session key leakage attack can be realized in this protocol.At the same time,due to the failure of user anonymity,it is easy to leak user privacy,so it is not suitable for practical application.To remedy these shortcomings,a key improvement protocol based on RSA was proposed.In the registration stage,RC and server share different keys and time markers,which can effectively resist server counterfeiting attacks and achieve anonymity and untraceable ability.In the login phase,the protocol uses public key technology to rea-lize the login and forward security of users’ dynamic identity.In the authentication stage,the protocol includes three times of mutual authentication,does freshness detection of messages,and realizes mutual authentication to prevent replay attacks and so on.Finally,the security analysis and efficiency analysis of the possible attacks prove that the improved protocol can resist the attacks of losing smart card,anonymity and so on.At the same time,it maintains a simple operation.

Key words: Anonymity, Forward security, Key agreement, Multi-server, RSA

中图分类号:

TP309

杜浩瑞, 陈建华, 戚明平, 彭聪, 范青. 一个前向安全的基于RSA的多服务器的认证协议[J]. 计算机科学, 2019, 46(11A): 409-413. https://doi.org/

DU Hao-rui, CHEN Jian-hua, QI Ming-ping, PENG Cong, FAN Qing. Forward-secure RSA-based Multi-server Authentication Protocol[J]. Computer Science, 2019, 46(11A): 409-413. https://doi.org/

参考文献

[1]TSUAR W J.A flexible user authentication scheme for multi-server internet services[C]∥Proc.of the Int’l Conf.on Networking (ICN 2001).LNCS 2093,2001:174-183.
[2]LI C T.Secure smart card based password authenticationscheme with user anonymity[J].Information Technology & Control,2011,40(40):157-162.
[3]WU Z Y,CHANG D L,LIN T C,et al.A reliable dynamic user-remote password authentication scheme over insecure network[C]∥Processing of the 26th International Conference on Advanced Information Networking and Applications.Washington DC:IEEE Computer Society,2012:25-28.
[4]LI X,MA J,WANG W D,et al.A novel smart card and dynamic ID based remote user authentication scheme for multi-server Environments[J].Mathematical & Computer Modelling,2013,58 (1／2):85-95.
[5]CHEN B L,KUO W C,WU C L.Robust smart-card-based remote user password authentication scheme[J].International Journal of Communication Systems,2014,27(2):377-389.
[6]KUMARI S,KHAN M K.More secure smart card-based remote user pass-word authentication scheme with user anonymity[J].Security & Communication Networks,2014,7(11):2039-2053.
[7]XU L L.An improved and provable remote user authentication scheme based on elliptic curve cryptosystem with user anonymity[J].Security & Communication Networks,2015,8(2):245-260.
[8]LIC T,H WANG.An efficient biometric-based remoteuser authentication scheme using smart cards [J].Journal of Net work and Computer Applications,2010,33(1):1-5.
[9]YOON E J,YOO K Y.Robust biometrics-based multi-server authentication with key agreement scheme for smart cards on elliptic curve cryptosystem[J].The Journal of Supercomputing,2013,63(1):235-255.
[10]KIM H,JEON W,LEE K,et al.Cryptanalysis and improvement of a biometrics-based multi-server authentication with key agreement scheme[C]∥Proc.of the 12th Int’l Conf.on Computational Science and Its Applications (ICCSA 2012).IEEE,2012:391-406.
[11]HE D B,WANG D.Robustbiometrics-based authenticationscheme for multi-serve environmental[J].IEEE Systems Journal,2005,9(3):816-823.
[12]ODELU V,DAS A K,GOSWAMI A.Crytanalysis on robust bi-ometrics-based authentication scheme for multi-server environment [EB/OL].http://eprint.iacr.org/2014/715.
[13]CHUANG M C,CHEN M C.An anonymous multi-server authenticated key agreement scheme based on trust computingsuingsmart cards and biometric [J].Expert Systems with Applications,2014,41(4):1411-1418.
[14]MISHRA D,DAS A,MUKHOPADHYAY S.A secure user anonymity-preserving biometric-based multi-sever authenticated key agreement scheme using smart cards [J].Expert Systems with Applications,2014,41(18):8129-8143.
[15]王瑞兵,陈建华,张媛媛.一个匿名的基于生物特征的多服务器的密钥认证协议方案的研究[J].计算机应用研究,2016,33(7):2190-2196.
[16]CHAUDHRY S A.A secure biometric based based multi-server authentication scheme for social multimedia network [J].Multi-media Tools & Applications,2016,75(20):1-21.
[17]XIA P Z,CHEN J H.Three-factor authentication scheme formulti-servers environments based on elliptic curve cryptography [J].Application Research of Computers,2017,34(10):3061-3067.
[18]殷秋实,陈建华.多服务器环境下基于椭圆曲线密码的改进的身份认证协议[J].计算机科学,2018,45(6):111-116.
[19]汪定,李文婷,王平.对三个多服务器环境下匿名认证协议的分析[J].软件学报,2018,29(7):1937-1952.
[20]汪定,马春光,翁臣,等.一种适于受限资源环境的远程用户认证方案的分析与改进[J].电子与信息学报,2012,34(10):2520-2526.
[21]WAN T,LIU Z X,MA J F.Authentication and key agreement protocol for multi-server architecture[J].Journal of Computer Research and Development,2016,53(11):2446-2453.
[22]AMIN R.Cryptanalysis and efficient dynamic ID based remoteuser authentication scheme in multi-server environment ssing smart card[J].Int’l Journal of Network Security,2016,18(1):172-181.
[23]REDDY A G,YOON E J,DAS A K,et al.Design of mutually authenticated key agreement protocol resistant to impersonation attacks for multi-server environment[J].IEEE Access,2017,5:3622-3639.

相关文章 15

[1]	蹇奇芮, 陈泽茂, 武晓康. 面向无人机通信的认证和密钥协商协议 Authentication and Key Agreement Protocol for UAV Communication 计算机科学, 2022, 49(8): 306-313. https://doi.org/10.11896/jsjkx.220200098
[2]	梁珍珍, 徐明. 基于海洋水声信道的密钥协商方案 Key Agreement Scheme Based on Ocean Acoustic Channel 计算机科学, 2022, 49(6): 356-362. https://doi.org/10.11896/jsjkx.210400097
[3]	李利, 何欣, 韩志杰. 群智感知的隐私保护研究综述 Review of Privacy-preserving Mechanisms in Crowdsensing 计算机科学, 2022, 49(5): 303-310. https://doi.org/10.11896/jsjkx.210400077
[4]	范家幸, 王志伟. 基于门限环签名的分级匿名表决方案 Hierarchical Anonymous Voting Scheme Based on Threshold Ring Signature 计算机科学, 2022, 49(1): 321-327. https://doi.org/10.11896/jsjkx.201000032
[5]	王向宇, 杨挺. 智能合约定义路由目录服务器 Routing Directory Server Defined by Smart Contract 计算机科学, 2021, 48(6A): 504-508. https://doi.org/10.11896/jsjkx.200700210
[6]	姜昊堃, 董学东, 张成. 改进的具有前向安全性的无证书代理盲签名方案 Improved Certificateless Proxy Blind Signature Scheme with Forward Security 计算机科学, 2021, 48(6A): 529-532. https://doi.org/10.11896/jsjkx.200700049
[7]	宗思洁, 覃天, 贺龙兵. 面向IOT芯片的安全启动算法分析与应用 Analysis and Application of Secure Boot Algorithm Based on IOT Chip 计算机科学, 2021, 48(11A): 552-556. https://doi.org/10.11896/jsjkx.210300237
[8]	符朕皓, 林定康, 姜皓晨, 颜嘉麒. 大零币匿名技术及追踪技术综述 Survey of Anonymous and Tracking Technology in Zerocash 计算机科学, 2021, 48(11): 62-71. https://doi.org/10.11896/jsjkx.210300025
[9]	倪亮, 王念平, 谷威力, 张茜, 刘伎昭, 单芳芳. 基于格的抗量子认证密钥协商协议研究综述 Research on Lattice-based Quantum-resistant Authenticated Key Agreement Protocols:A Survey 计算机科学, 2020, 47(9): 293-303. https://doi.org/10.11896/jsjkx.200400138
[10]	张王策, 范菁, 王渤茹, 倪旻. 面向缺损数据的(α,k)-匿名模型 (α,k)-anonymized Model for Missing Data 计算机科学, 2020, 47(6A): 395-399. https://doi.org/10.11896/JsJkx.190500131
[11]	任仪. 基于区块链与人工智能的网络多服务器SIP信息加密系统设计 Design of Network Multi-server SIP Information Encryption System Based on Block Chain and Artificial Intelligence 计算机科学, 2020, 47(6A): 634-638. https://doi.org/10.11896/JsJkx.190600075
[12]	李斌, 刘全. 基于最小二乘的双权重学习法 Double Weighted Learning Algorithm Based on Least Squares 计算机科学, 2020, 47(12): 210-217. https://doi.org/10.11896/jsjkx.191100084
[13]	秦艳琳, 吴晓平, 胡卫. 多重PKG环境中高效的身份基认证密钥协商协议 Efficient Identity-based Authenticated Key Agreement Protocol with Multiple Private Key Generators 计算机科学, 2020, 47(11): 68-72. https://doi.org/10.11896/jsjkx.191000008
[14]	罗鹏宇, 吴乐, 吕扬, 袁堃平, 洪日昌. 基于时序推理的分层会话感知推荐模型 Temporal Reasoning Based Hierarchical Session Perception Recommendation Model 计算机科学, 2020, 47(11): 73-79. https://doi.org/10.11896/jsjkx.200700088
[15]	程庆丰, 李钰汀, 李兴华, 姜奇. 面向边缘计算环境的密码技术研究综述 Research on Application of Cryptography Technology for Edge Computing Environment 计算机科学, 2020, 47(11): 10-18. https://doi.org/10.11896/jsjkx.200500003

Metrics

Viewed

Full text

Abstract

Cited

Shared

Discussed