A biometric verification based authentication scheme using Chebyshev chaotic mapping
-
摘要:
云计算中访问控制和安全性是两大问题,且与传统的身份认证存在一定区别。利用切比雪夫多项式的半群特性、混沌特性,提出了一种基于切比雪夫混沌映射和生物识别的口令认证密钥协商方案。用户和服务器首先在云服务提供商(CSP)处进行注册,随后无需CSP的参与即可完成认证,建立会话密钥。安全性分析和性能比较表明,方案满足许多安全因素,如双向认证、用户隐私保护、多因素安全、前向安全性,即使CSP的主密钥被泄露,前向安全性也能确保用户会话密钥的机密性;此外,方案还能抵抗中间人攻击、离线口令猜测攻击和仿冒攻击等,并且支持多服务器环境中用户口令和生物特征的高效变更。
Abstract:In cloud computing, access control and security are two major problems, and there are some differences from traditional identity authentication. Inspired by the semi-group and chaotic properties of Chebyshev polynomials, a scheme of password-authenticated key agreement using Chebyshev chaotic mapping and biometrics has been presented. In the proposed model, the users and the servers need to register at the cloud service provider (CSP) in the beginning. Then they can complete authentication and establish session key without the participation of CSP. Moreover, security analysis and performance comparison show that the proposed scheme satisfies many security factors, such as mutual authentication, user privacy protection, multi-factor security and forward security. Forward security assures the confidentiality of the user's session key, even if the private key of the CSP is compromised. The proposed scheme is also robust to resist man-in-the-middle attacks, off-line password guessing and impersonation attacks, etc. In addition, it supports efficient changes to user passwords and biometric characteristics in a multi-server environment.
-
Key words:
- Chebyshev chaotic mapping /
- authentication /
- key agreement /
- cloud computing /
- biometric verification
-
表 1 符号及其含义
Table 1. Notation and description
符号 含义 IDi 用户Ui的身份标识 PWi 用户Ui的口令 SIDj 服务器CSj的身份标识 Gen() 模糊提取生成函数 Rep() 模糊提取重构函数 BIOi 用户Ui的生物特征 bi 用户Ui的生物特征密钥 αi 公共重构参数 a 事先设定的容错阈值 h() 单向哈希函数 T1, T2, T3 系统时间戳 ΔT 最大通信时延 ‖ 连接 ⊕ 异或运算 表 2 安全属性对比
Table 2. Comparison of security properties
-
[1] MAJUMDER A, NAMASUDRA S, NATH S.Taxonomy and classification of access control models for cloud environments[M].Berlin:Springer-Verlag, 2014:23-53. [2] YANG J H, CHANG Y F, HUANG C C.A user authentication scheme on multi-server environments for cloud computing[C]//Communications and Signal Processing.Piscataway, NJ: IEEE Press, 2014: 1-4. https://www.researchgate.net/publication/271555870_A_user_authentication_scheme_on_multi-server_environments_for_cloud_computing [3] YANG J H, LIN P Y.An ID-based user authentication scheme for cloud computing[C]//10th International Conference on Intelligent Information Hiding and Multimedia Signal Processing.Piscataway, NJ: IEEE Press, 2014: 98-101. https://ieeexplore.ieee.org/document/6998277/ [4] YASSIN A A, JIN H, IBRAHIM A, et al.A practical privacy-preserving password authentication scheme for cloud computing[C]//Parallel and Distributed Processing Symposium Workshops & PHD Forum Piscataway, NJ: IEEE Press, 2012: 1210-1217. https://www.researchgate.net/publication/258206733_A_Practical_Privacy_preserving_Password_authentication_Scheme_for_Cloud_Computing [5] TSAI J L, LO N W.A privacy-aware authentication scheme for distributed mobile cloud computing services[J].IEEE Systems Journal, 2017, 9(3):805-815. http://www.wanfangdata.com.cn/details/detail.do?_type=perio&id=8536486a2db81ba1528a087c7bdcddf0 [6] LAMPORT L.Password authentication with insecure communication[J].Communications of the ACM, 1981, 24(24):770-772. doi: 10.1145-358790.358797/ [7] SHOUP V, RUBIN A.Session key distribution using smart cards[C]//International Conference on Theory and Application of Cryptographic Techniques.Berlin: Springer-Verlag, 1996: 321-331. [8] HWANG M S, LI H.A new remote user authentication scheme using smart cards[J].IEEE Transactions on Consumer Electronics 2000, 46(1):28-30. doi: 10.1109/30.826377 [9] HE D, WANG D.Robust biometrics-based authentication scheme for multiserver environment[J].IEEE Systems Journal, 2015, 9(3):816-823. doi: 10.1109/JSYST.2014.2301517 [10] ODELU V, DAS AK, GOSWAMI A.A secure biometrics based multi-server authentication protocol using smart cards[J].IEEE Transactions on Information Forensicsand Security, 2015, 10(9):1953-1966. doi: 10.1109/TIFS.2015.2439964 [11] WAZID M, DAS A K, KUMARI S, et al.Provably secure biometric-based user authentication and key agreement scheme in cloud computing[J].Security & Communication Networks, 2016, 9(17):4103-4119. http://cn.bing.com/academic/profile?id=02fe9daf8a86dd7c5f8ba001800e3f09&encoded=0&v=paper_preview&mkt=zh-cn [12] NAMASUDRA S, ROY P.A new secure authentication scheme for cloud computing environment[J].Concurrency & Computation Practice & Experience, 2017, 29:e3864. http://cn.bing.com/academic/profile?id=a5b6a2807dfb1221ae5f9d86d6517089&encoded=0&v=paper_preview&mkt=zh-cn [13] DODIS Y, OSTROVSKY R, REYZIN L, et al.Fuzzy extractors:How to generate strong keys from biometrics and other noisy data[J].SIAM Journal on Computing, 2008, 38(1):97-139. doi: 10.1137/060651380 [14] CHRISTOPH G G.An Identity-based key-exchange protocol[C]//Workshop on the Theory and Application of of Cryptographic Techniques.Berlin: Springer, 1989: 235-258. [15] MESSERGES T S, DABBISH E A, SLOAN R H.Examining smart-card security under the threat of power analysis attacks[J].IEEE Transactions on Computers, 2002, 51(5):541-552. doi: 10.1109/TC.2002.1004593 [16] PIPPAL R S, JAIDHAR C D, TAPASWI S.Enhanced time-bound ticket-based mutual authentication scheme for cloud computing[J].Informatica, 2013, 37(2):149-156. http://cn.bing.com/academic/profile?id=dcc91736db2e3d4f401f0c30e18b2bad&encoded=0&v=paper_preview&mkt=zh-cn [17] HAO Z, ZHONG S, YU N.A time-bound ticket-based mutual authentication scheme for cloud computing[J].International Journal of Computers Communications & Control, 2011, Ⅵ(2):227-235. http://cn.bing.com/academic/profile?id=9fabcefca2491727889f18fce0c4bf77&encoded=0&v=paper_preview&mkt=zh-cn [18] CHEN T H, YEH H, SHIH W K.An advanced ECC dynamic ID-based remote mutual authentication scheme for cloud computing[C]//FTRA International Conference on Multimedia & Ubiquitous Engineering.Piscataway, NJ: IEEE Press, 2011: 155-159. https://www.researchgate.net/publication/221281948_An_Advanced_ECC_Dynamic_ID-Based_Remote_Mutual_Authentication_Scheme_for_Cloud_Computing [19] LI H, LI F, SONG C, et al.Towards smart card based mutual authentication schemes in cloud computing[J].KSⅡ Transactions on Internet & Information Systems, 2015, 9(7):2719-2735. http://www.wanfangdata.com.cn/details/detail.do?_type=perio&id=JAKO201536553511304 [20] LI W, WEN Q, SU Q, et al.An efficient and secure mobile payment protocol for restricted connectivity scenarios in vehicular ad hoc network[J].Computer Communications, 2012, 35(2):188-195. http://www.wanfangdata.com.cn/details/detail.do?_type=perio&id=58638ab866515a9e003bab7dc4bd16d9 [21] HE D, KUMAR N, LEE J H, et al.Enhanced three-factor security protocol for consumer USB mass storage devices[J].IEEE Transactions on Consumer Electronics, 2014, 60(1):30-37. doi: 10.1109/TCE.2014.6780922 [22] YOON E J, JEON I S.An efficient and secure Diffie-Hellman key agreement protocol based on Chebyshev chaotic map[J].Communications in Nonlinear Science & Numerical Simulation, 2011, 16(6):2383-2389. http://www.wanfangdata.com.cn/details/detail.do?_type=perio&id=d7980abeaabeec54a9ca66a0b852815e [23] WANG X Y, ZHAO J F.An improved key agreement protocol based on chaos[J].Communications in Nonlinear Science & Numerical Simulation, 2010, 15(12):4052-4057. http://cn.bing.com/academic/profile?id=0ee9d3dc2d2c71959a854e97622124f9&encoded=0&v=paper_preview&mkt=zh-cn