移动漫游中强安全的两方匿名认证密钥协商方案

doi:10.3969/j.issn.0372-2112.2019.01.003

电子学报 ›› 2019, Vol. 47 ›› Issue (1): 16-24.DOI: 10.3969/j.issn.0372-2112.2019.01.003

移动漫游中强安全的两方匿名认证密钥协商方案

陈明

宜春学院数学与计算机科学学院, 江西宜春 336000

收稿日期:2016-06-13 修回日期:2018-07-07 出版日期:2019-01-25
- 作者简介:
- 陈明男.1978年5月出生,重庆北碚人.2007年和2011年在重庆大学获工学硕士和工学博士学位.现为宜春学院副教授,主要从事信息安全、安全协议分析与设计、物联网安全技术和在线教育等方面的研究工作.E-mail:chenming9824@aliyun.com
- 基金资助:
- 国家自然科学基金 (No.61662083）; 江西省教育厅科学技术研究项目 (No.GJJ151040，No.GJJ151037，No.GJJ161042，No.GJJ161677）

Strongly Secure and Anonymous Two-Party Authenticated Key Agreement for Mobile Roaming Service

CHEN Ming

School of Mathematics and Computer Science, Yichun University, Yichun, Jiangxi 336000, China

Received:2016-06-13 Revised:2018-07-07 Online:2019-01-25 Published:2019-01-25
- Supported by:
- National Natural Science Foundation of China (No.61662083); Science and Technique Research Program of Education Department of Jiangxi Province (No.GJJ151040, No.GJJ151037, No.GJJ161042, No.GJJ161677)

摘要/Abstract

摘要： 由于低功耗的移动设备计算和存储能力较低，设计一种高效且强安全的两方匿名漫游认证与密钥协商方案是一项挑战性的工作.现有方案不仅计算开销较高，而且不能抵抗临时秘密泄露攻击.针对这两点不足，提出一种新的两方匿名漫游认证与密钥协商方案.在新方案中，基于Schnorr签名机制，设计了一种高效的基于身份签密算法，利用签密的特性实现实体的相互认证和不可追踪；利用认证双方的公私钥直接构造了一个计算Diffie-Hellman（Computational Diffie-Hellman，CDH）问题实例，能抵抗临时秘密泄露攻击.新方案实现了可证明安全，在eCK（extended Canetti-Krawczyk）模型基础上，探讨两方漫游认证密钥协商方案安全证明过程中可能出现的情形，进行归纳和拓展，并给出新方案的安全性证明，其安全性被规约为多项式时间敌手求解椭圆曲线上的CDH问题.对比分析表明：新方案安全性更强，需要实现的算法库更少，计算和通信开销较低.新方案可应用于移动通信网络、物联网或泛在网络，为资源约束型移动终端提供漫游接入服务.

关键词: 认证密钥协商, 移动漫游服务, 基于身份密码体制, 计算Diffie-Hellman问题, 扩展的CK模型

Abstract: As mobile devices usually have limited computing and storage resources,it is difficult to develop an anonymous two-party authentication scheme possessing performance efficiency and strong security simultaneously.The existing two-party authenticated key agreement schemes for roaming service do not resist the attack of ephemeral secrets reveal,and have high computation costs.Therefore,a new anonymous two-party authenticated key agreement scheme for roaming service was proposed in this paper,in which an efficiency identity-based signcryption scheme was adopted to achieve mutual authentication and unlinkability.The identity-based signcryption scheme is based on the Schnorr signature scheme,a very efficient elliptic curve digital signature algorithm,which greatly reduce the total computation cost during one authentication session in comparison with existing authentication schemes.Furthermore,to achieve the security of the ephemeral secrets reveal resistance in the new authentication scheme,we constructed a computational Diffie-Hellman problem instance that required two participants to compute a value by combining its own private key with its peer's public key,respectively.We extended the eCK model to model the two-party authenticated key agreement schemes for roaming service,discussed the distinction between the security game of authenticated key agreement schemes for mobile roaming service and the general one,and demonstrated that the new scheme was provably secure in the extended eCK model.The conclusion indicates that the security of the new scheme can be reduced to solve the computational Diffie-Hellman problem on an elliptic curve over finite field by a polynomial-time adversary.Comparative analysis shows that our scheme has stronger security,needs less cryptography library,and has lower computing and communication overheads.The new scheme can be used to provide secure roaming authentication for resource constrained mobile terminals in global mobility networks,Internet of things or ubiquitous networks.

Key words: authenticated key agreement, mobile roaming service, identity-based cryptography, computational Diffie-Hellman problem, eCK (extended Canetti-Krawczyk) model

中图分类号:

TP309

陈明. 移动漫游中强安全的两方匿名认证密钥协商方案[J]. 电子学报, 2019, 47(1): 16-24.

CHEN Ming . Strongly Secure and Anonymous Two-Party Authenticated Key Agreement for Mobile Roaming Service[J]. Acta Electronica Sinica, 2019, 47(1): 16-24.

参考文献

[1] ZOU Y,WANG X,HANZO L.A survey on wireless security:technical challenges,recent advances and future trends[J].Proceedings of the IEEE,2016,104(9):1727-1765.
[2] JIANG Y,LIN C,SHEN X,et al.Mutual authentication and key exchange protocols for roaming services in wireless mobile networks[J].IEEE Transactions on Wireless Communications,2006,5(9):2569-2577.
[3] 曹春杰,杨超,马建峰,等.WLAN Mesh漫游接入认证协议[J].计算机研究与发展,2009,46(7):1102-1109. CAO Chun-jie,YANG Chao,MA Jian-feng,et al.An authentication protocol for station roaming in WLAN mesh[J].Journal of Computer Research and Development,2009,46(7):1102-1109.(in Chinese)
[4] 王良民,姜顺荣,郭渊博.物联网中移动Sensor节点漫游的组合安全认证协议[J].中国科学:信息科学,2012,42(7):815-830. WANG Liang-min,JIANG Shun-rong,GUO Yuan-bo.Composable secure authentication protocol for mobile sensors roaming in the Internet of things[J].Scientia Sinica (Informationis),2012,42(7):815-830.(in Chinese)
[5] MUN H,HAN K,LEE Y S,et al.Enhanced secure anonymous authentication scheme for roaming service in global mobility networks[J].Mathematical and Computer Modelling,2012,55(1-2):214-222.
[6] SHIN S,YEH H,KIM K.An efficient secure authentication scheme with user anonymity for roaming user in ubiquitous networks[J].Peer-to-Peer Networking and Applications,2015,8(4):674-683.
[7] YANG G,HUANG Q,WONG D S,et al.Universal authentication protocols for anonymous wireless communications[J].IEEE Transactions on Wireless Communications,2010,9(1):168-174.
[8] HE D,CHEN C,CHAN S,et al.Secure and efficient handover authentication based on bilinear pairing functions[J].IEEE Transactions on Wireless Communications,2012,11(1):48-53.
[9] JO H J,PAIK J H,LEE D H.Efficient privacy-preserving authentication in wireless mobile networks[J].IEEE Transactions on Mobile Computing,2014,13(7):1469-1481.
[10] TSAI J L,LO N W.Provably secure anonymous authentication with batch verification for mobile roaming services[J].Ad Hoc Networks,2016,44:19-31.
[11] 周彦伟,杨波.物联网移动节点直接匿名漫游认证协议[J].软件学报,2015,26(9):2436-2450. ZHOU Yan-wei,YANG Bo.Provable secure authentication protocol with direct anonymity for mobile nodes roaming service in Internet of things[J].Journal of Software,2015,26(9):2436-2450.(in Chinese)
[12] 周彦伟,杨波,张文政.安全高效的异构无线网络可控匿名漫游认证协议[J].软件学报,2016,27(2):451-465. ZHOU Yan-wei,YANG Bo,ZHANG Wen-zheng.Secure and efficient roaming authentication protocol with controllable anonymity for heterogeneous wireless network[J].Journal of Software,2016,27(2):451-465.(in Chinese)
[13] 周彦伟,杨波,张文政.异构无线网络可控匿名漫游认证协议[J].电子学报,2016,44(5):1117-1123. ZHOU Yan-wei,YANG Bo,ZHANG Wen-zheng.Controllable and anonymous roaming protocol for heterogeneous wireless network[J].Acta Electronica Sinica,2016,44(5):1117-1123.(in Chinese)
[14] CANETTI R,KRAWCZYK H.Analysis of key-exchange protocols and their use for building secure channels[A].Proceedings of the Advances in Cryptology-Eurocrypt (LNCS 2045)[C].Berlin:Springer,2001.453-474.
[15] 陈明.强安全的匿名隐式漫游认证与密钥协商方案[J].计算机研究与发展,2017,54(12):2772-2784. CHEN Ming.Strongly secure anonymous implicit authentication and key agreement for roaming service[J].Journal of Computer Research and Development,2017,54(12):2772-2784.(in Chinese)
[16] LAMACCHIA B A,LAUTER K,MITYAGIN A.Stronger security of authenticated key exchange[A].Proceedings of the First International Conference on Provable Security (LNCS 4784)[C].Berlin:Springer,2007.1-16.
[17] DIFFIE W,HELLMAN M.New directions in cryptography[J].IEEE Transactions on Information Theory,1976,22(6):644-654.
[18] SCHNOOR C P.Efficient signature generation for smart card[J].Journal of Cryptology,1991,4(3):161-174.
[19] 陈明.标准模型下可托管的基于身份认证密钥协商[J].电子学报,2015,43(10):1954-1962. CHEN Ming.Escrowable identity-based authenticated key agreement in the standard model[J].Acta Electronica Sinica,2015,43(10):1954-1962.(in Chinese)
[20] SHAMIR A.Identity-based cryptosystems and signature schemes[A].Proceedings of the Advances in Cryptology-Crypto (LNCS196)[C].Berlin:Springer,198.47-53.
[21] HE D,CHAN S,GUIZANI M.Handover authentication for mobile networks:security and efficiency aspects[J].IEEE Network,2015,29(3):96-103.
[22] CAO X,KOU W,DANG L,et al.IMBAS:Identity-based multi-user broadcast authentication in wireless sensor networks[J].Computer Communications,2008,31(4):659-667.

移动漫游中强安全的两方匿名认证密钥协商方案

Strongly Secure and Anonymous Two-Party Authenticated Key Agreement for Mobile Roaming Service

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 3

编辑推荐

Metrics

[1]	张文芳, 雷丽婷, 王小敏, 王宇. 面向云服务的安全高效无证书聚合签名车联网认证密钥协商协议[J]. 电子学报, 2020, 48(9): 1814-1823.
[2]	陈明. 标准模型下可托管的基于身份认证密钥协商[J]. 电子学报, 2015, 43(10): 1954-1962.
[3]	曹天杰, 雷红. 基于椭圆曲线的隐私增强认证密钥协商协议[J]. 电子学报, 2008, 36(2): 397-401.