轻量级的两方认证密钥协商协议

doi:10.3778/j.issn.1002-8331.2304-0196

摘要/Abstract

摘要： 轻量级的两方认证密钥协商协议允许通信双方在公开信道上建立一个相同且安全的会话密钥。现有的认证协议难以满足轻量级的需求，同时多数轻量级协议仍存在某些安全问题。基于此，提出了一种基于身份的两方匿名轻量级逆向防火墙认证密钥协商协议。该协议在eCK模型下结合BAN逻辑被证明是安全的。协议提供匿名性、完美前向安全性、抗重放攻击、抗Dos攻击、抗中间人攻击。与其他轻量级认证协议对比发现，该协议具有更高的安全性和较短的运行时间，适用于资源受限设备。

关键词: 身份认证, 密钥协商, 逆向防火墙, 轻量级, eCK模型, BAN逻辑

Abstract: Lightweight two-party authentication key agreement protocols allow both communicating parties to establish an equal and secure session key over a public channel. Existing authentication protocols have difficulty in meeting the needs of lightweight, while most lightweight protocols have some security issues. For this reason, an identity-based two-party anonymous lightweight reverse firewall key agreement protocol is proposed. The protocol is proven to be secure under the eCK model in combination with BAN logic. The protocol provides anonymity, perfect forward security, resistance to replay attacks, resistance to Dos attacks, and resistance to man-in-the-middle attacks. Finally, when compared with other lightweight authentication protocols reveals, it is found to have higher security and shorter running time for resource-constrained devices.

Key words: authentication, key agreement, reverse firewall, lightweight, eCK model, BAN logic

宋庆, 马米米, 邓淼磊, 左志斌. 轻量级的两方认证密钥协商协议[J]. 计算机工程与应用, 2024, 60(14): 283-293.

SONG Qing, MA Mimi, DENG Miaolei, ZUO Zhibin. Lightweight Two-Party Authentication Key Agreement Protocol[J]. Computer Engineering and Applications, 2024, 60(14): 283-293.

参考文献

[1] KUNZ-JACQUES S, POINTCHEVAL D. About the security of MTI/C0 and MQV[C]//Proceedings of the International Conference on Security and Cryptography for Networks, 2006: 156-172.
[2] LAW L, MENEZES A, QU M, et al. An efficient protocol for authenticated key agreement[J]. Designs, Codes and Cryptography, 2003, 28: 119-134.
[3] KRAWCZYK H. HMQV: a high-performance secure diffie-hellman protocol[C]//Proceedings of the Annual International Cryptology Conference, 2005: 546-566.
[4]YAO A C, ZHAO Y. A new family of implicitly authenticated diffie-hellman protocols[C]//Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, 2012.
[5] LAUTER K, MITYAGIN A. Security analysis of KEA authenticated key exchange protocol[C]//Proceedings of the International Workshop on Public Key Cryptography, 2006: 378-394.
[6] SHAMIR A. Identity-based cryptosystems and signature schemes[C]//Proceedings of the CRYDTO 84 on Advances in Cryptology, 1985: 47-53.
[7] 杨毅宇, 周威, 赵尚儒, 等. 物联网安全研究综述：威胁、检测与防御[J]. 通信学报, 2021, 42(8): 188-205.
YANG Y Y, ZHOU W, ZHAO S R, et al. An overview of IoT security research: threats, detection and defence[J]. Journal on Communications, 2021, 42(8): 188-205.
[8] YOUNG A, YUNG M. Kleptography: using cryptography against cryptography[C]//Advances in Cryptology-EUROCRYPT’97, 1997: 62-74.
[9] MIRONOV I, STEPHENS-DAVIDOWITZ N. Cryptographic reverse firewalls[C]//Advances in Cryptology-EUROCRYPT 2015, 2015: 657-686.
[10] CHEN R, MU Y, YANG G, et al. Cryptographic reverse firewall via malleable smooth projective hash functions[C]//Advances in Cryptology-ASIACRYPT 2016, 2016: 844-876.
[11] GROTH J. Rerandomizable and replayable adaptive chosen ciphertext attack secure cryptosystems[C]//Proceedings of the 1st Theory of Cryptography Conference, 2004: 152-170.
[12] GIUSEPPE A, BERNARDO M, DANIELE V. Subversion-resilient signature schemes[C]//Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, 2015: 364-375.
[13] CHENAM V B, ALI S T. A designated cloud server-based multi-user certificateless public key authenticated encryption with conjunctive keyword search against IKGA[J]. Computer Standards & Interfaces, 2022, 81: 103603.
[14] SHIRALY D, PAKNIAT N, NOROOZI M, et al. Pairing-free certificateless authenticated encryption with keyword search[J]. Journal of Systems Architecture, 2022, 124: 102390.
[15] TURKANOVIC M, BRUMEN B, HOLBL M. A novel user authentication and key agreement scheme for heterogeneous ad hoc wireless sensor networks, based on the internet of things notion[J]. Ad Hoc Networks, 2014, 20: 96-112.
[16] FARASH M S, TURKANOVIC M, KUMARI S, et al. An efficient user authentication and key agreement scheme for heterogeneous wireless sensor network tailored for the Internet of Things environment[J]. Ad Hoc Networks, 2016, 36: 152-176.
[17] GOPE P, HWANG T. A realistic lightweight anonymous authentication protocol for securing real-time application data access in wireless sensor networks[J]. IEEE Transactions on Industrial Electronics, 2016, 63(11): 7124-7132.
[18] ADAVOUDI-JOLFAEI A, ASHOURI-TALOUKI M, AGHILI S F. Lightweight and anonymous three-factor authentication and access control scheme for real-time applications in wireless sensor networks[J]. Peer-to-Peer Networking and Applications, 2019, 12: 43-59.
[19] DOLEV D, YAO A. On the security of public key protocols[J]. IEEE Transactions on Information Theory, 1983, 29(2): 198-208.
[20] RYU J, KANG D, LEE H, et al. A secure and lightweight three-factor-based authentication scheme for smart healthcare systems[J]. Sensors, 2020, 20(24): 7136.
[21] WANG S B, CAO Z F, WANG L C. Efficient certificateless authenticated key agreement protocol from pairings[J]. Wuhan University Journal of Natural Sciences, 2006, 11(5): 1278-1282.
[22] HOU M, XU Q. On the security of certificateless authenticated key agreement protocol[C]//Proceedings of the IEEE International Symposium on IT in Medicine & Education, 2009: 974-979.
[23] 王振宇, 郭阳, 李少青, 等. 面向轻量级物联网设备的高效匿名身份认证协议设计[J]. 通信学报, 2022, 43(7): 49-61.
WANG Z Y, GUO Y, LI S Q, et al. Efficient anonymous authentication protocol design for lightweight IoT devices[J]. Journal on Communications, 2022, 43(7): 49-61.
[24] KUMAR M, SAXENA P C. PF-AID-2KAP: pairing-free authenticated identity-based two-party key agreement protocol for resource-constrained devices[J]. Communications in Computer and Information Science, 2019: 425-440.
[25] 刘畅, 王晋, 田里, 等. 一种适用于基于身份的认证密钥协商的逆向防火墙协议[J]. 重庆大学学报, 2022, 45(5): 21-32.
LIU C, WANG J, TIAN L, et al. A reverse firewall protocol for identity-based authenticated key agreement[J]. Journal of Chongqing University (Natural Science Edition), 2022, 45(5): 21-32.
[26] ZHOU Y, GUAN Y, ZHANG Z, et al. Cryptographic reverse firewalls for identity-based encryption[C]//Proceedings of the International of Conference on Foundations of Computer Science, 2019: 36-52.
[27] ZHOU Y, GUO J, LI F. Certificateless public key encryption with cryptographic reverse firewalls[J]. Journal of Systems Architecture, 2020, 109: 101754.
[28] WANG Y, CHEN R, HUANG X, et al. Secure anonymous communication on corrupted machines with reverse firewalls[J]. IEEE Transactions on Dependable and Secure Computing, 2021, 19(6): 3837-3854.
[29] LAMACCHIA B, LAUTER K, MITYAGIN A. Stronger security of authenticated key exchange[C]//Proceedings of the International Conference on Provable Security, 2007: 1-16.
[30] BURROWS M, ABADI M, NEEDHAM R. A logic of authentication[J]. ACM Transactions on Computer Systems, 1990, 8(1): 18-36.
[31] ISLAM S H, BISWAS G P. A pairing-free identity-based two-party authenticated key agreement protocol for secure and efficient communication[J]. Journal of King Saud University-Computer and Information Sciences, 2017, 29(1): 63-73.
[32] LIU X, JIN C, LI F. An improved two-layer authentication scheme for wireless body area networks[J]. Journal of Medical Systems, 2018, 42: 1-14.
[33] ODELU V, DAS A K, GOSWAMI A. A secure biometrics-based multi-server authentication protocol using smart cards[J]. IEEE Transactions on Information Forensics and Security, 2015, 10(9): 1953-1966.