一种单服务器环境下的匿名认证协议

doi:10.13229/j.cnki.jdxbgxb20191077

Abstract

Abstract:

In order to achieve secure and efficient authentication between legitimate users and servers， and to ensure the security of communication between the two parties， the design of authentication protocols has become an important research hotspot. The three-factor authentication key agreement protocol proposed by Lwamo et al can not defend against offline password guessing attacks， and can not achieve perfect forward secrecy and user untraceability. To remedy these flaws， we propose an improved authentication protocol for single-server architectures by the use of traditional Diffie-Hellman key exchange algorithm and fuzzy verification technology. Security analysis and performance analysis show that the proposed protocol can effectively solve the above security vulnerabilities， and can achieve secure and efficient identity authentication.

Key words: computer science and technology, authentication, single-server architecture, anonymous, key agreement

CLC Number:

TP309

Yi-cheng YU,Liang HU,Ling CHI,Jian-feng CHU. An anonymous authentication protocol for single⁃server architectures[J].Journal of Jilin University(Engineering and Technology Edition), 2021, 51(2): 659-666.

Figures/Tables 4

Fig.1

Fig.2

Table 1

Table 2

Computation cost comparison"

参与者	文献[17]	本文
User	$6 T h + 2 T x o r + 2 T e n c ? o r ? d e c$	$6 T h + 3 T e n c ? o r ? d e c + 2 T x o r + 3 T e + T m$
Server	$3 T h + 4 T e n c ? o r ? d e c$	$3 T h + 3 T e n c ? o r ? d e c + 3 T e$

Table 2

References 21

1	冯登国. 网络安全原理与技术[M]. 北京: 科学出版化, 2003.
2	Zhang J, Varadharajan V. Wireless sensor network key management survey and taxonomy[J]. Journal of Network and Computer Applications, 2010, 33(2): 63-75.
3	Kumari S, Khan M K, Atiquzzaman M. User authentication schemes for wireless sensor networks: a review[J]. Ad Hoc Networks, 2015, 27: 159-194.
4	Lamport L. Password authentication with insecure communication[J]. Communications of the ACM, 1981, 24(11): 770-772.
5	李艳平, 刘小雪, 屈娟, 等.基于智能卡的多服务器远程匿名认证密钥协商协议[J]. 四川大学学报: 工程科学版, 2016, 48(1): 91-98.
	Li Yan-ping, Liu Xiao-xue, Qu Juan, et al. Multi-server anonymous remote authenticated key agreement protocol based on smart card[J]. Journal of Sichuan University (Engineering Science Edition), 2016, 48(1): 91-98.
6	Chen B L, Kuo W C, Wu L C. Robust smart-card-based remote user password authentication scheme[J]. International Journal of Communication Systems, 2014, 27(2): 377-389.
7	Li X, Niu J, Khan M K, et al. An enhanced smart card based remote user password authentication scheme[J]. Journal of Network and Computer Applications, 2013, 36(5): 1365-1371.
8	余宜诚, 胡亮, 迟令, 等. 一种改进的适用于多服务器架构的匿名认证协议[J]. 吉林大学学报: 工学版, 2018, 48(5): 1586-1592.
	Yu Yi-cheng, Hu Liang, Chi Ling, et al. Improved anonymous authentication protocol for multi-server architectures[J]. Journal of Jilin University (Engineering and Technology Edition), 2018, 48(5): 1586-1592.
9	Xie Q, Dong N, Wong D S, et al. Cryptanalysis and security enhancement of a robust two-factor authentication and key agreement protocol[J]. International Journal of Communication Systems, 2016, 29(3): 478-487.
10	Ratha N K, Connell J H, Bolle R M. Enhancing security and privacy in biometrics-based authentication systems[J]. IBM systems Journal, 2001, 40(3): 614-634.
11	屈娟, 冯玉明, 李艳平, 等.可证明安全的面向无线传感器网络的三因素认证及密钥协商方案[J]. 通信学报, 2018, 39(): 189-197.
	Qu Juan, Feng Yu-ming, Li Yan-ping, et al. Provably secure three-factor authentication and key agreement scheme for wireless sensor network[J]. Journal of Communications, 2018, 39(Sup.2): 189-197.
12	Wang C Y, Xu G A, Sun J. An enhanced three-factor user authentication scheme using elliptic curve cryptosystem for wireless sensor networks[J]. Sensors, 2017, 17(12): 17122946.
13	Giri D, Maitra T. A three factor remote user authentication scheme using collision resist fuzzy extractor in single server environment[C]∥ITM Web of Conferences. EDP Sciences, 2017: 01020.
14	丁勇, 胡健, 李亚晖, 等. 基于双线性对的无线传感器网络匿名广播认证协议[J]. 吉林大学学报: 工学版, 2011, 41(2): 468-472.
	Ding Yong, Hu Jian, Li Ya-hui, et al. Anonymous broadcast authentication protocol for wireless sensor networks based on bilinear pairing[J]. Journal of Jilin University (Engineering and Technology Edition), 2011, 41(2): 468-472.
15	Park Y H, Park Y H. Three-factor user authentication and key agreement using elliptic curve cryptosystem in wireless sensor networks[J]. Sensors, 2016, 16(12): 2123.
16	房卫东, 张武雄, 杨旸, 等.基于生物特征标识的无线传感器网络三因素用户认证协议[J]. 电子学报, 2018, 46(3): 702-713.
	Fang Wei-dong, Zhang Wu-xiong, Yang Yang, et al. BTh-UAP: biometric-based three-factor user authentication protocol for wireless sensor network[J]. Acta Electronica Sinica, 2018, 46(3): 702-713.
17	Lwamo N M R, Zhu L, Xu C, et al. SUAA: a secure user authentication scheme with anonymity for the single & multi-server environments[J]. Information Sciences, 2019, 477: 369-385.
18	Wang D, Zhang Z, Wang P, et al. Targeted online password guessing: an underestimated threat[C]∥Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, ACM, New York, 2016: 1242-1254.
19	Wang D, Wang P. On the implications of Zipf's law in passwords[C]∥European Symposium on Research in Computer Security. Cham: Springer, 2016: 111-131.
20	Wang D, Gu Q, Cheng H, et al. The request for better measurement: a comparative evaluation of two-factor authentication schemes[C]∥Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, Xi'an, China, 2016: 475-486.
21	汪定, 李文婷, 王平. 对三个多服务器环境下匿名认证协议的分析[J]. 软件学报, 2018, 29(7): 1937-1952.
	Wang Ding, Li Wen-ting, Wang Ping. Crytanalysis of three anonymous authentication schemes for multi-server environment[J]. Journal of Software, 2018, 29(7): 1937-1952.

Related Articles 11

[1]	YU Yi-cheng, HU Liang, CHI Ling, CHU Jian-feng. Improved anonymous authentication protocol for multi-server architectures [J]. Journal of Jilin University(Engineering and Technology Edition), 2018, 48(5): 1586-1592.
[2]	YU Bin-bin, WU Xin-yu, CHU Jian-feng, HU Liang. Signature protocol for wireless sensor network based on group key agreement [J]. 吉林大学学报(工学版), 2017, 47(3): 924-929.
[3]	ZHAO Bo, QIN Gui-he. High robustness image watermarking algorithm [J]. 吉林大学学报(工学版), 2017, 47(1): 249-254.
[4]	WANG Hao, ZHANG Xiao, WANG Ping, ZHANG Yang. Lightweight certificateless signature and key agreement scheme for WSNs [J]. 吉林大学学报(工学版), 2014, 44(2): 465-470.
[5]	CAI Zhao-hui, ZHANG Jian-pei, YANG Jing. Anonymous area estimation method of path data based on Bayesian network [J]. 吉林大学学报(工学版), 2014, 44(2): 454-458.
[6]	LUO Wen-jun, GAO Yi-feng. Position-based authentication [J]. 吉林大学学报(工学版), 2012, 42(增刊1): 300-303.
[7]	ZHAO Xin,WANG Xiao-dong. Efficient self-adaptive broadcast authentication mechanism in wireless sensor networks [J]. 吉林大学学报(工学版), 2011, 41(03): 758-764.
[8]	DING Yong, HU Jian, LI Ya-Hui, WANG Yu-Min. Anonymous broadcast authentication protocol for wireless sensor networks based on bilinear pairing [J]. 吉林大学学报(工学版), 2011, 41(02): 468-0472.
[9]	MIAO Feng-Man, ZHANG Qiu-Yu, YUAN Zhan-Ting, ZHANG Qi-Kun, CAI Zhi-Peng. Path choosing and cryptosystem of multitrust domain authentication based on lattice [J]. 吉林大学学报(工学版), 2011, 41(02): 463-0467.
[10]	ZHU Jian-qi;LIU Yan-heng;YIN Ke;YANG Zhi-gang . Novel dynamic software copyright protection protocol [J]. 吉林大学学报(工学版), 2009, 39(03): 764-0769.
[11]	LIU Wei-jiang, LIU Qing-huai, AN Yu-wei . Construction of Another Cartesian Authentication Code from Odd Characteristic Orthogonal Geometry [J]. 吉林大学学报(工学版), 2000, 30(01): 63-66.

Metrics

Viewed

Full text

Abstract

Cited

Shared

Discussed

Comments

Recommended 0

No Suggested Reading articles found!

安全属性	文献[17]方案	新协议
用户匿名信	√	√
不可追踪性	×	√
前向安全性	×	√
会话密钥协商	√	√
三因子安全性	√	√
抵御内部攻击	√	√
抵御离线口令猜测工具	×	√
抵御智能卡丢失攻击	√	√
抵御假冒用户攻击	√	√
抵御服务器欺骗攻击	√	√

An anonymous authentication protocol for single⁃server architectures

RICH HTML

PDF (PC)