Three-factor anonymous authentication and key agreement protocol

doi:10.11772/j.issn.1001-9081.2021010005

Journal of Computer Applications ›› 2021, Vol. 41 ›› Issue (11): 3281-3287.DOI: 10.11772/j.issn.1001-9081.2021010005

• Cyber security • Previous Articles Next Articles

Three-factor anonymous authentication and key agreement protocol

Ping ZHANG¹, Yiqiao JIA¹, Jiechang WANG², Nianfeng SHI³()

^1.School of Mathematics and Statistics，Henan University of Science and Technology，Luoyang Henan 471023，China
^2.Computer Teaching and Research Section，Physical Education College of Zhengzhou University，Zhengzhou Henan 450044，China
^3.General Hospital of Eastern Theater Command，Nanjing Jiangsu 210002，China

Received:2021-01-05 Revised:2021-02-05 Accepted:2021-03-19 Online:2021-04-15 Published:2021-11-10
Contact: Nianfeng SHI
About author:ZHANG Ping，born in 1976，Ph. D.，associate professor. His research interests include information security，cryptography
JIA Yiqiao， born in 1999. Her research interests include mathematics and applied mathematics
WANG Jiechang，born in 1985，M. S.，lecturer. His research interests include security of computer network
SHI Nianfeng，born in 1976，Ph. D.，professor. His research interests include computer vision，security of computer network.
Supported by:
the National Natural Science Foundation of China(11401172);the Key Scientific Research Project of Colleges and Universities in Henan Province(20A520012)

三因子匿名认证与密钥协商协议

张平¹, 贾亦巧¹, 王杰昌², 石念峰³()

^1.河南科技大学数学与统计学院，河南洛阳 471023
^2.郑州大学体育学院计算机教研室，郑州 450044
^3.东部战区总医院，南京 210002

通讯作者: 石念峰
作者简介:张平（1976－），男，黑龙江牡丹江人，副教授，博士，CCF会员，主要研究方向：信息安全、密码学
贾亦巧（1999－），女，河南洛阳人，主要研究方向：数学与应用数学
王杰昌（1985－），男，河南洛阳人，讲师，硕士，主要研究方向：计算机网络安全
石念峰（1976－），男，河南洛阳人，教授，博士，CCF会员，主要研究方向：计算机视觉、计算机网络安全。
基金资助:
国家自然科学基金资助项目(11401172);河南省高等学校重点科研项目(20A520012)

Abstract

Abstract:

To ensure the information security of communication between two parties， many Authenticated Key Agreement （AKA） protocols have been proposed and applied in practical scenarios. However， the existing three-factor protocols have security vulnerabilities， such as being vulnerable to smart card loss attacks and password guessing attacks， and some even ignore anonymity. In order to solve the problems， a new three-factor anonymous authentication and key agreement protocol was proposed. In the proposed protocol， smart card， password and biometric authentication technology were integrated， the password and biometric characteristic update phase， the update and distribution phase of the smart card were added， and the Computational Diffie-Hellman （CDH） assumption on the elliptic curve was used for information interaction so as to realize secure communications. The security of the proposed protocol was proved by using the random oracle model. Compared with similar protocols， the analysis results show that the proposed protocol can prevent many attacks such as smart card loss attacks and replay attacks， realizes more comprehensive functions such as anonymity and free updating of password， and has higher computing and communication efficiency.

Key words: anonymous authentication, key agreement, security proof, smart card, biometric authentication technology

摘要：

为确保通信双方的信息安全，很多认证与密钥协商（AKA）协议被提出并应用于实际场景中。然而现有三因子协议都存在安全漏洞，如易受智能卡丢失攻击、口令猜测攻击等，有的更是忽略了匿名性。针对上述问题提出了一种三因子匿名认证与密钥协商协议。该协议通过融合智能卡、口令和生物认证技术，并增加口令与生物特征更新阶段以及智能卡更新分配阶段，并利用椭圆曲线上的计算性Diffie-Hellman（CDH）假设进行信息交互，来实现安全通信。在随机预言机模型下证明了所提协议的安全性。与同类协议进行对比分析的结果表明，所提协议能有效防范智能卡丢失攻击、重放攻击等多种攻击，实现了匿名性、口令自由更新等更全面的功能，且具有较高的计算和通信效率。

关键词: 匿名认证, 密钥协商, 安全性证明, 智能卡, 生物认证技术

CLC Number:

TP309

Ping ZHANG, Yiqiao JIA, Jiechang WANG, Nianfeng SHI. Three-factor anonymous authentication and key agreement protocol[J]. Journal of Computer Applications, 2021, 41(11): 3281-3287.

张平, 贾亦巧, 王杰昌, 石念峰. 三因子匿名认证与密钥协商协议[J]. 《计算机应用》唯一官方网站, 2021, 41(11): 3281-3287.

Figures/Tables 6

Tab. 1 Description of main symbols

符号	含义
Z_q	有限域
$Z q *$	Z_q\｛0｝
G	椭圆曲线E上的点组成的群
P	群G的生成元
q	大素数
｛0，1｝^*	任意长度的0，1序列
｛0，1｝^l	长度为l的0，1序列
⊕，‖	异或运算符，字符串连接符
C，S	客户，服务提供方
$I D C$ ，PW_C	客户C的唯一身份识别号，口令
B_C	客户C的生物特征信息
CPW_C	客户C的加密口令
$I D S$	服务提供方S的唯一身份识别号
s，P₀	服务提供方的私钥，公钥
A	敌手
T	模拟器
$H (·)$	单向hash函数
AID_C	客户C的账户索引
CID_C	随机化客户匿名
M_C，M_S	智能卡与服务提供方的验证信息
V	临时密钥
SK	共享会话密钥
A $⇒$ B	A将消息M经由安全的秘密信道发送给B
A→B	A将消息M经由公开信道发送给B

Tab. 1 Description of main symbols

符号	含义
Z_q	有限域
$Z q *$	Z_q\｛0｝
G	椭圆曲线E上的点组成的群
P	群G的生成元
q	大素数
｛0，1｝^*	任意长度的0，1序列
｛0，1｝^l	长度为l的0，1序列
⊕，‖	异或运算符，字符串连接符
C，S	客户，服务提供方
$I D C$ ，PW_C	客户C的唯一身份识别号，口令
B_C	客户C的生物特征信息
CPW_C	客户C的加密口令
$I D S$	服务提供方S的唯一身份识别号
s，P₀	服务提供方的私钥，公钥
A	敌手
T	模拟器
$H (·)$	单向hash函数
AID_C	客户C的账户索引
CID_C	随机化客户匿名
M_C，M_S	智能卡与服务提供方的验证信息
V	临时密钥
SK	共享会话密钥
A $⇒$ B	A将消息M经由安全的秘密信道发送给B
A→B	A将消息M经由公开信道发送给B

Fig. 1 Registration phase

Fig. 2 Authentication and agreement phase

Tab. 2 Symbol definition and its single calculation time

符号	定义	单次计算时间/s
T_m	椭圆曲线上的点乘运算	0.050 3
T_h	hash函数运算	0.000 5
T_e	指数模幂运算	0.522 0

Tab. 3 Computational performance comparison of different protocols

协议	运算量	信息交互次数
文献［8］协议	6T_m+10T_h+2Mac	5
文献［21］协议	6T_m+5T_h	3
文献［22］协议	2T_e+20T_h	3
本文协议Q	6T_m+9T_h	2

Tab. 4 Safety performance comparison of different protocols

性质	文献［8］协议	文献［21］协议	文献［22］协议	本文协议Q
前向安全性	√	√	√	√
双向认证	√	√	√	√
抗重放攻击	√	√	√	√
抗已知密钥攻击	√	√	√	√
抗口令猜测攻击	√	×	√	√
抵抗内部攻击	√	√	√	√
抗生物特征丢失攻击	√	√	√	√
抗智能卡丢失攻击	√	√	√	√
客户口令自由更新	×	√	×	√
匿名性	×	√	√	√
抗中间人攻击	√	√	√	√
抗平行会话攻击	√	√	√	√

References 27

1	李晓伟，张玉清，张格非，等.基于智能卡的强安全认证与密钥协商协议［J］.电子学报，2014，42（8）：1587-1593. 10.3969/j.issn.0372-2112.2014.08.020
	LI X W， ZHANG Y Q， ZHANG G F， et al. Strongly secure authenticated key agreement protocol using smart card ［J］. Acta Electronica Sinica， 2014， 42（8）： 1587-1593. 10.3969/j.issn.0372-2112.2014.08.020
2	LAMPORT L. Password authentication with insecure communication ［J］. Communications of the ACM， 1981， 24（11）： 770-772. 10.1145/358790.358797
3	JUANG W S， CHEN S T， LIAW H T. Robust and efficient password-authenticated key agreement using smart cards ［J］. IEEE Transactions on Industrial Electronics， 2008， 55（6）： 2551-2556. 10.1109/tie.2008.921677
4	SUN D Z， HUAI J P， SUN J Z， et al. Improvements of Juang’s password-authenticated key agreement scheme using smart cards ［J］. IEEE Transactions on Industrial Electronics， 2009， 56（6）： 2284-2291. 10.1109/tie.2009.2016508
5	BELLARE M， POINTCGEVAL D， ROGAWAY P. Authenticated key exchange secure against dictionary attacks ［C］// Proceedings of the 2000 International Conference on the Theory and Applications of Cryptographic Techniques， LNCS1807. Berlin： Springer， 2000： 139-155.
6	王倩.基于口令的智能卡认证密钥协商协议的研究与设计［D］.沈阳：沈阳师范大学，2014：24-28. 10.1109/icact.2015.7224880
	WANG Q. Research and design of password-based mutual authentication key agreement scheme with smart card ［D］. Shenyang： Shenyang Normal University， 2014： 24-28. 10.1109/icact.2015.7224880
7	MISHRA D， DAS A K， CHATURVEDI A， et al. A secure password-based authentication and key agreement scheme using smart cards ［J］. Journal of Information Security and Applications， 2015， 23：28-43. 10.1016/j.jisa.2015.06.003
8	李晓伟，杨邓奇，陈本辉，等.基于生物特征和口令的双因子认证与密钥协商协议［J］.通信学报，2017，38（7）：89-95. 10.11959/j.issn.1000-436x.2017148
	LI X W， YANG D Q， CHEN B H， et al. Two-factor authenticated key agreement protocol based on biometric feature and password ［J］. Journal on Communications， 2017， 38（7）：89-95. 10.11959/j.issn.1000-436x.2017148
9	薛素静，孔梦荣.基于单向哈希函数的远程口令认证方案［J］. 计算机应用研究，2008，25（2）：512-515. 10.3969/j.issn.1001-3695.2008.02.060
	XUE S J， KONG M R. New remote password authentication scheme based on one-way hash function ［J］. Application Research of Computers， 2008， 25（2）：512-515. 10.3969/j.issn.1001-3695.2008.02.060
10	刘润杰，刘恒超，申金媛.一种改进的智能卡远程用户匿名认证方案［J］.计算机工程与科学，2016，38（3）：465-470. 10.3969/j.issn.1007-130X.2016.03.011
	LIU R J， LIU H C， SHEN J Y. An improved remote user anonymous authentication scheme using smart cards ［J］. Computer Engineering and Science， 2016， 38（3）： 465-470. 10.3969/j.issn.1007-130X.2016.03.011
11	龙威.基于生物特征的匿名身份认证研究［D］.北京：北京交通大学，2015：33-36. 10.18552/2016/scmt4s312
	LONG W. Research on anonymous identity authentication based on biometrics ［D］. Beijing： Beijing Jiaotong University， 2015： 33-36. 10.18552/2016/scmt4s312
12	李艳平，刘小雪，屈娟，等.基于智能卡的多服务器远程匿名认证密钥协商协议［J］.四川大学学报（工程科学版），2016，48（1）：91-98. 10.15961/j.jsuese.2016.01.014
	LI Y P， LIU X X， QU J， et al. Multi-server anonymous remote authenticated key agreement protocol based on smart card ［J］. Journal of Sichuan University （Engineering Science Edition）， 2016， 48（1）： 91-98. 10.15961/j.jsuese.2016.01.014
13	侯枫.一种新型的基于口令和生物特征的双因子认证与密钥协商协议［J］.宏观经济管理，2017（S1）：239-240.
	HOU F. A new two-factor authentication and key agreement protocol based on password and biometric feature ［J］. Macroeconomic Management， 2017（S1）：239-240.
14	刘鑫玥，潘巍，王新艳，等.一种更安全的基于智能卡的多服务器身份认证方案研究［J］.计算机应用研究，2017，34（11）：3446-3450. 10.3969/j.issn.1001-3695.2017.11.055
	LIU X Y， PAN W， WANG X Y， et al. Research of smart card based multi-server identity authentication scheme ［J］. Application Research of Computers， 2017， 34（11）： 3446-3450. 10.3969/j.issn.1001-3695.2017.11.055
15	HE D B， ZHANG Y Y， CHEN J H. Robust biometric-based user authentication scheme for wireless sensor networks ［J］. Ad Hoc and Sensor Wireless Networks， 2015， 25： 309-321．
16	CHUANG M C， CHEN M C. An anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometric ［J］. Expert Systems with Applications， 2014， 41（4）： 1411-1418. 10.1016/j.eswa.2013.08.040
17	MISHRA D， DAS A K， MUKHOPADHYAY S. A secure user anonymity-preserving biometric-based multi-server authenticated key agreement scheme using smart cards ［J］. Expert Systems with Applications， 2014， 41（18）： 8129-8143. 10.1016/j.eswa.2014.07.004
18	王瑞兵，陈建华，张媛媛.一个匿名的基于生物特征的多服务器的密钥认证协议方案的研究［J］.计算机应用研究，2016，33（7）：2190-2196. 10.3969/j.issn.1001-3695.2016.07.059
	WANG R B， CHEN J H， ZHANG Y Y. Research of anonymous biometric-based multi-server authentication key agreement scheme using smart card ［J］. Application Research of Computers， 2016， 33（7）： 2190-2196. 10.3969/j.issn.1001-3695.2016.07.059
19	CHAUDHRY S A. A secure biometric based multi-server authentication scheme for social multimedia network ［J］. Multimedia Tools and Applications， 2016， 75（20）： 12705-12725. 10.1007/s11042-015-3194-0
20	夏鹏真，陈建华.基于椭圆曲线密码的多服务器环境下三因子认证协议［J］.计算机应用研究，2017，34（10）：3061-3067. 10.3969/j.issn.1001-3695.2017.10.041
	XIA P Z， CHEN J H. Three-factor authentication scheme for multi-server environments based on elliptic curve cryptography ［J］. Application Research of Computers， 2017， 34（10）： 3061-3067. 10.3969/j.issn.1001-3695.2017.10.041
21	殷秋实，陈建华.多服务器环境下基于椭圆曲线密码的改进的身份认证协议［J］.计算机科学，2018，45（6）：111-116，150. 10.11896/j.issn.1002-137X.2018.06.019
	YIN Q S， CHEN J H. Improved identity authentication protocol based on elliptic curve cryptography in multi-server environment ［J］. Computer Science， 2018， 45（6）： 111-116， 150. 10.11896/j.issn.1002-137X.2018.06.019
22	杜浩瑞，陈建华，戚明平，等.一个前向安全的基于RSA的多服务器的认证协议［J］.计算机科学，2019，46（11A）：409-413， 437.
	DU H R， CHEN J H， QI M P， et al. Forward-secure RSA-based multi-server authentication protocol ［J］. Computer Science， 2019， 46（11A）： 409-413， 437.
23	李晓伟.可证明安全的认证与密钥协商协议研究［D］.西安：西安电子科技大学，2013：40-47. 10.1109/icmecg.2014.29
	LI X W. Research on provably secure authenticated key agreement protocol ［D］. Xi’an： Xidian University， 2013： 40-47. 10.1109/icmecg.2014.29
24	曹建宇.匿名认证与密钥分配协议研究［D］.桂林：桂林电子科技大学，2012：21-26.
	CAO J Y. Research on anonymous authentication and key distribution protocol ［D］. Guilin： Guilin University of Electronic Technology， 2012： 21-26.
25	CHIOU S Y， YING Z Q， LIU J Q. Improvement of a privacy authentication scheme based on cloud for medical environment［J］. Journal of Medical Systems， 2016， 40（4）： Article No.101. 10.1007/s10916-016-0453-1
26	WANG D， WANG N， WANG P， et al. Preserving privacy for free： efficient and provably secure two-factor authentication scheme with user anonymity ［J］. Information Sciences， 2015， 321： 162-178. 10.1016/j.ins.2015.03.070
27	胡兆鹏，丁卫平，高瞻，等.一种基于区块链技术的多阶段级联无线安全认证方案［J］.计算机科学，2019，46（12）：180-185. 10.11896/jsjkx.181102170
	HU Z P， DING W P， GAO Z， et al. Multi-stage cascade wireless security authentication scheme based on blockchain technology ［J］. Computer Science， 2019， 46（12）： 180-185. 10.11896/jsjkx.181102170

[1]	Juangui NING, Guofang DONG. Blockchain-based vehicle-to-infrastructure fast handover authentication scheme in VANET [J]. Journal of Computer Applications, 2024, 44(1): 252-260.
[2]	Jingwen WU, Xinchun YIN, Jianting NING. Revocable aggregate signature authentication scheme for vehicular ad hoc networks [J]. Journal of Computer Applications, 2022, 42(3): 911-920.
[3]	Shengwei XU, Jie KANG. Multiparty quantum key agreement protocol based on logical single particle [J]. Journal of Computer Applications, 2022, 42(1): 157-161.
[4]	DU Xinyu, WANG Huaqun. Dynamic group based effective identity authentication and key agreement scheme in LTE-A networks [J]. Journal of Computer Applications, 2021, 41(6): 1715-1722.
[5]	CHEN Weiwei, CAO Li, SHAO Changhong. Blockchain based efficient anonymous authentication scheme for IOV [J]. Journal of Computer Applications, 2020, 40(10): 2992-2999.
[6]	LIU Xindong, XU Shuishuai, CHEN Jianhua. Authentication scheme for smart grid communication based on elliptic curve cryptography [J]. Journal of Computer Applications, 2019, 39(3): 779-783.
[7]	WANG Songwei, CHEN Jianhua. Multi-factor authentication key agreement scheme based on chaotic mapping [J]. Journal of Computer Applications, 2018, 38(10): 2940-2944.
[8]	LUO Xiaoshuang, YANG Xiaoyuan, WANG Xu'an. A private set intersection protocol against malicious attack [J]. Journal of Computer Applications, 2017, 37(6): 1593-1598.
[9]	SUN Zongqi, ZANG Haijuan, ZHANG Chunhua, PAN Yong. Improved algorithm for multiplication and division error detection based on delta code [J]. Journal of Computer Applications, 2017, 37(4): 975-979.
[10]	ZHANG Fan, ZHANG Cong, ZHAO Zemao, XU Mingdi. Secure instant-messaging method for mobile intelligent terminal [J]. Journal of Computer Applications, 2017, 37(2): 402-407.
[11]	HU Zhenyu, LI Zhihua, CHEN Chaoqun. Authentication scheme for mobile terminals based on user society relation [J]. Journal of Computer Applications, 2016, 36(6): 1552-1557.
[12]	YUAN Simin, MA Chuangui, XIANG Shengqi. Identity-based group key exchange protocol for unbalanced network environment [J]. Journal of Computer Applications, 2015, 35(5): 1399-1405.
[13]	ZHANG Gang, SHI Runhua, ZHONG Hong, WANG Yimin. Novel anonymous authentication scheme without cryptography in vehicular Ad Hoc network [J]. Journal of Computer Applications, 2015, 35(3): 741-745.
[14]	SHI Lei, SU Jinhai, GUO Yixi. Optimal routing selection algorithm of end-to-end key agreement in quantum key distribution network [J]. Journal of Computer Applications, 2015, 35(12): 3336-3340.
[15]	YANG Bo LI Shundong. New scheme for privacy-preserving in electronic transaction [J]. Journal of Computer Applications, 2014, 34(9): 2635-2638.

Three-factor anonymous authentication and key agreement protocol

三因子匿名认证与密钥协商协议

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 6

References 27

Related Articles 15

Recommended Articles

Metrics