摘要
针对椭圆曲线中双线性对运算计算开销较大和PKI中证书管理的问题,利用基于身份的公钥密码算法和椭圆曲线加法群上的GDH困难问题,设计了一种高效安全的认证密钥协商协议,并在随机预言机模型下证明了协议的安全性。分析表明,该协议满足已知会话密钥安全性、完美前向安全性、抗临时密钥泄露攻击和抗会话密钥托管等安全属性,且能够在仅5次标量乘法运算后完成参与方之间的相互认证和会话密钥协商,具有较小的计算开销。
For the bad computation overhead of bilinear pairings in elliptic curve and the problems of certificate management in the PKI, an efficient and secure authentication key agreement protocol was proposed based on the identity-based cryptosystem and GDH difficult problem on the additive group of elliptic curve. Meanwhile, the security of the new protocol was proved under the random oracle model. The analysis shows that the new protocol meets security properties such as known session key security, perfect forward security, ephemeral secret leakage resistance and the session key escrow resistance. The proposed protocol has the good computational overhead for it was able to complete the mutual authentication and session key agreement between parties under only 5 times scalar multiplication.
引文
[1]REDDY A G,YOON E J,DAS A K,et al.Lightweight authentication with key-agreement protocol for mobile network environment using smart cards[J].IET Information Security,2016,10(5):272-282.
[2]SHAMIR A.Identity-based cryptosystems and signature schemes[C]//Workshop on the Theory and Application of Cryptographic Techniques.Springer Berlin Heidelberg,1984:47-53.
[3]王圣宝,曹珍富,董晓蕾.标准模型下可证安全的身份基认证密钥协商协议[J].计算机学报,2007,30(10):1842-1852.WANG S B,CAO Z F,DONG X L.Provably secure identity-based authenticated key agreement protocols in the standard model[J].Chinese Journal of Computers,2007,30(10):1842-1852.
[4]曹雪菲,寇卫东,樊凯,等.无双线性对的基于身份的认证密钥协商协议[J].电子与信息学报,2009,31(5):1241-1244.CAO X F,KOU W D,FAN K,et al.An identity-based authenticated key agreement protocol without bilinear pairing[J].Journal of Electronics and Information Technology,2009,31(5):1241-1244.
[5]高海英.可证明安全的基于身份的认证密钥协商协议[J].计算机研究与发展,2012,49(8):1685-1689.GAO H Y.Provable secure ID-based authenticated key agreement protocol[J].Journal of Computer Research and Development,2012,49(8):1685-1689.
[6]ISLAM S H.A provably secure ID-based mutual authentication and key agreement scheme for mobile multi-server environment without ESL attack[J].Wireless Personal Communications,2014,79(3):1975-1991.
[7]高志刚,冯登国.高效的标准模型下基于身份认证密钥协商协议[J].软件学报,2011,22(5):1031-1040.GAO Z G,FENG D G.Efficient identity-based authenticated key agreement protocol in the standard model[J].Journal of Software,2011,22(5):1031-1040.
[8]CHEN L,CHENG Z,SMART N P.Identity-based key agreement protocols from pairings[J].International Journal of Information Security,2007,6(4):213-241.
[9]KILINC H H,ALLABERDIYEV Y,YANIK T,et al.Efficient ID-based authentication and key agreement protocols for the session initiation protocol[J].Turkish Journal of Electrical Engineering&Computer Sciences,2015,23(2):560-579.
[10]SUN H,WEN Q,ZHANG H,et al.A strongly secure identity-based authenticated key agreement protocol without pairings under the GDH assumption[J].Security and Communication Networks,2015,8(17):3167-3179.
[11]AL-RIYAMI S S,PATERSON K G.Certificateless public key cryptography[C]//International Conference on the Theory and Application of Cryptology and Information Security.Springer Berlin Heidelberg,2003:452-473.
[12]ZHANG L.Certificateless one-pass and two-party authenticated key agreement protocol and its extensions[J].Information Sciences,2015,293:182-195.
[13]GHOREISHI S M,RAZAK S A,ISNIN I F,et al.New secure identity-based and certificateless authenticated key agreement protocols without pairings[C]//Biometrics and Security Technologies(ISBAST),2014 International Symposium.IEEE,2014:188-192.
[14]HUANG H,CAO Z.An ID-based authenticated key exchange protocol based on bilinear Diffie-Hellman problem[C]//ACM Symposium on Information,Computer and Communications Security,ASIACCS2009.Sydney,Australia,DBLP,2009:333-342.
[15]FIORE D,GENNARO R.Identity-based key exchange protocols without pairings[M]//Transactions on Computational Science X.Springer-Verlag,2010:42-77.
[16]李坤.基于身份的认证密钥协商协议研究[D].西安电子科技大学,2013.LI K.Study of identity-based authentication key exchange protocol[D].Xidian University,2013.