A lightweight authentication and key agreement protocol preserving user anonymity

Nowadays with widespread employment of the Internet, servers provide various services for legal users. The vital issue in client/server connections is authentication protocols that make the communication channel safe and secure against famous attacks. Recently, Kumari et al. and Chaudhry et al. proposed two authentication and key agreement protocols and illustrated that their proposed protocols are secure against various security attacks. However, in this paper we demonstrate that both protocols are vulnerable to off-line password guessing attacks. Moreover, we show that Kumari et al.’s protocol does not provide the property of user anonymity. In order to overcome these weaknesses, we propose a lightweight authentication and key agreement protocol. The correctness of the proposed protocol is proved using BAN logic. Security analysis demonstrates that the proposed protocol resists various security attacks and provides user anonymity. Furthermore, performance analysis confirms that the computation cost of the proposed protocol is acceptable.

     

A novel user identification scheme with key distribution preserving user anonymity for distributed computer networks

Recently, Yang et al. proposed an efficient user identification scheme with key distribution, in which it is possible for the user to anonymously log into a system and establish a secret key shared with the system. Mangipudi and Katti later demonstrated a Deniable-of-Service (DoS) attack on the Yang et al. scheme and then proposed an improvement to withstand such an attack. However, this paper demonstrates an identity disclosure attack to show that neither schemes’ claimed user anonymity requirement can be achieved. We further propose a novel user identification scheme with key distribution preserving user anonymity for distributed computer networks. The proposed scheme not only withstands the attacks mentioned above, but also achieves the following: (i) user anonymity, (ii) key distribution, (iii) mutual authentication, and (iv) key confirmation. The performance of our scheme is of greater efficiency than that of previously proposed schemes in terms of communication costs and computational complexities.     

An efficient and non-interactive hierarchical key agreement protocol

The non-interactive identity-based key agreement schemes are believed to be applicable to mobile ad-hoc networks (MANETs) that have a hierarchical structure such as hierarchical military MANETs. It was observed by Gennaro et al. (2008) that there is still an open problem on the security of the existing schemes, i.e., how to achieve the desirable security against corrupted nodes in the higher levels of a hierarchy? In this paper, we propose a novel and very efficient non-interactive hierarchical identity-based key agreement scheme that solves the open problem and outperforms all existing schemes in terms of computational efficiency and data storage.     

基于ECC的密钥协商及双向认证方案

针对当前移动通信系统中认证和密钥协商协议存在的安全缺陷,提出一种基于椭圆曲线密码体制的双向认证和密钥协商方案,用于移动网络中任意用户之间,或用户与网络之间进行双向认证和会话密钥的安全协商.该方案采用ECC技术,能够在更小的密钥量下提供更大的安全性,减少对带宽的需求,降低移动终端的计算负担和存储要求.     

一种匿名认证密钥协商协议*

大多数的认证密钥协商协议没有考虑用户的匿名性,在分析已有MAKAP协议的基础上,提出了一种具有用户匿名性的认证密钥协商协议AKAPA,为用户提供隐私保护。在随机预言机模型下证明其安全性,并就增强的安全属性进行了分析,表明AKAPA具有完美前向安全性,能够抗未知共享密钥攻击和完善拒绝服务攻击等。性能分析表明效率优于已有协议,具有较高的实用性。     

SE-AKA: A secure and efficient group authentication and key agreement protocol for LTE networks

To support Evolved Packet System (EPS) in the Long Term Evolution (LTE) networks, the 3rd Generation Partnership Project (3GPP) has proposed an authentication and key agreement (AKA) protocol, named EPS-AKA, which has become an emerging standard for fourth-generation (4G) wireless communications. However, due to the requirement of backward compatibility, EPS-AKA inevitably inherits some defects of its predecessor UMTS-AKA protocol that cannot resist several frequent attacks, i.e., redirection attack, man-in-the-middle attack, and DoS attack. Meanwhile, there are additional security issues associated with the EPS-AKA protocol, i.e., the lack of privacy-preservation and key forward/backward secrecy (KFS/KBS). In addition, there are new challenges with the emergence of group-based communication scenarios in authentication. In this paper, we propose a secure and efficient AKA protocol, called SE-AKA, which can fit in with all of the group authentication scenarios in the LTE networks. Specifically, SE-AKA uses Elliptic Curve Diffie-Hellman (ECDH) to realize KFS/KBS, and it also adopts an asymmetric key cryptosystem to protect users’ privacy. For group authentication, it simplifies the whole authentication procedure by computing a group temporary key (GTK). Compared with other authentication protocols, SE-AKA cannot only provide strong security including privacy-preservation and KFS/KBS, but also provide a group authentication mechanism which can effectively authenticate group devices. Extensive security analysis and formal verification by using proverif have shown that the proposed SE-AKA is secure against various malicious attacks. In addition, elaborate performance evaluations in terms of communication, computational and storage overhead also demonstrates that SE-AKA is more efficient than those existing protocols.     

独立网络中新的双方密钥协商协议

现有的密钥协商协议大多研究同一密钥生成中心(KGC)下的安全会话,即参与者的参数都由同一KGC提供。为了实现处于不同KGC中的参与者的安全会话,采用椭圆曲线设计方案提出了一种新的基于身份的双方认证密钥协商协议,新协议实现了两个具有独立参数的KGC中参与者的安全密钥协商。还利用改进的Blake-Wilson模型对新协议的安全性进行了严格的形式化证明。通过分析表明该新协议不但具有足够的安全性,而且还具备计算量小、效率高的特点,因而,可用于对能耗要求高的轻量级设备中。     

New efficient user identification and key distribution scheme providing enhanced security

Apart from user identification and key distribution, it is very useful for the login process to achieve user anonymity. Recently, Wu and Hsu proposed an efficient user identification scheme with key distribution while preserving user anonymity by extending an earlier work of Lee and Chang. We however find out that the Wu and Hsu scheme has a serious weakness, which can be exploited by the service provider to learn the secret token of the user who requests services from the service provider. We further propose a scheme to overcome this limitation while attaining the same set of objectives as the previous works. Performance analyses have shown that efficiency in terms of both computation and communication is not sacrificed in our scheme.     

三因子匿名认证与密钥协商协议

为确保通信双方的信息安全,很多认证与密钥协商（AKA）协议被提出并应用于实际场景中。然而现有三因子协议都存在安全漏洞,如易受智能卡丢失攻击、口令猜测攻击等,有的更是忽略了匿名性。针对上述问题提出了一种三因子匿名认证与密钥协商协议。该协议通过融合智能卡、口令和生物认证技术,并增加口令与生物特征更新阶段以及智能卡更新分配阶段,并利用椭圆曲线上的计算性Diffie-Hellman（CDH）假设进行信息交互,来实现安全通信。在随机预言机模型下证明了所提协议的安全性。与同类协议进行对比分析的结果表明,所提协议能有效防范智能卡丢失攻击、重放攻击等多种攻击,实现了匿名性、口令自由更新等更全面的功能,且具有较高的计算和通信效率。     

鲁棒且高效的远程认证及密钥协商协议

由于口令容易记忆,基于口令的认证协议已被广泛采用于各种网络服务中。然而由于口令的低熵性导致了基于口令的认证协议易遭受到各种攻击。2011年,Islam等(ISLAM SK H, BISWAS G P. Improved remote login scheme based on ECC. IEEE-International Conference on Recent Trends in Information Technology. Washington, DC: IEEE Computer Society, 2011： 1221-1226)提出一种改进的基于椭圆曲线的远程登录协议,该协议存在着被盗校验子攻击和客户身份冒充攻击,同时并未能提供双向认证。为了解决此类问题提出了一种基于椭圆曲线的远程认证和密钥协商协议(RAKA),RAKA基于椭圆曲线离散对数难题,在执行过程中只需做6次点乘运算和7次哈希运算,比Islam等协议少用1次点乘运算,协议效率提高约15%,是一种比Islam等协议更安全、高效的协议。     

Provably secure and efficient identification and key agreement protocol with user anonymity

Many authentication and key agreement protocols were proposed for protecting communicated messages. In previous protocols, if the user?s identity is transmitted in plaintext, an adversary can tap the communications and employ it to launch some attacks. In most protocols with user anonymity, they focus on satisfaction of several security requirements. From a client?s point of view, those protocols are not admired since the cost of storage, computation and communication is high. In pervasive computing, a client usually uses a limited-resource device to access multiple servers. The storage and computation are very important issues especially in this kind of environments. Also, for a convenience of designing protocol, most protocols use timestamps to prevent the replay attack. As we know, the serious time synchronization problem exists in timestamp-based protocols. Finally, most protocols do not have formal proofs for the security. In this paper, we propose a secure and efficient identification and key agreement protocol with user anonymity based on the difficulty of cracking the elliptic curve Diffie–Hellman assumption. In addition, we also propose an augmented protocol for providing the explicit mutual authentication. Compared with the related protocols, the proposed protocols? computation cost is lower and the key length is shorter. Therefore, our protocols are suitable even for applications in low power computing environments. Finally, we formally prove the security of the proposed protocols by employing the random oracle model.     

An enhanced authenticated key agreement protocol for wireless mobile communication

With the rapid progress of wireless mobile communication, the authenticated key agreement protocol has attracted an increasing amount of attention. However, due to the limitations of bandwidth and storage of the mobile devices, most of the existing authenticated key agreement protocols are not suitable for wireless mobile communication. Quite recently, Sui et al. have presented an efficient authenticated key agreement protocol based on elliptic curves cryptography and included their protocol in 3GPP2 specifications to improve the security of A-Key distribution. However, in this paper, we show that Sui et al.'s protocol can't resist the off-line password guessing attack, and therefore present an enhanced authenticated key agreement protocol. At the same time, we also consider including our enhanced protocol in 3GPP2 specifications.     

An ID-based client authentication with key agreement protocol for mobile client-server environment on ECC with provable security

Recently, lots of remote user authentication schemes are implemented on elliptic curve cryptosystem (ECC) to reduce the computation loads for mobile devices. However, most of those remote user authentication schemes on ECC suffer from different attacks and can not provide provable security. Therefore, we propose an ID-based remote mutual authentication with key agreement scheme on ECC in this paper. The proposed scheme not only provides mutual authentication but also supports a session key agreement between the user and the server. The scheme also provides the known session key security, the perfect forward secrecy, the no key-compromise impersonation, the no unknown key-share and the no key control. Compared with the related works, the proposed scheme is more efficient and practical for mobile devices. We also give a security proof under the random oracle.     

A user friendly mutual authentication and key agreement scheme for wireless sensor networks using chaotic maps

Spread of wireless network technology has opened new doors to utilize sensor technology in various areas via Wireless Sensor Networks (WSNs). Many authentication protocols for among the service seeker users, sensing component sensor nodes (SNs) and the service provider base-station or gateway node (GWN) are available to realize services from WSNs efficiently and without any fear of deceit. Recently, Li et al. and He et al. independently proposed mutual authentication and key agreement schemes for WSNs. We find that both the schemes achieve mutual authentication, establish session key and resist many known attacks but still have security weaknesses. We show the applicability of stolen verifier, user impersonation, password guessing and smart card loss attacks on Li et al.’s scheme. Although their scheme employs the feature of dynamic identity, an attacker can reveal and guess the identity of a registered user. We demonstrate the susceptibility of He et al.’s scheme to password guessing attack. In both the schemes, the security of the session key established between user and SNs is imperfect due to lack of forward secrecy and session-specific temporary information leakage attack. In addition both the schemes impose extra computational load on resource scanty sensor-nodes and are not user friendly due to absence of user anonymity and lack of password change facility. To handle these drawbacks, we design a mutual authentication and key agreement scheme for WSN using chaotic maps. To the best of our knowledge, we are the first to propose an authentication scheme for WSN based on chaotic maps. We show the superiority of the proposed scheme over its predecessor schemes by means of detailed security analysis and comparative evaluation. We also formally analyze our scheme using BAN logic.     

基于混沌映射的用户匿名三方口令认证密钥协商协议

在基于混沌的三方口令认证密钥协商协议中,用户通过低熵的口令实现相互认证和共享会话密钥,以避免在身份认证过程中公钥基础设施或存储用户长期密钥的安全威胁。通过分析Lee提出的基于混沌映射的口令认证密钥协商协议,发现其协议不能进行口令变更,而且仅适用于用户和服务器之间的两方通信。为了改进此方案,提出两个基于切比雪夫混沌映射的用户匿名三方口令认证密钥协商协议,包括基于时钟同步的密钥协商方案和基于随机数的密钥协商方案。其中基于时钟同步的用户匿名三方口令认证密钥协商协议通信量少,基于随机数的用户匿名三方口令认证密钥协商协议更容易实现。两个方案的优点是用户仅选择一个简单的口令进行相互认证和密钥协商,服务器不需要再保护用户口令表,避免了口令相关的攻击,而且在相互认证过程中用户使用临时身份和哈希函数,实现用户匿名性,在增强协议安全性的同时,减少了通信过程中消息的数量,提高了协议的执行效率,具有完美前向安全,并用BAN逻辑证明了其安全性。     

基于身份的移动网动态群组密钥协商方案

群组密钥协商是群组通信中非常重要的基本工具,如何得到一个安全有效的密钥协商协议是当前密码学研究中的一个重要问题。基于双线性对和随机预言模型,针对移动网络提出了一个动态群组密钥协商方案。此方案就计算复杂度和通信复杂度而言都是高效的,而且满足密钥协商所需要的安全要求。     

基于公钥体制的3GPP认证与密钥协商协议

对比了第三代移动通信系统中的认证与密钥协商协议,分析了第三代合作伙伴计划(3GPP)最新发布的系统架构演进(SAE) Re1ease 8标准的认证与密钥协商协议,指出了协议中存在的几个安全缺陷。针对协议的安全缺陷,结合公钥密码体制提出一种改进的3GPP SAE认证与密钥协商协议。改进协议利用公钥加密机制保护用户身份信息和网络域的用户认证向量,采用动态随机数方式生成本地认证中需要的密钥。对改进协议进行安全和效率分析的结果表明,该协议可以有效解决上述安全缺陷,能以较少的资源开销获取安全性能的提升。     

An improved identity-based key agreement protocol and its security proof

We revisit the identity-based (ID-based) key agreement protocol due to Ryu et al. The protocol is highly efficient and suitable for real-world applications despite offering no resilience against key-compromise impersonation (K-CI). We show that the protocol is also insecure against reflection attacks. We propose a slight modification to the protocol and prove its security in a widely accepted model.     

A three round authenticated group key agreement protocol for ad hoc networks

Group Key Agreement (GKA) protocols enable the participants to derive a key based on each one’s contribution over a public network without any central authority. They also provide efficient ways to change the key when the participants change. While some of the proposed GKA protocols are too resource consuming for the constraint devices often present in ad hoc networks, others lack a formal security analysis. In this paper, we propose a simple, efficient and secure GKA protocol well-suited to ad hoc networks and present results of our implementation of the same in a prototype application.     

An efficient mutual authentication and key agreement scheme without password for wireless sensor networks

The Journal of Supercomputing - Wireless sensor networks (WSNs) are usually deployed in hostile or unattended areas, and users need to obtain real-time data from WSNs. The data collected by sensor...