UC安全的双向口令认证密钥协商协议

doi:10.3969/j.issn.1000-3428.2014.02.030

计算机工程

UC安全的双向口令认证密钥协商协议

刘松，果乃福，谢帆，张丽，李淼

(解放军65012部队，沈阳 110101)

收稿日期:2012-12-03 出版日期:2014-02-15 发布日期:2014-02-13
作者简介:刘松(1977－)，男，工程师、硕士，主研方向：网络安全；果乃福，高级工程师；谢帆、张丽，工程师；李淼，博士研究生

Universally Composable Secure Mutual Password-authenticated Key Exchange Protocol

LIU Song, GUO Nai-fu, XIE Fan, ZHANG Li, LI Miao

(The 65012 Unit of PLA, Shenyang 110101, China)

Received:2012-12-03 Online:2014-02-15 Published:2014-02-13

摘要/Abstract

摘要： 针对多数口令密钥协商(PAKE)协议不具备双向认证功能的问题，基于通用可组合(UC)模型，提出一种UC安全的双向口令认证密钥协商(MPAKE)协议。定义具有双向认证功能的PAKE协议理想函数，描述实体之间的双向认证关系，并利用联合状态UC模型构造实现该理想函数的协议，使协议实体之间可以使用共享参数。该协议基于口令实现了双向认证，并能够协商出会话密钥。通过构造仿真器及其执行的操作分析MPAKE的不可区分性，从而证明该协议是UC安全的，并且结构简单，可保证在任意多方环境中并行运行时的安全。

关键词: 口令认证密钥协商协议, 双向认证, 通用可组合安全, 仿真器, 认证协议, 安全性证明

Abstract: To solve the problem that mutual authentication is lacked in many existing Password-authenticated Key Exchange(PAKE) protocol, this paper proposes an Universally Composable(UC) secure Mutual Password-authenticated Key Exchange(MPAKE) protocol. An ideal function of PAKE protocol with mutual authentication is defined, the mutual authentication between entities is described explicitly in the defined function, and a new protocol which achieves the ideal function is constructed based on the Joint state UC(JUC) model. So the shared parameters can be used to facilitate the protocol between entities. The new protocol can realize mutual authentication based on password and a session key can also be negotiated. The emulator and its operations are constructed, and its indistinguishability is analyzed. Thus the constructed new PAKE protocol with mutual authentication is proved to be UC secure and simple structure, and the security of protocol is realized when running in parallel in any multi-party environment.

Key words: Password-authenticated Key Exchange(PAKE) protocol, mutual authentication, Universally Composable(UC) secure, emulator, authentication protocol, security proof

中图分类号:

TP309

刘松，果乃福，谢帆，张丽，李淼. UC安全的双向口令认证密钥协商协议[J]. 计算机工程, doi: 10.3969/j.issn.1000-3428.2014.02.030.

LIU Song, GUO Nai-fu, XIE Fan, ZHANG Li, LI Miao. Universally Composable Secure Mutual Password-authenticated Key Exchange Protocol[J]. Computer Engineering, doi: 10.3969/j.issn.1000-3428.2014.02.030.

http://www.ecice06.com/CN/Y2014/V40/I2/140

参考文献

参考文献 [1] Halevi S, Krawczyk H. Public-key Cryptography and Password Protocols[J]. ACM Transcations on Information and Systems Security, 1999, 2(3): 230-268. [2] 查俊, 苏锦海, 张学润. 一个新的基于口令的密钥协商协议[J]. 计算机应用研究, 2010, 27(10): 3885-3888. [3] Bellovin S M, Merritt M. Encrypted Key Exchange: Password- Based Protocols Secure Against Dictionary Attacks[C]//Proc. of IEEE Computer Society Symposium on Research in Security and Privacy. Oakland, USA: IEEE Computer Society, 1992. [4] Bellare M, Pointcheval D, Rogaway P. Authenticated Key Exchange Secure Against Dictionary Attacks[C]//Proc. of EUROCRYPT’00. Bruges, Belgium: [s. n.], 2000: 139-155. [5] Boyko V, MacKenzie P, Patel S. Provably Secure Password Authentication and Key Exchange Using Diffie-Hellman[C]// Proc. of EUROCRYPT’00. Bruges, Belgium: [s. n.], 2000: 156-171. [6] Goldreich O, Lindell Y. Session-Key Generation Using Human Passwords Only[C]//Proc. of EUROCRYPT’01. Heidelberg, Germany: Springer-Verlag, 2001: 408-432. (下转第147页) (上接第143页) [7] 邓淼磊, 王玉磊, 周利华. 通用可组合的三方口令认证密钥交换协议[J]. 电子与信息学报, 2010, 32(8): 1948-1953. [8] Canetti R, Halevi S, Katz J, et al. Universally Composable Password-based Key Exchange[C]//Proc. of EUROCRYPT’05. Aarhus, Denmark: Springer-Verlag, 2005: 404-421. [9] Abdalla M, Catalano D. Efficient Two-party Password-based Key Exchange Protocols in the UC Framework[C]//Proc. of CT-RSA’08. San Francisco, USA: [s. n.], 2008. [10] Canetti R. Universally Composable Security: A New Paradigm for Cryptographic Protocols[C]//Proc. of IEEE Annual Sym- posium on Foundations of Computer Science. Nevada, USA: IEEE Press, 2001. [11] Canetti R, Herzog J. Universally Composable Symbolic Analysis of Mutual Authentication and Key-exchange Protocols[C]//Proc. of TCC’06. New York, USA: [s. n.], 2006. [12] Ran C, Tal R. Universal Composition with Joint State[C]//Proc. of CRYPTO’03. Barbara, USA: [s. n.], 2003: 265-281. 编辑金胡考

[1]	张超, 彭长根, 丁红发, 许德权. 基于国密SM9的可搜索加密方案[J]. 计算机工程, 2022, 48(7): 159-167.
[2]	刘家航, 郁龚健, 李佩琦, 华夏, 柴志雷, 陈闻杰. 基于SNN神经元重分布的NEST仿真器性能优化[J]. 计算机工程, 2022, 48(3): 189-196.
[3]	李康, 张鲁飞, 张新伟, 郁龚健, 刘家航, 吴东, 柴志雷. 基于FPGA集群的脉冲神经网络仿真器设计[J]. 计算机工程, 2020, 46(10): 201-209.
[4]	顾洁, 朱宗卫, 徐友庆, 周世斌, 李奥, 张国鹏. NS-3仿真环境中IEEE802.11服务区分机制的研究[J]. 计算机工程, 2019, 45(8): 135-140.
[5]	卿哲嘉. 基于LPN具有一般中间人安全的两轮认证协议[J]. 计算机工程, 2019, 45(2): 129-133.
[6]	刘博雅,张悦,杨亚涛,孙亚飞. 基于PUF函数的轻量级双向认证协议[J]. 计算机工程, 2019, 45(2): 38-41,52.
[7]	江泽涛, 时晨. 混合云环境下基于异构系统的跨域身份认证方案[J]. 计算机工程, 2019, 45(10): 13-18.
[8]	曾艾婧,文捷,刘百祥. 基于LPN的抗擦除攻击认证协议[J]. 计算机工程, 2019, 45(1): 141-144,152.
[9]	万爱兰,韩牟,马世典,王运文,华蕾,冯晓林. 基于一次性密码本的车内网身份认证协议[J]. 计算机工程, 2018, 44(6): 141-146,161.
[10]	杨建喜,张悦,池亚平,许萍. 基于物理不可克隆函数的小区重选安全协议设计[J]. 计算机工程, 2018, 44(11): 154-157,164.
[11]	彭彦彬,田野,彭新光. 一种端到端的医疗无线体域网轻量认证协议[J]. 计算机工程, 2017, 43(6): 73-77.
[12]	李子臣,刘博雅,王培东,杨亚涛. 基于SM2与零知识的射频识别双向认证协议[J]. 计算机工程, 2017, 43(6): 97-100,104.
[13]	刘博雅,刘年义,杨亚涛,李子臣. 基于椭圆曲线密码的无线射频识别双向认证协议[J]. 计算机工程, 2017, 43(1): 196-200.
[14]	李翠,石林. 基于射频识别的安全认证协议设计[J]. 计算机工程, 2016, 42(3): 172-176.
[15]	汪自旺,徐洋,谢晓尧,张帅,陈燚. 基于可信交换别名的VANET混合认证方案[J]. 计算机工程, 2016, 42(12): 145-150.

选择文件类型/文献管理软件名称

选择包含的内容

UC安全的双向口令认证密钥协商协议

Universally Composable Secure Mutual Password-authenticated Key Exchange Protocol

PDF

可视化

被引次数

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics

本文评价

模态框（Modal）标题

选择文件类型/文献管理软件名称

选择包含的内容

UC安全的双向口令认证密钥协商协议

Universally Composable Secure Mutual Password-authenticated Key Exchange Protocol

PDF

可视化

被引次数

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics

本文评价