基于智能卡的扩展混沌映射异步认证密钥协商协议
|
摘要
身份认证是确保信息安全的重要手段,混沌映射身份认证协议因其高效性而成为近期研究的热点。2015年,Zhu提出了一个改进的混沌映射协议,声称其可以抵抗冒充攻击、字典攻击,并且提供用户匿名性;然而,Tong等指出Zhu的协议存在离线字典攻击、冒充攻击等问题且无法确保用户匿名性,并提出了一个新的改进协议(简称TC协议)。针对Zhu和TC协议方案,文中指出了其不能确保前向安全性以及容易遭受拒绝服务攻击等安全性缺陷,并提出了一个新的基于智能卡的混沌映射协议方案。安全性分析及同其他相关方案的比较结果表明了所提协议的高安全性和实用性。
Identity authentication is an important means to ensure information security.Chaos mapping indentity authentication scheme has become a hot research topic recently because of its high efficieny.In 2015,Zhu proposed an improved chaotic mapping protocol,and claimed that it can oppose impersonation attack and dictionary attack,and it also can provide user anonymity.However,Tong et al.pointed out Zhu's protocol has the problems of offline dictionary attack,impersonation attack and can't guarantee user's anonymity,and proposed a new improvement protocol(short for TC scheme).Aiming at Zhu and TC protocol schemes,this paper pointed out their security defects,for example,the forward security can't be guaranteed and they are easy suffering from denial of service attack.Meanwhile,this paper proposed a new protocol scheme using smart card.The security analysis and the comparison results with other related protocols indicate the high security and practicability of the porposed protocol.
Identity authentication is an important means to ensure information security.Chaos mapping indentity authentication scheme has become a hot research topic recently because of its high efficieny.In 2015,Zhu proposed an improved chaotic mapping protocol,and claimed that it can oppose impersonation attack and dictionary attack,and it also can provide user anonymity.However,Tong et al.pointed out Zhu's protocol has the problems of offline dictionary attack,impersonation attack and can't guarantee user's anonymity,and proposed a new improvement protocol(short for TC scheme).Aiming at Zhu and TC protocol schemes,this paper pointed out their security defects,for example,the forward security can't be guaranteed and they are easy suffering from denial of service attack.Meanwhile,this paper proposed a new protocol scheme using smart card.The security analysis and the comparison results with other related protocols indicate the high security and practicability of the porposed protocol.
引文
[1]LIAO X,SHU C.Reversible data hiding in encrypted images based on absolute mean difference of multiple neighboring pixels[J].Journal of Visual Communication&Image Representation,2015,28:21-27.
[2]LAMPORT L.Password authentication with insecure communication[J].Communications of the Acm,1981,24(24):770-772.
[3]CHANG C C,WU T C.Remote password authentication with smart cards[J].IEE Proceedings E-Computers and Digital Techniques,1993,138(3):165-168.
[4]KOCAREV L.Chaos-based cryptography:a brief overview[J].Circuits&Systems Magazine IEEE,2001,1(3):6-21.
[5]DACHSELT F,SCHWARZ W.Chaos and cryptography[J].IEEE Transactions on Circuits&Systems I Fundamental Theory&Applications,2002,48(12):1498-1509.
[6]KOCAREV L,TASEV Z.Public-key encryption based on Chebyshev maps[C]∥International Symposium on Circuits and Systems.IEEE,2003:28-31.
[7]XIAO D,LIAO X,WONG K W.An efficient entire chaos-based scheme for deniable authentication[J].Chaos Solitons&Fractals,2005,23(4):1327-1331.
[8]BERGAMO P,D'ARCO P,SANTIS A D,et al.Security of public-key cryptosystems based on Chebyshev polynomials[J].IEEE Transactions on Circuits&Systems I Regular Papers,2005,52(7):1382-1393.
[9]XIAO D,LIAO X,DENG S.A novel key agreement protocol based on chaotic maps[J].Information Sciences,2007,177(4):1136-1142.
[10]GUO X,ZHANG J.Secure group key agreement protocol based on chaotic Hash[J].Information Sciences,2010,180(20):4069-4074.
[11]XUE K,HONG P.Security improvement on an anonymous key agreement protocol based on chaotic maps[J].Communications in Nonlinear Science&Numerical Simulation,2012,17(7):2969-2977.
[12]TAN Z.A chaotic maps-based authenticated key agreement protocol with strong anonymity[J].Nonlinear Dynamics,2013,72(1-2):311-320.
[13]LEE C C,CHEN C L,WU C Y,et al.An extended chaotic maps-based key agreement protocol with user anonymity[J].Nonlinear Dynamics,2012,69(1-2):79-87.
[14]HE D,CHEN Y,CHEN J.Cryptanalysis and improvement of an extended chaotic maps-based key agreement protocol[J].Nonlinear Dynamics,2012,69(3):1149-1157.
[15]SHU J.Authentication Key Agreement Protocol Based on Extended Chaos Mapping[J].Acta Physical Sinica,2014,63(5):88-92.(in Chinese)舒剑.基于扩展混沌映射的认证密钥协商协议[J].物理学报,2014,63(5):88-92.
[16]LIN H Y.Chaotic Map Based Mobile Dynamic ID Authenticated Key Agreement Scheme[J].Wireless Personal Communications,2014,78(2):1487-1494.
[17]ZHU H.Cryptanalysis and provable improvement of a chaotic maps-based mobile dynamic ID authenticated key agreement scheme[M].New Jersey:John Wiley&Sons,Inc.,2015:2981-2991.
[18]TONG T,CHEN J H.Improved Chaotic Maps Based Mobile Authenticated scheme[J].Application Research of Computers,2017,34(8):2443-2447.(in Chinese)童彤,陈建华.一个改进的基于混沌映射的移动端认证协议[J].计算机应用研究,2017,34(8):2443-2447.
[19]DOLEV D,YAO A.On the Security of Public Key Protocols[J].IEEE Transactions on Information Theory,1983,29(2):198-208.
[20]KOCHER P C,JAFFE J,JUN B.Differential Power Analysis[C]∥Proceedings of the 19th Annual International Cryptology Conferece on Advances in Crytology.1999:388-397.
[21]MESSERGES T S,DABBISH E A,SLOAN R H.Examining Smart-Card Security under the Threat of Power Analysis Attacks[J].IEEE Transactions on Computers,2002,51(5):541-552.
[22]BRIER E,CLAVIER C,OLIVIER F.Correlation Power Analysis with a Leakage Model[J].Ches,2004,37(22):16-29.
[23]ABRAMOWITZ M.Handbook of Mathematical Functions with Formulas,Graphs,and Mathematical Tables[M].New York:Dover Publications,1974.
[24]JIANG J C,PENG Y H.Chaos of the tchebycheff polynomials[J].Natural Science Journal of Xiangtan University,1996(3):37-39.(in Chinese)蒋建初,彭跃辉.切比雪夫多项式的混沌性[J].湘潭大学自科学报,1996(3):37-39.
[25]ZHANG L.Cryptanalysis of the public key encryption based on multiple chaotic systems[J].Chaos Solitons&Fractals,2008,37(3):669-674.
[26]LIU J F,ZHOU M T.Research and taxonnmy of Replay Attacks on Security Protocol[J].Application Research of Computers,2007,24(3):135-139.(in Chinese)刘家芬,周明天.对安全协议重放攻击的分类研究[J].计算机应用研究,2007,24(3):135-139.
[27]WANG Z C,YANG S P.Research on Principles and Methods of Designing Authentication Protocols against replay Attack[J].Computer Engineering and Design,2008,29(20):5163-5165.(in chinese)王正才,杨世平.抗重放攻击认证协议的设计原则和方法研究[J].计算机工程与设计,2008,29(20):5163-5165.
[28]LI M G,SONG H N.Research on Computer Clock Synchronization Technology[J].Journal of System Simulation,2002,14(4):477-480.(in Chinese)李明国,宋海娜.计算机时钟同步技术研究[J].系统仿真学报,2002,14(4):477-480.
[29]SUN N,XIONG W,DING Y Z.Study and Application of Clock Synchronization[J].Computer Engineering and Applications,2003,39(27):177-179.(in chinese)孙娜,熊伟,丁宇征.时钟同步的研究与应用[J].计算机工程与应用,2003,39(27):177-179.
[30]WANG D.Research on Password-Based Remote User Authentication scheme using Smart-Cards[D].Harbin:Harbin Engineering University,2013.(in Chinese)汪定.基于智能卡的远程用户口令认证协议研究[D].哈尔滨:哈尔滨工程大学,2013.
[31]WANG S B.An Improved Remote User Authentication Scheme[J].Computer Engineering&Science,2011,33(1):51-55.
[2]LAMPORT L.Password authentication with insecure communication[J].Communications of the Acm,1981,24(24):770-772.
[3]CHANG C C,WU T C.Remote password authentication with smart cards[J].IEE Proceedings E-Computers and Digital Techniques,1993,138(3):165-168.
[4]KOCAREV L.Chaos-based cryptography:a brief overview[J].Circuits&Systems Magazine IEEE,2001,1(3):6-21.
[5]DACHSELT F,SCHWARZ W.Chaos and cryptography[J].IEEE Transactions on Circuits&Systems I Fundamental Theory&Applications,2002,48(12):1498-1509.
[6]KOCAREV L,TASEV Z.Public-key encryption based on Chebyshev maps[C]∥International Symposium on Circuits and Systems.IEEE,2003:28-31.
[7]XIAO D,LIAO X,WONG K W.An efficient entire chaos-based scheme for deniable authentication[J].Chaos Solitons&Fractals,2005,23(4):1327-1331.
[8]BERGAMO P,D'ARCO P,SANTIS A D,et al.Security of public-key cryptosystems based on Chebyshev polynomials[J].IEEE Transactions on Circuits&Systems I Regular Papers,2005,52(7):1382-1393.
[9]XIAO D,LIAO X,DENG S.A novel key agreement protocol based on chaotic maps[J].Information Sciences,2007,177(4):1136-1142.
[10]GUO X,ZHANG J.Secure group key agreement protocol based on chaotic Hash[J].Information Sciences,2010,180(20):4069-4074.
[11]XUE K,HONG P.Security improvement on an anonymous key agreement protocol based on chaotic maps[J].Communications in Nonlinear Science&Numerical Simulation,2012,17(7):2969-2977.
[12]TAN Z.A chaotic maps-based authenticated key agreement protocol with strong anonymity[J].Nonlinear Dynamics,2013,72(1-2):311-320.
[13]LEE C C,CHEN C L,WU C Y,et al.An extended chaotic maps-based key agreement protocol with user anonymity[J].Nonlinear Dynamics,2012,69(1-2):79-87.
[14]HE D,CHEN Y,CHEN J.Cryptanalysis and improvement of an extended chaotic maps-based key agreement protocol[J].Nonlinear Dynamics,2012,69(3):1149-1157.
[15]SHU J.Authentication Key Agreement Protocol Based on Extended Chaos Mapping[J].Acta Physical Sinica,2014,63(5):88-92.(in Chinese)舒剑.基于扩展混沌映射的认证密钥协商协议[J].物理学报,2014,63(5):88-92.
[16]LIN H Y.Chaotic Map Based Mobile Dynamic ID Authenticated Key Agreement Scheme[J].Wireless Personal Communications,2014,78(2):1487-1494.
[17]ZHU H.Cryptanalysis and provable improvement of a chaotic maps-based mobile dynamic ID authenticated key agreement scheme[M].New Jersey:John Wiley&Sons,Inc.,2015:2981-2991.
[18]TONG T,CHEN J H.Improved Chaotic Maps Based Mobile Authenticated scheme[J].Application Research of Computers,2017,34(8):2443-2447.(in Chinese)童彤,陈建华.一个改进的基于混沌映射的移动端认证协议[J].计算机应用研究,2017,34(8):2443-2447.
[19]DOLEV D,YAO A.On the Security of Public Key Protocols[J].IEEE Transactions on Information Theory,1983,29(2):198-208.
[20]KOCHER P C,JAFFE J,JUN B.Differential Power Analysis[C]∥Proceedings of the 19th Annual International Cryptology Conferece on Advances in Crytology.1999:388-397.
[21]MESSERGES T S,DABBISH E A,SLOAN R H.Examining Smart-Card Security under the Threat of Power Analysis Attacks[J].IEEE Transactions on Computers,2002,51(5):541-552.
[22]BRIER E,CLAVIER C,OLIVIER F.Correlation Power Analysis with a Leakage Model[J].Ches,2004,37(22):16-29.
[23]ABRAMOWITZ M.Handbook of Mathematical Functions with Formulas,Graphs,and Mathematical Tables[M].New York:Dover Publications,1974.
[24]JIANG J C,PENG Y H.Chaos of the tchebycheff polynomials[J].Natural Science Journal of Xiangtan University,1996(3):37-39.(in Chinese)蒋建初,彭跃辉.切比雪夫多项式的混沌性[J].湘潭大学自科学报,1996(3):37-39.
[25]ZHANG L.Cryptanalysis of the public key encryption based on multiple chaotic systems[J].Chaos Solitons&Fractals,2008,37(3):669-674.
[26]LIU J F,ZHOU M T.Research and taxonnmy of Replay Attacks on Security Protocol[J].Application Research of Computers,2007,24(3):135-139.(in Chinese)刘家芬,周明天.对安全协议重放攻击的分类研究[J].计算机应用研究,2007,24(3):135-139.
[27]WANG Z C,YANG S P.Research on Principles and Methods of Designing Authentication Protocols against replay Attack[J].Computer Engineering and Design,2008,29(20):5163-5165.(in chinese)王正才,杨世平.抗重放攻击认证协议的设计原则和方法研究[J].计算机工程与设计,2008,29(20):5163-5165.
[28]LI M G,SONG H N.Research on Computer Clock Synchronization Technology[J].Journal of System Simulation,2002,14(4):477-480.(in Chinese)李明国,宋海娜.计算机时钟同步技术研究[J].系统仿真学报,2002,14(4):477-480.
[29]SUN N,XIONG W,DING Y Z.Study and Application of Clock Synchronization[J].Computer Engineering and Applications,2003,39(27):177-179.(in chinese)孙娜,熊伟,丁宇征.时钟同步的研究与应用[J].计算机工程与应用,2003,39(27):177-179.
[30]WANG D.Research on Password-Based Remote User Authentication scheme using Smart-Cards[D].Harbin:Harbin Engineering University,2013.(in Chinese)汪定.基于智能卡的远程用户口令认证协议研究[D].哈尔滨:哈尔滨工程大学,2013.
[31]WANG S B.An Improved Remote User Authentication Scheme[J].Computer Engineering&Science,2011,33(1):51-55.
© 2004-2018 中国地质图书馆版权所有 京ICP备05064691号 京公网安备11010802017129号 地址:北京市海淀区学院路29号 邮编:100083 电话:办公室:(+86 10)66554848;文献借阅、咨询服务、科技查新:66554700 |