适合可信计算环境基于口令的双向匿名认证密钥协商协议

doi:10.3724/SP.J.1087.2011.01862

计算机应用 ›› 2011, Vol. 31 ›› Issue (07): 1862-1867.DOI: 10.3724/SP.J.1087.2011.01862

适合可信计算环境基于口令的双向匿名认证密钥协商协议

朱昶胜¹,刘鹏辉¹,王庆荣²,曹来成¹

1. 兰州理工大学计算机与通信学院，兰州 730050
2. 兰州交通大学电子与信息工程学院，兰州 730070

收稿日期:2011-01-12 修回日期:2011-02-24 发布日期:2011-07-01 出版日期:2011-07-01
通讯作者: 刘鹏辉
作者简介:朱昶胜(1974-),男,甘肃天水人,教授,博士,主要研究方向:信息安全、信息隐藏、密码学;
刘鹏辉(1982-),男,江西高安人,系统分析员,硕士,主要研究方向:网络与信息安全;
王庆荣(1977-),男,宁夏固原人,讲师,硕士,主要研究方向:信息安全、数字水印;
曹来成(1965-),男,甘肃静宁人,副教授,硕士,主要研究方向:密码学、信息安全。
基金资助:
基于人车环境动态数据协同推演的汽车驾驶倾向性辨识方法研究;甘肃省自然科学基金资助项目;甘肃省自然科学基金资助项目

Password-based Authenticated Key Agreement Scheme with Mutual Anonymity for Trusted Computation

Chang-sheng ZHU¹, ¹,Qing-rong WANG²,Lai-cheng CAO¹

1. School of Computer and Communication, Lanzhou University of Technology, Lanzhou Gansu 730050, China
2. School of Electronic and Information Engineering, Lanzhou Jiaotong University, Lanzhou Gansu 730070, China

Received:2011-01-12 Revised:2011-02-24 Online:2011-07-01 Published:2011-07-01
Supported by:
;The Gansu Provincial Natural Science Foundation of China;The Gansu Provincial Natural Science Foundation of China

摘要/Abstract

摘要： 如何保持双向匿名性是构建可信计算环境的核心问题之一，针对可信计算环境的特点，提出了一个基于口令的匿名认证密钥协商协议，并且在计算性Diffie-Hellman假设和存在强抗碰撞的单向杂凑函数条件下，基于随机预言机模型证明了该协议是安全的。另外，该协议可以有效抵抗字典攻击和资源耗尽型拒绝服务攻击。分析结果表明，该协议能够为密钥协商双方提供隐私保护，而且在执行效率方面明显优于VIET等其它方案

关键词: 密钥协商, 可信计算, 双向匿名性, 口令, 拒绝服务攻击, 字典攻击

Abstract: How to keep mutual anonymity between two entities is one of the critical issues for Trusted Computation; According to the characteristics of TC, an efficient password-based authenticated key exchange scheme was presented. Adopting threshold cryptography and fuzzy ID set, the scheme achieves the mutual anonymity between user and server sharing ID set. On the premise of secure Hashing, the analysis and the proven procedure based on the ROM (random oracle model) show this scheme is secure against dictionary attack and Resource-Depletion DoS (denial-of-service) attack under the computational Diffie-Hellman intractability assumption. This scheme effectively preserves the user’s privacy and server's privacy, compared with other schemes including VIET et al.’s scheme, it is more efficient.

Key words: key exchange, TC, mutual anonymity, password, denial of service attack, dictionary attack

中图分类号:

TP309

朱昶胜刘鹏辉王庆荣曹来成. 适合可信计算环境基于口令的双向匿名认证密钥协商协议[J]. 计算机应用, 2011, 31(07): 1862-1867.

Chang-sheng ZHU Qing-rong WANG Lai-cheng CAO. Password-based Authenticated Key Agreement Scheme with Mutual Anonymity for Trusted Computation[J]. Journal of Computer Applications, 2011, 31(07): 1862-1867.

参考文献

[1]JABLON D P. Strong password-only authenticated key exchange[J]. ACM Computer Communication Review, 1996, 26(5):5-20.

[2]CHEN Y C, YEH L Y. An efficient nonce-based authentication scheme with key agreement[J]. Applied Mathematics and Computation, 2005, 169(2): 982-994.

[3]BELLOVIN S, MERRITT M. Encrypted key exchange: Password- based protocols secure against dictionary attacks[C]// Proceedings of the 1992 IEEE Symposium on Research in Security and Privacy. Washington, DC, IEEE Computer Society, 1992:72-84.

[4]BELLOVIN S, MERRITT M. Augmented encrypted key exchange: Password-based protocol secure against dictionary attacks and password file compromise[C]// Proceedings of the 1st ACM Conference on Computer and Communications Security. New York:ACM, 1993:244-250.

[5]BELLARE M, POINTCHEVAL D, ROGAWAY P. Authenticated key exchange secure against dictionary attacks[C]// International Conference on the Theory and Application of Cryptographic Techniques. Berlin:Springer-Verlag, 2000:139-155.

[6]BOYKO V, MACKENZIE P, PATEL S. Provably-secure password authentication and key exchange using Diffie-Hellman[C]// EUROCRYPT2000. Berlin:Springer-Verlag, 2000:156-171

[7]KATZ J, OSTROVSKY R, YUNG M. Efficient password authentic- ated key exchange using human-memorable passwords[C]// EUROCRYPT 2001. Berlin:Springer-Verlag, 2001.475-494.

[8]ABDALLA M, FOUQUE P-A,POINTCHEVAL D. Password-based authenticated key exchange in the three-party setting[C]// Public Key Cryptography, LNCS 3386. Berlin: Springer-Verlag, 2005:65-84.

[9]JIANG S Q,GONG G. Password based key exchange with mutual authentication[C]// Proceedings of SAC 2004,LNCS 3357.Berlin: Springer-Verlag, 2004:267-279.

[10]SHAO JUN, CAO ZHENFU, WANG LICHENG. Efficient password-based authenticated key exchange without public information[C]// Proceedings of ESORICS 2007, LNCS 4734. Berlin: Springer-Verlag, 2007: 299-310.

[11]FENG D G, CHEN W D. Modular approach to the design and analysis of password-based security protocols[J].Science in China: Series F, 2007, 50(3):381-398.

[12]Trusted computing group. Trusted computing platform alliance〖CM)〗 (TCPA). Main specification version 1.1b[S], 2001.

[13]VIET D Q, YAMAMURA A, TANAKA H. Anonymous password- based authenticated key exchange[C]// Proceedings of INDOCRYPT 2005, LNCS 3797. Berlin: Springer-Verlag, 2005:244-257.

[14]YANG J. ZHANG Z. A new anonymous password-based authenticated key exchange protocol[C]// Proceedings of INDOCRYPT 2008, LNCS 5365. Berlin: Springer-Verlag, 2008:200-212.

[15]SHIN S H, KOBARA K, IMAI H. A secure threshold anonymous password authenticated key exchange protocol[C]// Crypto 2009, LNCS 4752. Berlin:Springer-Verlag, 2009:444-458.

[16]SHERMAN S, M. CHOW, KIM-KWANG R C. Strongly-secure identity-based key agreement and anonymous extension[C]// Proceedings of ISC 2007,LNCS 4779. Berlin:Springer-Verla, 2007: 203-220.

[17]关晨至, 石永革. 基于DAA的可信双向匿名认证密钥协商协议[J].计算机系统应用,2009,18(12):59-61,78.

适合可信计算环境基于口令的双向匿名认证密钥协商协议

Password-based Authenticated Key Agreement Scheme with Mutual Anonymity for Trusted Computation

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics

[1]	肖跃雷, 邓小凡. 基于证书的有线局域网安全关联方案改进与分析[J]. 计算机应用, 2021, 41(7): 1970-1976.
[2]	杜心雨, 王化群. LTE-A网络中基于动态组的有效的身份认证和密钥协商方案[J]. 计算机应用, 2021, 41(6): 1715-1722.
[3]	张学旺, 殷梓杰, 冯家琦, 叶财金, 付康. 基于区块链与可信计算的数据交易方案[J]. 计算机应用, 2021, 41(4): 939-944.
[4]	张平, 贾亦巧, 王杰昌, 石念峰. 三因子匿名认证与密钥协商协议[J]. 《计算机应用》唯一官方网站, 2021, 41(11): 3281-3287.
[5]	王波, 任英琦, 黄冬艳. H-Algorand:基于多块输出的公有链共识机制[J]. 计算机应用, 2020, 40(7): 2150-2154.
[6]	刘向举, 刘鹏程, 徐辉, 朱晓娟. 基于软件定义物联网的分布式拒绝服务攻击检测方法[J]. 计算机应用, 2020, 40(3): 753-759.
[7]	陈旖, 张美璟, 许发见. 基于一维卷积神经网络的HTTP慢速DoS攻击检测方法[J]. 计算机应用, 2020, 40(10): 2973-2979.
[8]	曾剑平, 陈其乐, 吴承荣, 方熙. 中文语境下的口令分析方法[J]. 计算机应用, 2019, 39(6): 1713-1718.
[9]	刘欣东, 徐水帅, 陈建华. 基于椭圆曲线密码的智能电网通信认证协议[J]. 计算机应用, 2019, 39(3): 779-783.
[10]	孔亚洲, 张连成, 王振兴. 基于滑动时间窗口的IPv6地址跳变主动防御模型[J]. 计算机应用, 2018, 38(7): 1936-1940.
[11]	周致成, 李立新, 郭松, 李作辉. 基于区块链技术的生物特征和口令双因子跨域认证方案[J]. 计算机应用, 2018, 38(6): 1620-1627.
[12]	宋创创, 方勇, 黄诚, 刘亮. 基于集成学习的口令强度评估模型[J]. 计算机应用, 2018, 38(5): 1383-1388.
[13]	齐能, 谭良. 具有瀑布特征的可信虚拟平台信任链模型[J]. 计算机应用, 2018, 38(2): 327-336.
[14]	徐明迪, 高杨, 高雪原, 张帆. 满足对应性属性的平台配置证明[J]. 计算机应用, 2018, 38(2): 337-342.
[15]	肖跃雷, 武君胜, 朱志祥. 基于预共享密钥的LAN安全关联方案改进与分析[J]. 计算机应用, 2018, 38(11): 3246-3251.