您的位置:山东大学 -> 科技期刊社 -> 《山东大学学报(理学版)》

《山东大学学报(理学版)》 ›› 2019, Vol. 54 ›› Issue (5): 44-51.doi: 10.6040/j.issn.1671-9352.2.2018.207

•   • 上一篇    下一篇

可证明的基于扩展混沌映射的匿名多服务器身份认证协议

屈娟1(),冯玉明2,李艳平3,李丽1   

  1. 1. 重庆三峡学院数学与统计学院, 重庆 404100
    2. 重庆三峡学院智能信息处理与控制重庆高校市级重点实验室, 重庆 404100
    3. 陕西师范大学数学与信息科学学院, 陕西 西安 710062
  • 收稿日期:2018-09-20 出版日期:2019-05-20 发布日期:2019-05-09
  • 作者简介:屈娟(1984—),女,硕士,副教授,研究方向为认证理论. E-mail: qulujuan@163.com
  • 基金资助:
    国家自然科学基金资助项目(61402275);重庆市教委科学技术研究基金资助项目(KJ1501019);重庆三峡学院项目(14QN29)

An anonymous and provably remote user authentication protocol using extended chaotic maps for multi-server system

Juan QU1(),Yu-ming FENG2,Yan-ping LI3,Li LI1   

  1. 1. School of Mathematics and Statistics, Chongqing Three Gorges University, Chongqing, 404100, China
    2. Key Laboratory of Intelligent Information Processing and Control of Chongqing Municipal Institutions of Higher Education, Chongqing Three Gorges University, Chongqing, 404100, China
    3. College of Mathematics and Information Science, Shaanxi Normal University, Xi'an 710062, Shannxi, China
  • Received:2018-09-20 Online:2019-05-20 Published:2019-05-09
  • Supported by:
    国家自然科学基金资助项目(61402275);重庆市教委科学技术研究基金资助项目(KJ1501019);重庆三峡学院项目(14QN29)

摘要:

现有多服务器环境下的身份认证方案大多存在无法抵御各种安全攻击,不能实现匿名性等问题,基于扩展的混沌映射和生物特征方法提出了一种多服务器环境下的身份认证协议,实现用户与多服务器之间的身份认证,并在认证过程中协商了会话密钥。利用BAN逻辑对提出的协议进行了安全证明。安全性分析结果表明,本文的协议可抵御假冒攻击、离线口令猜测攻击、偷取智能卡攻击等,并具有强匿名性。最后,与现有的相关协议比较,本文的协议更安全高效,适合在实际中应用。

关键词: 多服务器系统, 混沌映射, 身份认证, 密钥协商, 生物特征

Abstract:

The existing remote user authentication schemes for multi-server environment are not resilient to defend against various security attacks and does not provide user anonymity. Therefore, a remote user authentication scheme for multi-server environment based on biometric and chaotic maps is proposed to realize authentication between the user and multi-server. The user and multi-server can authenticate each other and share a session key for subsequent secure communication. The proposed scheme is proved to be secure using the BAN logic. Additionally, analysis results show that the proposed protocol can resist masquerade attack, offline password guessing attack, stolen smart card attack, etc. Finally, comparing the scheme with other relevant schemes and the comparative results show that our scheme is efficient in terms of computation cost, communication cost, it can be more suitable for practical application.

Key words: multi-server system, chaotic maps, user authentication, key agreement, biometric

中图分类号: 

  • TP309

表1

符号说明"

符号含义
Ui用户Ui
Sj服务器Sj
IDi用户Ui的身份
PWi用户Ui的口令
BIOi用户Ui的生物特征
h(·)单向哈希函数
异或运算
串联运算
Ti用户Ui当前时刻时间戳
Tj远程服务器Sj的当前时刻时间戳
p大素数
Tn(x)切比雪夫多项式x∈(-∞, +∞)
SKij用户Ui和服务器Sj共同协商的会话密钥
A攻击者
s注册中心RC的密钥
RC注册中心

表2

BAN逻辑中的符号及含义"

符号含义
P |≡XP相信X或相信X是真的
P?XP看见了X
PXPX有裁判权, P有权给出X
P|~XP说过X
$A \stackrel{K}{\leftrightarrow} B$KAB的共享密钥
#(X)X是新鲜的
(X, Y)K用哈希函数作用密钥K和(X, Y)得到的数据
X, YK表示公式X和公式Y相结合

表3

计算量比较"

方案[10]文献[12]文献[14]本文提出的方案
总的时间计算复杂度18Th+3TRe+3TRd=61.2 ms18Th+TRe+TRd=26.4 ms14Th+4Tpm=259 ms12Th+4Tc=90 ms

表4

安全性和功能比较"

安全属性协议[10]协议[12]协议[14]本文提出的协议
相互认证
密钥协商
抵抗口令猜测攻击
抵抗用户冒充攻击
抵抗服务器冒充攻击
匿名性
抵抗智能卡丢失攻击
前向安全性
抵抗重放攻击
1 LAMPORT L . Password authentication with insecure communication[J]. Communications of the ACM, 1981, 24 (11): 770- 772.
doi: 10.1145/358790.358797
2 FAN C I , CHAN Y C , ZHANG Z K . Robust remote authentication scheme with smart cards[J]. Computers & Security, 2005, 24 (8): 619- 628.
3 DAS A K . A secure user anonymity-preserving three-factor remote user authentication scheme for the telecare medicine information systems[J]. Journal of Medicine System, 2015, 39 (3): 1- 20.
4 HE D B , ZEADALLY S , KUMAR N , et al. Efficient and anonymous mobile user authentication protocol using self-certified public key cryptography for multi-server architectures[J]. IEEE Transactions on Information Forensics & Security, 2016, 11 (9): 2052- 2064.
5 JIANG Q , CHEN Z R , LI B Y , et al. Security analysis and improvement of bio-hashing based three-factor authentication scheme for telecare medical information systems[J]. Journal of Ambient Intelligence and Humanized Computing, 2018, 9 (4): 1061- 1073.
doi: 10.1007/s12652-017-0516-2
6 LI X , XIONG Y P , MA J , et al. An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards[J]. Journal of Network and Computer Applications, 2012, 35 (2): 763- 769.
doi: 10.1016/j.jnca.2011.11.009
7 李艳平, 刘小雪, 屈娟, 等. 基于智能卡的多服务器远程匿名认证密钥协商协议[J]. 四川大学学报(工程科学版), 2016, 48 (1): 91- 98.
LI Yanping , LIU Xiaoxue , QU Juan , et al. Multi-server anonymous remote authenticated key agreement protocol based on smart card[J]. Journal of Sichuan University(Engineering Science Edition), 2016, 48 (1): 91- 98.
8 XUE K P , HONG P L , MA C S . A lightweight dynamic pseudonym identity based authentication and key agreement protocol without verification tables for multi-server architecture[J]. Journal of Computer and System Sciences, 2014, 80 (1): 195- 206.
doi: 10.1016/j.jcss.2013.07.004
9 GUPTA P C , DHAR J . Hash based multi-server key exchange protocol using smart card[J]. Wireless Personal Communications, 2016, 87 (1): 225- 244.
doi: 10.1007/s11277-015-3040-8
10 LU Y R , LI L X , PENG H P , et al. A biometrics and smart cards-based authentication scheme for multi-server environments[J]. Security and Communication Networks, 2015, 8 (17): 3219- 3228.
doi: 10.1002/sec.v8.17
11 CHANDRAKAR P , OM H . A secure and robust anonymous three-factor remote user authentication scheme for multi-server environment using ECC[J]. Computer Communications, 2017, 110: 26- 34.
doi: 10.1016/j.comcom.2017.05.009
12 GUO H , WANG P , ZHANG X Y , et al. A robust anonymous biometirc-based authenticated key agreement scheme for multi-server environments[J]. PLoS one, 2017, 12 (11): 1- 19.
13 YANG L , Zhang Z M . Cryptanalysis and improvement of a biometric-based authentication and key agreement scheme for multi-server environments[J]. PLoS one, 2017, 13 (3): 1- 27.
14 LU Y R , LI L X , PENG H P , et al. An enhanced biometric-based authentication scheme for telecare medicine information systems using elliptic curve cryptosystem[J]. Journal of Medical Systems, 2015, 39 (3): 32.
doi: 10.1007/s10916-015-0221-7
15 YEH K H . A provably secure multi-server based authentication scheme[J]. Wireless Personal Communications, 2014, 79 (3): 1621- 1634.
doi: 10.1007/s11277-014-1948-z
16 PIPPAL R S , JAIDHAR C D , TAPASWI S . Robust smart card authentication scheme for multi-server architecture[J]. Wireless Personal Communications, 2013, 72 (1): 729- 745.
doi: 10.1007/s11277-013-1039-6
17 MISHRA D . Design and analysis of a provably secure multi-server authentication scheme[J]. Wireless Personal Communications, 2016, 86 (3): 1095- 1119.
doi: 10.1007/s11277-015-2975-0
18 汪定, 李文婷, 王平, 等. 对三个多服务器环境下匿名认证协议的分析[J]. 软件学报, 2018, 29 (7): 1937- 1952.
WANG Ding , LI Wenting , WANG Ping , et al. Crytanalysis of three anonymous authentication schemes for multi-server environment[J]. Journal of Software, 2018, 29 (7): 1937- 1952.
19 REDDY A G , YOON E J , DAS A K , et al. Design of mutually authenticated key agreement protocol resistant to impersonation attacks for multi-server environment[J]. IEEE Access, 2017, 5: 3622- 3639.
doi: 10.1109/ACCESS.2017.2666258
20 万涛, 刘遵雄, 马建峰, 等. 多服务器架构下认证与密钥协商协议[J]. 计算机研究与发展, 2016, 53 (11): 2446- 2453.
doi: 10.7544/issn1000-1239.2016.20150107
WAN Tao , LIU Zunxiong , MA Jianfeng , et al. Authentication and key agreement protocol for multi-server architecture[J]. Journal of Computer Research and Development, 2016, 53 (11): 2446- 2453.
doi: 10.7544/issn1000-1239.2016.20150107
21 AMIN R . Cryptanalysis and efficient dynamic ID based remote user authentication scheme in multi-server environment using smart card[J]. International Journal of Network Security, 2016, 18 (1): 172- 181.
22 DODIS Y , OSTROVSKY R , REYZIN L , et al. Fuzzy extractors:how to generate strong keys from biometrics and other noisy data[J]. SIAM Journal on Computing, 2008, 38 (1): 97- 139.
doi: 10.1137/060651380
23 RIVLIN T J . The chebyshev polynomials[M]. New York: Wiley, 1974.
24 ZHANG L H . Cryptanalysis of the public key encryption based on multiple chaotic systems[J]. Chaos, Solitons & Fractals, 2008, 37 (3): 669- 674.
25 BURROWS M , ABADI M , NEEDHAM R M . A logic of authentication[J]. Proceedings of the Royal Society A:Mathematical, Physical and Engineering Sciences, 1989, 426 (1871): 233- 271.
doi: 10.1098/rspa.1989.0125
26 SUTRALA A K , DAS A K , ODELU V , et al. Secure anonymity-preserving password-based user authentication and session key agreement scheme for telecare medicine information systems[J]. Computer Methods and Programs in Biomedicine, 2016, 135: 167- 185.
doi: 10.1016/j.cmpb.2016.07.028
[1] 屈娟,李艳平. 基于动态身份的远程用户认证方案[J]. 山东大学学报(理学版), 2017, 52(1): 37-42.
[2] 查明明,王伟. FlowMonitor: Android隐私数据流向监控防护系统[J]. 山东大学学报(理学版), 2016, 51(9): 59-67.
[3] 朱智强,马可欣,孙磊. 一种基于零知识证明的远程桌面认证协议[J]. 山东大学学报(理学版), 2016, 51(9): 47-52.
[4] 朱斌瑞,秦静,韩斐. 基于生物特征的可搜索加密[J]. 山东大学学报(理学版), 2016, 51(5): 78-86.
[5] 倪亮1,2,3,陈恭亮3,李建华3. eCK模型的安全性分析[J]. J4, 2013, 48(7): 46-50.
[6] 汪定1,2,薛锋1,王立萍1,马春光2. 改进的具有PFS特性的口令认证密钥协商方案[J]. J4, 2012, 47(9): 19-25.
[7] 王鹃1,2,何琪1,严飞1,2,蒋万伟1,杨明1,王妍1. 一种以用户为中心的移动互联网身份管理及认证系统[J]. J4, 2012, 47(11): 12-17.
[8] 郑世慧,王少辉,张国艳 . 一个动态的安全有效的群密钥协商协议[J]. J4, 2006, 41(2): 89-93 .
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
[1] 何海伦, 陈秀兰*. 变性剂和缓冲系统对适冷蛋白酶MCP-01和中温蛋白酶BP-01构象影响的圆二色光谱分析何海伦, 陈秀兰*[J]. 山东大学学报(理学版), 2013, 48(1): 23 -29 .
[2] 赵君1,赵晶2,樊廷俊1*,袁文鹏1,3,张铮1,丛日山1. 水溶性海星皂苷的分离纯化及其抗肿瘤活性研究[J]. J4, 2013, 48(1): 30 -35 .
[3] 孙小婷1,靳岚2*. DOSY在寡糖混合物分析中的应用[J]. J4, 2013, 48(1): 43 -45 .
[4] 罗斯特,卢丽倩,崔若飞,周伟伟,李增勇*. Monte-Carlo仿真酒精特征波长光子在皮肤中的传输规律及光纤探头设计[J]. J4, 2013, 48(1): 46 -50 .
[5] 杨伦,徐正刚,王慧*,陈其美,陈伟,胡艳霞,石元,祝洪磊,曾勇庆*. RNA干扰沉默PID1基因在C2C12细胞中表达的研究[J]. J4, 2013, 48(1): 36 -42 .
[6] 冒爱琴1, 2, 杨明君2, 3, 俞海云2, 张品1, 潘仁明1*. 五氟乙烷灭火剂高温热解机理研究[J]. J4, 2013, 48(1): 51 -55 .
[7] 孙亮吉,吉国兴 . 上三角形矩阵代数上的Jordan(α,β)-导子和广义Jordan(α,β)-导子[J]. J4, 2007, 42(10): 100 -105 .
[8] 王 怡,刘爱莲 . 时标下的蛛网模型[J]. J4, 2007, 42(7): 41 -44 .
[9] 袁晖坪 . 行(列)对称矩阵的Schur分解和正规阵分解[J]. J4, 2007, 42(10): 123 -126 .
[10] 曲晓英,赵 静 . 含时线性Klein-Gordon方程的解[J]. J4, 2007, 42(7): 22 -26 .