对两个基于智能卡的多服务器身份认证方案的密码学分析与改进

doi:10.11772/j.issn.1001-9081.2015.08.2199

计算机应用 ›› 2015, Vol. 35 ›› Issue (8): 2199-2204.DOI: 10.11772/j.issn.1001-9081.2015.08.2199

对两个基于智能卡的多服务器身份认证方案的密码学分析与改进

屈娟¹, 李艳平², 伍习丽¹

1. 重庆三峡学院数学与统计学院, 重庆 404000;
2. 陕西师范大学数学与信息科学学院, 西安 710062

收稿日期:2015-03-12 修回日期:2015-05-11 出版日期:2015-08-10 发布日期:2015-08-14
通讯作者: 屈娟(1984-),女,陕西商洛人,讲师,硕士,主要研究方向:认证理论,qulujuan@163.com
作者简介:李艳平(1978-),女,山西吕梁人,副教授,博士, 主要研究方向:量子信息安全; 伍习丽1988-),女,重庆开县人,硕士,主要研究方向:统计分析。
基金资助:
国家自然科学基金资助项目(61402275);陕西省自然科学基金计划研究项目(2012JQ8023);重庆三峡学院项目(14QN29)。

Cryptanalysis and improvement of two multi-server remote user authentication schemes using smart cards

QU Juan¹, LI Yanping², WU Xili¹

1. College of Mathematics and Statistics, Chongqing Three Gorges University, Chongqing 404000, China;
2. College of Mathematics and Information Science, Shaanxi Normal University, Xi'an Shaanxi 710062, China

Received:2015-03-12 Revised:2015-05-11 Online:2015-08-10 Published:2015-08-14

摘要/Abstract

摘要：

身份认证是用户访问网络资源时的一个重要安全问题。近来,Xu等(XU C, JIA Z, WEN F, et al. Cryptanalysis and improvement of a dynamic ID based remote user authentication scheme using smart cards [J]. Journal of Computational Information Systems, 2013, 9(14): 5513-5520)提出了一个基于智能卡的动态身份用户认证方案。分析指出其方案不能抵抗中间人攻击和会话密钥泄露攻击,且无法实现会话密钥前向安全性。此外,指出Choi等(CHOI Y, NAM J, LEE D, et al. Security enhanced anonymous multiserver authenticated key agreement scheme using smart cards and biometrics [J]. The Scientific World Journal, 2014, 2014: 281305)提出的基于智能卡和生物特征的匿名多服务器身份认证方案(简称CNL方案)易遭受智能卡丢失攻击、服务器模仿攻击,且不能提保护用户的匿名性。最后,基于生物特征和扩展混沌映射,提出了一个安全的多服务器认证方案,安全分析结果表明,新方案消除了Xu方案和CNL方案的安全漏洞。

关键词: 多服务器, 认证, 中间人攻击, 前向安全, 匿名

Abstract:

User authentication is an important security issue when user access resources from network. Recently, Xu et al.(XU C, JIA Z, WEN F, et al. Cryptanalysis and improvement of a dynamic ID based remote user authentication scheme using smart cards [J]. Journal of Computational Information Systems, 2013, 9(14): 5513-5520) proposed a dynamic ID based remote user authentication scheme using smart cards. Though the rigorous security analysis, it was found that Xu scheme could not resist man in-the-middle attack and session key disclosure attack, and could not provide perfect forward secrecy for session key. Additionally, it was also demonstrated that the scheme proposed by Choi et al. (CHOI Y, NAM J, LEE D, et al. Security enhanced anonymous multiserver authenticated key agreement scheme using smart cards and biometrics [J]. The Scientific World Journal, 2014, 2014: 281305)was vulnerable to smart card loss attack, server spoofing attack, and could not provide user anonymity. Therefore, these two schemes could not be suitable for practical applications. At last, an improved scheme was proposed based on biometrics and extended chaotic maps to overcome the lack of Xu scheme and CNL scheme.

Key words: multi-server, authentication, man-in-the-middle attack, forward secrecy, anonymity

中图分类号:

TP393.08

屈娟, 李艳平, 伍习丽. 对两个基于智能卡的多服务器身份认证方案的密码学分析与改进[J]. 计算机应用, 2015, 35(8): 2199-2204.

QU Juan, LI Yanping, WU Xili. Cryptanalysis and improvement of two multi-server remote user authentication schemes using smart cards[J]. Journal of Computer Applications, 2015, 35(8): 2199-2204.

参考文献

[1] LEE C-C, LI L-H, HWANG M-S. A remote user authentication scheme using Hash functions [J]. ACM Sigops Operating Systems Review, 2002, 36(4): 23-29.
[2] RAMASAMY R, MUNIYANDI A. New remote mutual authentication scheme using smart cards [J]. Transaction on Data Privacy, 2009, 2(2): 141-152.
[3] YANG J, WANG Y, ZHOU Y. New remote user authentication scheme using smart cards [J]. Transactions of Nanjing University of Aeronautics & Astronautics, 2012, 29(2): 187-192.
[4] XUE F, WANG D, WANG L, et al. Cryptanalysis of two smartcard-based remote user password authentication protocols [J]. Journal of Computer Applications, 2012,32(7):221-224. (薛锋,汪定,王立萍,等.对两个基于智能卡的远程用户口令认证协议的安全性分析[J].计算机应用,2012,32(7):221-224.)
[5] LIN I-C, HWANG M-S, LI L-H. A new remote user authentication scheme for multi-server architecture [J]. Future Generation Computer Systems, 2003, 19(1): 13-22.
[6] TSAI J-L. Efficient multi-server authentication scheme based on one-way Hash function without verification table [J]. Computers & Security, 2008, 27(3/4): 115-121.
[7] WAN T, LIAO W, MA J. Analysis and improvement of an authentication protocol for multi-server architecture [J]. Journal of Xidian University: Natural Science, 2013, 40(6): 174-179. (万涛,廖维川,马建峰.面向多服务器架构的认证协议分析与改进[J].西安电子科技大学学报:自然科学版,2013,40(6):174-179.)
[8] HU L, NIU X, YANG Y. An efficient multi-server password authenticated key agreement scheme using smart cards [C]//MUE'07: Proceedings of the 2007 International Conference on Multimedia and Ubiquitous Engineering. Piscataway: IEEE, 2007: 903-907.
[9] LIAO Y-P, WANG S-S. A secure dynamic ID based remote user authentication scheme for multi-server environment [J]. Computer Standards & Interfaces, 2009, 31(1): 24-29.
[10] HSIANG H-C, SHIH W-K. Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment [J]. Computer Standards & Interfaces, 2009, 31(6): 1118-1123.
[11] LEE C-C, LIN T-H, CHANG R-X. A secure dynamic ID based remote user authentication scheme for multi-server environment using smart cards [J]. Expert Systems with Applications, 2011, 38(11): 13863-13870.
[12] LEE C-C, LAI Y-M, LI C-T. An improved secure dynamic ID based remote user authentication scheme for multi-server environment [J]. International Journal of Security and Its Applications, 2012, 6(2): 203-209.
[13] XU C, JIA Z, WEN F, et al. Cryptanalysis and improvement of a dynamic ID based remote user authentication scheme using smart cards [J]. Journal of Computational Information Systems, 2013, 9(14): 5513-5520.
[14] CHOI Y, NAM J, LEE D, et al. Security enhanced anonymous multiserver authenticated key agreement scheme using smart cards and biometrics [J]. The Scientific World Journal, 2014, 2014: 281305.
[15] CHUANG M-C, CHEN M C. An anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics [J]. Expert Systems with Applications, 2014, 41(4): 1411-1418.
[16] CHEN T-H, WANG B-J, TU T-Y, et al. A security-enhanced key agreement protocol based on chaotic maps [J]. Security and Communication Networks, 2013, 6(1): 108-114.
[17] JABBARI A, BAGHERZADEH J. A revised key agreement protocol based on chaotic maps [J]. Nonlinear Dynamics, 2014, 78(1): 669-680.
[18] ZHU H. Flexible and password-authenticated key agreement scheme based on chaotic maps for multiple servers to server architecture [J]. Wireless Personal Communications, 2015, 82(3): 1697-1718.
[19] SHU J. An authenticated key agreement protocol based on extended chaotic maps [J]. Acta Physica Sinica, 2014, 63(5): 1-4. (舒剑.基于扩展混沌映射的认证密钥协商协议[J].物理学报,2014,63(5):1-4.)
[20] ZHANG L. Cryptanalysis of the public key encryption based on multiple chaotic systems [J]. Chaos, Solitons & Fractals, 2008, 37(3): 669-674.

对两个基于智能卡的多服务器身份认证方案的密码学分析与改进

Cryptanalysis and improvement of two multi-server remote user authentication schemes using smart cards

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics

[1]	肖跃雷, 邓小凡. 基于证书的有线局域网安全关联方案改进与分析[J]. 计算机应用, 2021, 41(7): 1970-1976.
[2]	杜心雨, 王化群. LTE-A网络中基于动态组的有效的身份认证和密钥协商方案[J]. 计算机应用, 2021, 41(6): 1715-1722.
[3]	吴恺凡, 殷新春. 基于随机运算符的轻量级匿名射频识别系统双向认证协议[J]. 计算机应用, 2021, 41(6): 1621-1630.
[4]	刘向宇, 夏国平, 夏秀峰, 宗传玉, 朱睿, 李佳佳. 个性化时空数据隐私保护[J]. 计算机应用, 2021, 41(3): 643-650.
[5]	李莉, 杨鸿飞, 董秀则. 基于身份多条件代理重加密的文件分级访问控制方案[J]. 《计算机应用》唯一官方网站, 2021, 41(11): 3251-3256.
[6]	张平, 贾亦巧, 王杰昌, 石念峰. 三因子匿名认证与密钥协商协议[J]. 《计算机应用》唯一官方网站, 2021, 41(11): 3281-3287.
[7]	张兴兰, 赵怡静. 基于单光子的量子双向同步身份认证协议[J]. 计算机应用, 2020, 40(9): 2634-2638.
[8]	张道维, 段海新. 基于图像纹理的网站指纹技术[J]. 计算机应用, 2020, 40(6): 1685-1691.
[9]	江泽涛, 徐娟娟. 云环境下基于签密的异构跨域身份认证方案[J]. 计算机应用, 2020, 40(3): 740-746.
[10]	刘向宇, 陈金梅, 夏秀峰, Manish Singh, 宗传玉, 朱睿. 防止暴露位置攻击的轨迹隐私保护[J]. 计算机应用, 2020, 40(2): 479-485.
[11]	张梅舒, 徐雅斌. 多维数值型敏感属性数据的个性化隐私保护方法[J]. 计算机应用, 2020, 40(2): 491-496.
[12]	袁驰. 基于身份的动态层簇式无线传感网络认证算法[J]. 计算机应用, 2020, 40(11): 3236-3241.
[13]	王志恒, 徐彦彦. 基于TrustZone的移动云环境指纹认证终端APP的设计和实现[J]. 计算机应用, 2020, 40(11): 3255-3260.
[14]	陈葳葳, 曹利, 邵长虹. 基于区块链技术的车联网高效匿名认证方案[J]. 计算机应用, 2020, 40(10): 2992-2999.
[15]	何云华, 牛童, 刘天一, 肖珂, 芦翔. 网络匿名扫描系统设计及优化[J]. 计算机应用, 2019, 39(5): 1385-1388.