计算机科学 ›› 2018, Vol. 45 ›› Issue (6): 111-116.doi: 10.11896/j.issn.1002-137X.2018.06.019

• 信息安全 • 上一篇    下一篇

多服务器环境下基于椭圆曲线密码的改进的身份认证协议

殷秋实, 陈建华   

  1. 武汉大学数学与统计学院 武汉430072
  • 收稿日期:2017-04-12 出版日期:2018-06-15 发布日期:2018-07-24
  • 作者简介:殷秋实(1993-),男,硕士生,主要研究方向为密码与信息安全,E-mail:qiusy_2017@163.com;陈建华(1963-),男,教授,博士生导师,主要研究方向为数论与密码,E-mail:chenjh_ecc@163.com(通信作者)

Improved Identity Authentication Protocol Based on Elliptic Curve Cryptographyin Multi-server Environment

YIN Qiu-shi, CHEN Jian-hua   

  1. School of Mathematics & Statistics,Wuhan University,Wuhan 430072,China
  • Received:2017-04-12 Online:2018-06-15 Published:2018-07-24

摘要: 传统的身份认证协议大部分都是采用用户名和口令的模式在基于数学问题难解的情况下衍生出来的。这类协议往往依赖于口令的复杂性、随机数发生器的性能以及较大的计算开销来确保通信的安全性,因而效率较低且实用性不强。为了成功规避上述问题,在引入生物因子及模糊提取器的基础上提出了一个基于椭圆曲线密码改进的身份认证协议,并用Burrows-Abadi-Needham (BAN逻辑)形式化地完成了双方密钥认证性的验证,随后又对其进行了安全性分析并与其他相关协议进行了性能比较。实验结果表明,此协议具备更高的安全性和更强的实用性。

关键词: BAN逻辑, 多服务器环境, 模糊提取器, 身份认证, 椭圆曲线密码

Abstract: Based on the model of user’s name and password,most of the traditional identity authentication protocols are derived from the mathematical difficult problems.They often rely on the complexity of password,the performance of random generator and large computational cost to ensure the security of the communication,so they are lack of high efficiency and practicality.In order to avoid above problems successfully,based on the introduction of biological factors and fuzzy extractor,this paper proposed an improved identity authentication protocol based on elliptic curve cryptography and verified key authentication formally in both sides through Burrows-Abadi-Needham (short for BAN),and then carried out security analysis.Compared with other related protocols in performance,the proposed scheme is more secure and practical.

Key words: BAN logic, Elliptic curve cryptography, Fuzzy extractor, Identity authentication, Multi-server environment

中图分类号: 

  • TP309
[1]CHANG C,LEE J.An efficient and secure multi-server pass-word authentication scheme using smart card[C]//International Conference on Innovative Computing Information and Control.2012:725-728.
[2]FAN C L,CHAN Y C,ZHANG Z K.Robust remote authentication scheme with smart cards[J].Computers & Security,2005,24(8):619-628.
[3]LI C T,HWANG M S.An efficient biometrics-based remote user authentication scheme using smart cards[J].Journal of Network and Computer Applications,2010,33(1):1-5.
[4]LIAO Y P,HSIAO C M.A novel multi-server remote user authentication scheme using self-certified public keys for mobile clients[J].Future Generation Computer Systems,2013,29(3):886-900.
[5]TSENG Y M,WU T Y,WU J D.A pairing-based user authentication scheme for wireless clients with smart card[J].Informa-tics,2008,19(2):285-302.
[6]CHAUDHRY S A.A secure biometric based multi-server authentication scheme for social multimedia networks[J].Multimedia Tools & Applications,2016,75(20):1-21.
[7]XIA P Z,CHEN J H.Three-factor authentication scheme for multi-server environments based on elliptic curve cryptography [J].Application Research of Computers,2017,34(10):3061-3067.(in Chinese)
夏鹏真,陈建华,一个基于椭圆曲线密码的多服务器环境下三因子认证协议[J].计算机应用研究,2017,34(10):3061-3067.
[8]WANG D,WANG P.Two Birds with One Stone:Two-Factor Authentication with Security Beyond Conventional Bound[J].IEEE Transactions on Dependable and Secure Computing,2016,PP(99):1.
[9]WANG D.Robust biometric-based user authentication scheme multi-server environment[J].IEEE Systems Journal,2015,9(3):816-823.
[10]DODIS Y,REYZIN L.Fuzzy extractors:how to generate strong keys from biometrics and other noisy data[M]//Advances in Cryptology-EUROCRYPT 2004.Berlin:Springer,2004:523-540.
[11]KOBLITZ N.Elliptic curve Cryptosystem[M]//Mathematics Computing,1987:203-209.
[12]MILLER V.Uses of elliptic curves in cryptography[M]//Advances in Cryptology-CRYPTO’85 Proceedings.Berlin:Springer,1986:417-426.
[13]DOLEV D,YAO A C.On the security of public Key Protocols[J].IEEE Transactions on Information Theory,1981,29(2):198-208.
[14]KOCHER P,JAFFE J,JUN B.Differential power analysis[C]//19th Annual International Cryptology Conference.Berlin:Springer,1999:388-397.
[15]MESSER T,DAB E,SLOAN R.Examining smart-card security under the threat of power analysis attacks[J].IEEE Transactions on Computers,2002,51(5):541-552.
[16]BRIER E,CLAVIER C,OLIVIER F.Correlation power analysis with a leakage model[C]//Proceedings of the 6th International Conference on Cryptographic Hardware and Embedded Systems.Berlin:Springer,2004:16-29.
[17]GAO Y,CHENG S L.Building network security channel-Virtual network technology [J].Traffic Information and Security,2001,19(1):30-32.(in Chinese)
高岩,程胜利.构筑网络安全信道-虚拟专用网技术[J].交通信息与安全,2001,19(1):30-32.
[18]GUO D,WEN Q,LI W.Analysis and Improvement of Chaotic Map Based Mobile Dynamic ID Authentication Key Agreement Scheme[J].Wireless Personal Communications an International Journal,2015,83(1):35-48.
[19]YANG S P.Formal Analysis of Security Protocol and BAN logic[D].Guiyang:Guizhou University,2007.(in Chinese)
杨世平,安全协议及其BAN逻辑分析研究[D].贵阳:贵州大学,2007.
[20]KILINC H H,YANIK T.A survey of SIP Authentication and Key Agreement Schemes IEEE Communications[J].Surveys &Tutorials,2014,16(2):1005-1023.
[21]YANG L,MA J F.Trusted Mutual Authentication Scheme with Smart Cards and Passwords[J].Journal of University of Electronic Science and Technology of China,2011,40(1):128-133.(in Chinese)
杨力,马建峰.可信的智能卡口令双向认证方案[J].电子科技大学学报,2011,40(1):128-133.
[22]WANG Y F.A Smart Card Password Authentication Scheme Study [J].Computer Applications and Software,2011,28(9):295-297.(in Chinese)
王亚飞.一种基于智能卡口令认证方案的研究[J].计算机应用与软件,2011,28(9):295-297.
[1] 曹萌, 于洋, 梁英, 史红周.
基于区块链的大数据交易关键技术与发展趋势
Key Technologies and Development Trends of Big Data Trade Based on Blockchain
计算机科学, 2021, 48(11A): 184-190. https://doi.org/10.11896/jsjkx.210100163
[2] 尤文珠, 葛海波.
二进制域上椭圆曲线密码ECC的高性能FPGA实现
High-performance FPGA Implementation of Elliptic Curve ECC on Binary Domain
计算机科学, 2020, 47(8): 127-131. https://doi.org/10.11896/jsjkx.200600112
[3] 陈孟东, 郭东升, 谢向辉, 吴东.
基于异构计算平台的规则处理器的设计与实现
Design and Implementation of Rule Processor Based on Heterogeneous Computing Platform
计算机科学, 2020, 47(4): 312-317. https://doi.org/10.11896/jsjkx.190300104
[4] 李兆斌, 崔钊, 魏占祯, 赵洪, 郭超.
基于物理层信道特征的无线网络认证机制
Wireless Network Authentication Method Based on Physical Layer Channel Characteristics
计算机科学, 2020, 47(12): 267-272. https://doi.org/10.11896/jsjkx.190900095
[5] 程庆丰, 李钰汀, 李兴华, 姜奇.
面向边缘计算环境的密码技术研究综述
Research on Application of Cryptography Technology for Edge Computing Environment
计算机科学, 2020, 47(11): 10-18. https://doi.org/10.11896/jsjkx.200500003
[6] 姚沐言, 陶丹.
基于上采样单分类的智能手机手势密码隐式身份认证机制
Implicit Authentication Mechanism of Pattern Unlock Based on Over-sampling and One-class Classification for Smartphones
计算机科学, 2020, 47(11): 19-24. https://doi.org/10.11896/jsjkx.200600004
[7] 江泽涛, 徐娟娟.
云环境下基于代理盲签名的高效异构跨域认证方案
Efficient Heterogeneous Cross-domain Authentication Scheme Based on Proxy Blind Signature in Cloud Environment
计算机科学, 2020, 47(11): 60-67. https://doi.org/10.11896/jsjkx.191100068
[8] 张向阳,孙子文.
自动纠错CRO PUF密钥生成方案
Automatic Error Correction CRO PUF Key Generation Scheme
计算机科学, 2020, 47(1): 302-308. https://doi.org/10.11896/jsjkx.181202390
[9] 刘静, 赖英旭, 杨胜志, Lina Xu.
一种面向WSN的双向身份认证协议及串空间模型
Bilateral Authentication Protocol for WSN and Certification by Strand Space Model
计算机科学, 2019, 46(9): 169-175. https://doi.org/10.11896/j.issn.1002-137X.2019.09.024
[10] 赵茭茭, 马文平, 罗维, 刘小雪.
基于密钥共享的分层混合认证模型
Hierarchical Hybrid Authentication Model Based on Key Sharing
计算机科学, 2019, 46(2): 115-119. https://doi.org/10.11896/j.issn.1002-137X.2019.02.018
[11] 李璐璐, 董庆宽, 陈萌萌.
基于云的轻量级RFID群组标签认证协议
Cloud-based Lightweight RFID Group Tag Authentication Protocol
计算机科学, 2019, 46(1): 182-189. https://doi.org/10.11896/j.issn.1002-137X.2019.01.028
[12] 徐扬,苑津莎,高会生,赵振兵.
基于二次剩余理论的智能电表安全认证协议
Authentication Protocol for Smart Meter Based on Quadratic Residues
计算机科学, 2018, 45(7): 158-161. https://doi.org/10.11896/j.issn.1002-137X.2018.07.027
[13] 刘新宇, 李浪, 肖斌斌.
基于属性代理重加密技术与可容错机制相结合的数据检索方案
Attribute-based Proxy Re-encryption Technology and Fault-tolerant Mechanism Based Data Retrieval Scheme
计算机科学, 2018, 45(7): 162-166. https://doi.org/10.11896/j.issn.1002-137X.2018.07.028
[14] 杨冬菊,冯凯.
基于缓存的分布式统一身份认证优化机制研究
Distributed and Unified Authentication Optimization Mechanism Based on Cache
计算机科学, 2018, 45(3): 300-304. https://doi.org/10.11896/j.issn.1002-137X.2018.03.049
[15] 叶君耀,郑东,任方.
改进的具有轻量级结构的Veron身份认证及数字签名方案
Improved Veron’s Identification with Lightweight Structure and Digital Signature Scheme
计算机科学, 2017, 44(3): 168-174. https://doi.org/10.11896/j.issn.1002-137X.2017.03.037
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!