计算机科学

计算机科学 ›› 2020, Vol. 47 ›› Issue (11): 68-72.doi: 10.11896/jsjkx.191000008

所属专题: 智能移动身份认证

• 智能移动身份认证 • 上一篇    下一篇

多重PKG环境中高效的身份基认证密钥协商协议

秦艳琳, 吴晓平, 胡卫   

  1. 海军工程大学信息安全系 武汉 430033
  • 收稿日期:2019-10-08 修回日期:2020-04-10 出版日期:2020-11-15 发布日期:2020-11-05
  • 通讯作者: 秦艳琳(qinyanlincool@163.com)

Efficient Identity-based Authenticated Key Agreement Protocol with Multiple Private Key Generators

QIN Yan-lin, WU Xiao-ping, HU Wei   

  1. Department of Information Security,Naval University of Engineering,Wuhan 430033,China
  • Received:2019-10-08 Revised:2020-04-10 Online:2020-11-15 Published:2020-11-05
  • About author:QIN Yan-lin,born in 1980,Ph.D,lecturer.Her main research interests include cryptography and network security.

PDF (PC)

743

摘要: 认证密钥协商协议在网络安全通信中用于实现用户之间的相互认证和密钥协商。一些大规模网络应用中通常设置了多重PKG,高层的PKG认证下属的低层级PKG的身份并负责为它们生成私钥。目前适用于多重PKG环境的身份基认证密钥协商协议大多利用双线性对设计,运算效率较低,同时还存在安全性问题。为提高已有方案的安全性和效率,基于椭圆曲线密码体制提出了一种多重PKG环境中的身份基认证密钥协商协议,该协议中多个PKG之间不是相互独立的,而是具有层级隶属关系,更贴近实际应用。对该协议进行安全性分析,分析结果表明该协议能弥补已有方案的安全漏洞,满足抗临时密钥泄露、前向安全性、抗假冒攻击等安全属性,并且协商双方的计算中均不含双线性对运算,与同类方案相比具有更高的运算效率。

关键词: 多重PKG, 基于身份的公钥密码体制, 抗临时密钥泄露, 认证密钥协商协议, 椭圆曲线

Abstract: An authenticated key agreement protocol can achieve the authentication and key agreement between users in the secure network communications.In most of large scale network applications,there are multiple Private Key Generators,and a higher-level PKG authenticates the identity and generates a private key for lower-level PKG.Most of the existing identity-based authenticated key agreement protocols with multiple PKGs are designed by using bilinear pairing which needs much more computation resource,and they are also not secure enough.To solve the security and efficiency problems of existing protocols with multiple PKGs,a novel identity-based authenticated key agreement protocol with hierarchical PKGs based on Elliptic Curve Cryptosystem is proposed.In this new scheme,PKGs are not independent to each other,and the lower-level PKG is subordinate to the higher-level PKG.Security analysis show that the proposed protocol can overcome the disadvantages of the existing protocols,and meets security properties such as ephemeral secret leakage resistance,forward security and forgery attack resistance.Comparing with the existing protocols,the novel protocol is free from bilinear paring operation,so it can supply more security with lower computational overhead.

Key words: Authenticated key agreement protocol, Elliptic curve, Ephemeral secret leakage resistance, Identity-based cryptosystem, Multiple private key generators

中图分类号: 

  • TP309
[1] HARN L,LIN C L.Efficient group Diffie-Hellman key agree-mentprotocols[J].Computers and Electrical Engineering,2014,40(6):1972-1980.
[2] SHAMIR A.Identity based cryptosystems and signatureschemes[C]//Advances in Cryptology Crypto84.Berlin:Springer-Verlag,1984:47-53.
[3] NOSE P.Security weaknesses of a signature scheme and authen-ticated key agreement protocols[J].Information Processing Letters,2014,114(3):107-115.
[4] WANG Y G.Efficient Identity-Based and Authenticated Key Agreement Protocol[J].Lecture Notes in Computer Science,2013,7420(1):172-197.
[5] TAN Z W.An efficient pairing-free identity-based authenticated group key agreement protocol[J].International Journal of Communication Systems,2015,28(3):534-545.
[6] DANG L J,XU J,CAO X F.Efficient identity-based authenticated key agreement protocol with provable security for vehicularad hoc networks[J].International Journal of Distributed Sensor Networks,2018,14(4):1-16.
[7] HASSAN A,OMALA A A,ALI M.Identity-Based User Au-thenticated Key Agreement Protocol for Multi-Server Environment with Anonymity[J].Mobile Networks and Applications,2019,24(3):890-902.
[8] LI Q R,HSU C F,CHOO K K R.A Provably Secure and Light-weight Identity-Based Two-Party Authenticated Key Agreement Protocol for Vehicular Ad Hoc Networks[EB/OL].(2019-02-24) [2019-12-28].https://doi.org/10.1155/2019/7871067.
[9] WU J D,TSENG Y M,HUANG S S.An Identity-Based Au-thenticated Key Exchange Protocol Resilient to Continuous Key Leakage[J].IEEE Systems Journal,2019,13(4):3968-3979.
[10] ASWATHY S V,LAKSHMY K V,SETHUMADHAVAN M.A Customer Identity based Authenticated Key AgreementProtocol for LTE Standard[J].International Journal of Pure and Applied Mathematics,2018,118(18):2911-2921.
[11] FARASH M S,ATTARI M A.Provably secure and efficientidentity-based key agreement protocol for independent PKGs using ECC[J].ISC International Journal of Information Security,2013,5(1):55-70.
[12] MISHRA D,MUKHOPADHYAY S.Cryptanalysis of pairing-free identity-based authenticated key agreement protocols[C]//ICISS 2013.Berlin:Springer,2013:247-254.
[13] ZHOU H,WANG X F,SU J S.An Efficient Identity-Based Key Agreement Protocol in a Multiple PKG Environment[J].Wuhan University Journal of Natural Sciences,2014,19(5):455-460.
[14] FUJIOKA A.One-Round Exposure-Resilient Identity-BasedAuthenticated Key Agreement with Multiple Private Key Generators[M]//Paradigms in Cryptology-Mycrypt 2016.Cham:Springer,2016:436-460.
[15] CAO C L,LIU M Q,ZHANG R.Provably Secure Authenticated Key Agreement Protocol Based on Hierarchical Identity[J].Journal of Electronics & Information Technology,2014,36(12):2848-2854.
[16] MAO K F,CHEN J,LIU J W.Security Analysis and Improvements of Hierarchical Identity Based Authenticated key Agreement Scheme[J].Journal of Electronics & Information Technology,2016,38(10):2619-2626.
[17] MIRACL.Multiprecision integer and rational arithmetic C/C++Library[EB/OL].(2004-03-12) [2016-12-28].http://indigo.ie/mscott.
[18] CHEN L,CHENG Z,SMART N P.Identity-Based key agree-ment protocols from pairings[J].International Journal of Information Security,2007,6(4):213-241.
[1] 张小艳, 李秦伟, 付福杰.
基于数字承诺的区块链交易金额保密验证方法
Secret Verification Method of Blockchain Transaction Amount Based on Digital Commitment
计算机科学, 2021, 48(9): 324-329. https://doi.org/10.11896/jsjkx.200800123
[2] 叶胜男, 陈建华.
一个强安全的无证书签名方案的分析和改进
Security Analysis and Improvement of Strongly Secure Certificateless Digital Signature Scheme
计算机科学, 2021, 48(10): 272-277. https://doi.org/10.11896/jsjkx.201200117
[3] 刘帅, 陈建华.
无双线性对的无证书签名方案及其在配电网中的应用
Certificateless Signature Scheme Without Bilinear Pairings and Its Application in Distribution Network
计算机科学, 2020, 47(9): 304-310. https://doi.org/10.11896/jsjkx.200500002
[4] 尤文珠, 葛海波.
二进制域上椭圆曲线密码ECC的高性能FPGA实现
High-performance FPGA Implementation of Elliptic Curve ECC on Binary Domain
计算机科学, 2020, 47(8): 127-131. https://doi.org/10.11896/jsjkx.200600112
[5] 殷秋实, 陈建华.
多服务器环境下基于椭圆曲线密码的改进的身份认证协议
Improved Identity Authentication Protocol Based on Elliptic Curve Cryptographyin Multi-server Environment
计算机科学, 2018, 45(6): 111-116. https://doi.org/10.11896/j.issn.1002-137X.2018.06.019
[6] 王刚,孙良旭,曾子维,杨丹.
一种非对等无线传感器网络环境中安全高效的混合密钥管理机制
Secure and Efficient Hybrid Key Management Mechanism in Heterogeneous WSN
计算机科学, 2016, 43(7): 153-156. https://doi.org/10.11896/j.issn.1002-137X.2016.07.027
[7] 郭松辉,牛小鹏,王玉龙.
一种基于椭圆曲线的轻量级身份认证及密钥协商方案
Elliptic Curve Based Light-weight Authentication and Key Agreement Scheme
计算机科学, 2015, 42(1): 137-141. https://doi.org/10.11896/j.issn.1002-137X.2015.01.032
[8] 邬贵明,郑方,谢向辉,吴东,严忻恺.
GF(2m)上椭圆曲线标量乘的硬件结构实现
Hardware Implementation of Scalar Multiplication on Elliptic Curves over GF(2m)
计算机科学, 2015, 42(1): 79-81. https://doi.org/10.11896/j.issn.1002-137X.2015.01.018
[9] 李忠.
抗SPA攻击的快速标量乘法
Fast Scalar Multiplication with Resistance Against SPA Attacks
计算机科学, 2014, 41(Z6): 374-376.
[10] 周克元.
基于椭圆曲线和因子分解双难题的数字签名方案
Digital Signature Scheme Based on Elliptic Curve and Factoring
计算机科学, 2014, 41(Z6): 366-368.
[11] 王电钢,丁雪峰,黄昆.
不含双线性对的无证书签密方案安全性分析与改进
Security Analysis and Improvement of Strongly Secure Certificateless Key Agreement Protocol
计算机科学, 2013, 40(Z11): 203-209.
[12] 郭萍,傅德胜,朱节中,袁程胜.
无线Mesh网络轻量级容侵CA方案
Scheme of Lite and Tolerant Certification Authority for Wireless Mesh Network
计算机科学, 2013, 40(12): 200-204.
[13] 徐彦蛟,李顺东,王道顺,吴春英.
基于椭圆曲线公钥系统的不经意传输协议
Oblivious Transfer Based on Elliptic Curve Public Key Cryptosystems
计算机科学, 2013, 40(12): 186-191.
[14] 王玉玺,张串绒,张柄虹.
一种改进的固定基点标量乘快速算法
Improved Fast Algorithm of Scalar Multiplication for Fix Base Point
计算机科学, 2013, 40(10): 135-138.
[15] 李忠,彭代渊.
基于滑动窗口技术的快速标量乘法
Fast Scalar Multiplication Based on Sliding Window Technology
计算机科学, 2012, 39(Z6): 54-56.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发