A Mutual Authentication and Key Agreement Protocol with Multi-Registration Center
LI Xue-lian1, LI Wei1, GAO Jun-tao2, WANG Hai-yu1
1. School of Mathematics and Statistics, Xidian University, Xi'an, Shaanxi 710126, China;
2. School of Telecommunications Engineering, Xidian University, Xi'an, Shaanxi 710126, China
Abstract:Most of the current Mutual Authentication and Key Agreement (MAKA) protocols fail to provide effective revocation mechanism and suffer from some new attacks,such as Ephemeral Secret Leakage (ESL) attack and Registration Center Disclosure Registration Information (RCDRI) attack.On the other hand,a large number of MAKA protocols are based on a Registration Center (RC),which is undoubtedly a challenge to RC efficiency and stability.Based on Self-Certified Public Key (SCPK),this paper proposes a MAKA protocol for multi-server environments with multi-registration centers.It is able to resist the new attacks and has efficient dynamic revocation mechanism.Based on the Diffie-Hellman assumption,the security proof of the proposed protocol is given in the random oracle model.Because the protocol does not involve bilinear pairings of operations,it has a great advantage in the implementation efficiency over the relevant schemes.
[1] Lamport L.Password authentication with insecure communication[J].Communications of the ACM,1981,24(24):770-772.
[2] He D.An efficient remote user authentication and key agreement protocol for mobile client-server environment from pairings[J].Ad Hoc Networks,2012,10(6):1009-1016.
[3] Tseng Y M,Huang S S,Tsai T T,et al.Anovel ID-based authentication and key exchange protocol resistant to ephemeral-secret-leakage attacks for mobile devices[J].International Journal of Distributed Sensor Networks,2015,2015:1-12.
[4] Choi K Y,Hwang J Y,Dong H L,et al.ID-based Authenticated Key Agreement for Low-Power Mobile Devices[M].Information Security and Privacy,DBLP,2005.494-505.
[5] Liao Y P,Wang S S.A secure dynamic ID based remote user authentication scheme for multi-server environment[J].Computer Standards & Interfaces,2009,31(1):24-29.
[6] Hsiang H C,Shih W K.Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment[J].Computer Standards & Interfaces,2009,31(6):1118-1123.
[7] Lee C C,Lin T H,Chang R X.A secure dynamic ID based remote user authentication scheme for multi-server environment using smart cards[J].Expert Systems with Applications,2011,38(11):13863-13870.
[8] Li X,Ma J,Wang W,et al.A novel smart card and dynamic ID based remote user authentication scheme for multi-server environments[J].Mathematical & Computer Modelling,2013,58(s 1-2):85-95.
[9] D Zhao,H Peng,et al.An efficient dynamic ID based remote user authentication scheme using self-certified public keys formulti-server environment,arXiv preprint arXiv:1305.6350[OL].http://arxiv.org/abs/1305.6350,2013-05.
[10] Chuang Y H,Tseng Y M.Towards generalized ID-based user authentication for mobile multi-server environment[J].International Journal of Communication Systems,2012,25(4):447-460.
[11] Han W,Zhu Z.An ID-based mutual authentication with key agreement protocol for multi-server environment on elliptic curve cryptosystem[J].International Journal of Communication Systems,2015,27(8):1173-1185.
[12] Islam S H.Aprovably secure ID-based mutual authentication and key agreement scheme for mobile multi-server environment without ESL attack[J].Wireless Personal Communications,2014,79(3):1975-1991.
[13] Tseng Y M,Huang S S,Tsai T T,et al.List-free ID-based mutual authentication and key agreement protocol for multiserver architectures[J].IEEE Transactions on Emerging Topics in Computing,2016,4(1):102-112.
[14] Liao Y P,Hsiao C M.A novel multi-server remote user authentication scheme using self-certified public keys for mobile clients[J].Future Generation Computer Systems,2013,29(3):886-900.
[15] Fleischhacker N,Jager T,Schröder D.On Tight Security Proofs for Schnorr Signatures[A].Advances in Cryptology-ASIACRYPT 2014[C].Springer Berlin Heidelberg,2014.512-531.