留言板

尊敬的读者、作者、审稿人, 关于本刊的投稿、审稿、编辑和出版的任何问题, 您可以本页添加留言。我们将尽快给您答复。谢谢您的支持!

姓名
邮箱
手机号码
标题
留言内容
验证码

多服务器环境下基于动态ID的轻量级身份认证协议

齐小晨 黎妹红 杜晔

齐小晨, 黎妹红, 杜晔等 . 多服务器环境下基于动态ID的轻量级身份认证协议[J]. 北京航空航天大学学报, 2021, 47(12): 2632-2640. doi: 10.13700/j.bh.1001-5965.2020.0442
引用本文: 齐小晨, 黎妹红, 杜晔等 . 多服务器环境下基于动态ID的轻量级身份认证协议[J]. 北京航空航天大学学报, 2021, 47(12): 2632-2640. doi: 10.13700/j.bh.1001-5965.2020.0442
QI Xiaochen, LI Meihong, DU Yeet al. Lightweight identity authentication protocol based on dynamic ID in multi-server environment[J]. Journal of Beijing University of Aeronautics and Astronautics, 2021, 47(12): 2632-2640. doi: 10.13700/j.bh.1001-5965.2020.0442(in Chinese)
Citation: QI Xiaochen, LI Meihong, DU Yeet al. Lightweight identity authentication protocol based on dynamic ID in multi-server environment[J]. Journal of Beijing University of Aeronautics and Astronautics, 2021, 47(12): 2632-2640. doi: 10.13700/j.bh.1001-5965.2020.0442(in Chinese)

多服务器环境下基于动态ID的轻量级身份认证协议

doi: 10.13700/j.bh.1001-5965.2020.0442
基金项目: 

国家自然科学基金 U1736114

国家重点研发计划 2017YFB0802805

详细信息
    通讯作者:

    黎妹红, E-mail: mhlil@bjtu.edu.cn

  • 中图分类号: V221+.3;TB553

Lightweight identity authentication protocol based on dynamic ID in multi-server environment

Funds: 

National Natural Science Foundation of China U1736114

National Key R & D Program of China 2017YFB0802805

More Information
  • 摘要:

    为了实现用户和服务器之间的通信安全及高效的身份认证,设计有效的身份认证协议成为研究热点。分析了已有协议的安全性,发现仍存在不能抵抗拒绝服务攻击(DOS)和离线口令猜测攻击的缺陷。因此,提出了新的基于动态ID的轻量级单向哈希函数身份认证协议,并通过非形式化安全性分析、随机预言机模型(ROM)分析和AVISPA实验仿真3种安全性分析,以及计算开销和通信开销的分析,比较证明了所提协议能够实现安全高效的身份认证。

     

  • 图 1  用户注册模块

    Figure 1.  User registration module

    图 2  登录、认证与密钥协商模块

    Figure 2.  Login, authentication and key agreement module

    图 3  用户的HLPSL代码

    Figure 3.  User's HLPSL code

    图 4  OFMC终端分析结果

    Figure 4.  Analysis results of OFMC terminal

    图 5  CL_AtSe终端分析结果

    Figure 5.  Analysis results of CL_AtSe terminal

    表  1  本文符号及说明

    Table  1.   Notation and description

    符号 说明
    Ui 用户
    CS 控制服务器
    Sj 接入服务器
    IDi 用户Ui的身份标识
    PWi 用户Ui的口令
    SIDj 服务器Sj的身份标识
    y 控制服务器CS的主密钥
    TSi, TSj 用户Ui,服务器Sj注册时间戳
    TCi, TCj 用户Ui,服务器Sj注册凭证
    T1, T2, T3 系统时间戳
    ΔT 最大通信时延
    h(·) 单向哈希函数
    连接
    异或运算
    下载: 导出CSV

    表  2  安全属性对比

    Table  2.   Comparison of security properties

    安全属性 本文方案 文献[19] 文献[18] 文献[17]
    双向认证 ×
    前向安全性
    抗重放攻击 ×
    抗仿冒攻击 × ×
    抗中间人攻击 × ×
    抗拒绝服务攻击 × × ×
    抗离线口令猜测攻击 × ×
    下载: 导出CSV

    表  3  计算开销对比

    Table  3.   Comparison of computation cost

    角色 本文方案 文献[19] 文献[18] 文献[17]
    用户 7Th 5Th 6Th 8Th
    控制服务器 6Th 6Th 8Th 13Th
    接入服务器 5Th 2Th 5Th 4Th
    总和 18Th 13Th 19Th 25Th
    下载: 导出CSV
  • [1] KHAN S U, LAVAGNO L, PASTRONE C, et al. Online authentication and key establishment scheme for heterogeneous sensor networks[J]. International Journal of Distributed Sensor Networks, 2014, 2014: 718286. http://porto.polito.it/2577142/1/718286.pdf
    [2] LAMPORT L. Password authentication with insecure communication[J]. Communications of the ACM, 1981, 24(11): 770-772. doi: 10.1145/358790.358797
    [3] AWASTHI A K, LAI S. An enhanced remote user authentication scheme using smart cards[J]. IEEE Transactions on Consumer Electronics, 2004, 50(2): 583-586. doi: 10.1109/TCE.2004.1309430
    [4] XU J, ZHU W T, FENG D G. An improved smart card based password authentication scheme with provable security[J]. Computer Standards & Interfaces, 2009, 31(4): 723-728. http://www.onacademic.com/detail/journal_1000035039791810_ab2f.html
    [5] LI X, QIU W, ZHENG D, et al. Anonymity enhancement on robust and efficient password-authenticated key agreement using smart cards[J]. IEEE Transactions on Industrial Electronics, 2010, 57(2): 793-800. doi: 10.1109/TIE.2009.2028351
    [6] ZHAO D W, PENG H P, LI L X, et al. A secure and effective anonymous authentication scheme for roaming service in global mobility networks[J]. Wireless Personal Communications, 2014, 78(1): 247-269. doi: 10.1007/s11277-014-1750-y
    [7] KHAN M K, KUMARI S. An improved user authentication protocol for healthcare services via wireless medical sensor networks[J]. International Journal of Distributed Sensor Networks, 2014, 2014: 347169.
    [8] 沈忠华, 于秀源. 一个新的智能卡远程用户认证方案[J]. 浙江大学学报(理学版), 2008, 35(2): 145-149. doi: 10.3785/j.issn.1008-9497.2008.02.006

    SHEN Z H, YU X Y. A new remote user authentication scheme of using smart card[J]. Journal of Zhejiang University(Science Edition), 2008, 35(2): 145-149(in Chinese). doi: 10.3785/j.issn.1008-9497.2008.02.006
    [9] FAN C I, CHAN Y C, ZHANG Z K. Robust remote authentication scheme with smart cards[J]. Computers & Security, 2005, 24(8): 619-628. http://pdfs.semanticscholar.org/d8d4/63a70550db5a7ce806644ba63f805c5c15a1.pdf
    [10] HWANG M S, CHONG S K, CHEN T Y. DoS-resistant ID-based password authentication scheme using smart cards[J]. Journal of Systems and Software, 2010, 83(1): 163-172. doi: 10.1016/j.jss.2009.07.050
    [11] LEE S W, KIM H S, YOO K Y. Efficient nonce-based remote user authentication scheme using smart cards[J]. Applied Mathematics and Computation, 2005, 167(1): 355-361. doi: 10.1016/j.amc.2004.06.111
    [12] LIU J Y, ZHOU A M, GAO M X. A new mutual authentication scheme based on nonce and smart cards[J]. Computer Communications, 2008, 31(10): 2205-2209. doi: 10.1016/j.comcom.2008.02.002
    [13] LI C T, HWANG M S. An efficient biometrics-based remote user authentication scheme using smart cards[J]. Journal of Network and Computer Applications, 2010, 33(1): 1-5. doi: 10.1016/j.jnca.2009.08.001
    [14] SONG R. Advanced smart card based password authentication protocol[J]. Computer Standards & Interfaces, 2010, 32(5-6): 321-325.
    [15] SOOD S K, SARJE A K, SINGH K. A secure dynamic identity based authentication protocol for multi-server architecture[J]. Journal of Network and Computer Applications, 2011, 34(2): 609-618. doi: 10.1016/j.jnca.2010.11.011
    [16] LI X, XIONG Y, MA J, et al. An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards[J]. Journal of Network and Computer Applications, 2012, 35(2): 763-769. doi: 10.1016/j.jnca.2011.11.009
    [17] XUE K, HONG P, MA C. A lightweight dynamic pseudonym identity based authentication and key agreement protocol without verification tables for multi-server architecture[J]. Journal of Computer and System Sciences, 2014, 80(1): 195-206. doi: 10.1016/j.jcss.2013.07.004
    [18] LU Y R, LI L X, PENG H P, et al. A lightweight ID based authentication and key agreement protocol for multiserver architecture[J]. International Journal of Distributed Sensor Networks, 2015, 2015: 16. http://www.onacademic.com/detail/journal_1000039673457810_add2.html
    [19] MISHRA D, DAS A K, MUKHOPADHYAY S. A secure user anonymity-preserving biometric-based multi-server authenticated key agreement scheme using smart cards[J]. Expert Systems with Applications, 2014, 41(18): 8129-8143. doi: 10.1016/j.eswa.2014.07.004
    [20] WANG D, WANG P. Two birds with one stone: Two-factor authentication with security beyond conventional bound[J]. IEEE Transactions on Dependable and Secure Computing, 2018, 15(4): 708-722. http://ieeexplore.ieee.org/document/7558124/
    [21] GU Y, LI S Q. Cryptanalysis and improvement of a biometrics-based multi-server authentication protocol [C]//2018 International Conference on Computing, Networking and Communications. Piscataway: IEEE Press, 1994: 16-20.
    [22] 唐郑熠, 李祥. Dolev-Yao攻击者模型的形式化描述[J]. 计算机工程与科学, 2010, 32(8): 36-38. doi: 10.3969/j.issn.1007-130X.2010.08.010

    TANG Z Y, LI X. Formal description of Dolev-Yao attacker model[J]. Computer Engineering and Science, 2010, 32(8): 36-38(in Chinese). doi: 10.3969/j.issn.1007-130X.2010.08.010
    [23] WANG D, LI W, WANG P. Measuring two-factor authentication schemes for real-time data access in industrial wireless sensor networks[J]. IEEE Transactions on Industrial Informatics, 2018, 14(9): 4081-4092. doi: 10.1109/TII.2018.2834351
    [24] WANG C, XU G, SUN J. An enhanced three-factor user authentication scheme using elliptic curve cryptosystem for wireless sensor networks[J]. Sensors, 2017, 17(12): 2946. doi: 10.3390/s17122946
    [25] WANG D, ZHANG Z, WANG P, et al. Targeted online password guessing: An underestimated threat[C]//Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. New York: ACM, 2016: 1242-1254.
    [26] CHRISTOPH G G. An identity-based key-exchange protocol[C]//Workshop on the Theory and Application of Crypto-graphic Techniques. Berlin: Springer, 1989: 235-258.
    [27] WEI F, VIJAYAKUMAR P, JIAN S, et al. A provably secure password-based anonymous authentication scheme for wireless body area networks[J]. Computers & Electrical Engineering, 2018, 65: 322-331. http://www.sciencedirect.com/science?_ob=ShoppingCartURL&_method=add&_eid=1-s2.0-S0045790617309850&originContentFamily=serial&_origin=article&_ts=1493980509&md5=e978a7fa0564a684e1b8eafc33d8c75a
    [28] FENG Q, HE D, ZEADALLY S, et al. Anonymous biometrics-based authentication scheme with key distribution for mobile multi-server environment[J]. Future Generation Computer Systems, 2018, 84: 239-251. doi: 10.1016/j.future.2017.07.040
    [29] AVISPA. Automated validation of internet security protocols and applications[EB/OL]. [2020-08-01]. http://www.avispa-project.org/.
  • 加载中
图(5) / 表(3)
计量
  • 文章访问数:  341
  • HTML全文浏览量:  36
  • PDF下载量:  22
  • 被引次数: 0
出版历程
  • 收稿日期:  2020-08-21
  • 录用日期:  2020-12-11
  • 网络出版日期:  2021-12-20

目录

    /

    返回文章
    返回
    常见问答