一种基于切比雪夫混沌映射的可证明安全的溯源认证协议

doi:10.3969/j.issn.1671-1122.2022.12.004

摘要/Abstract

摘要：

为降低计算开销，提高安全性，文章利用哈希函数的不可逆性和切比雪夫混沌映射的半群特性设计了一种溯源验证算法，并基于该算法设计了注册中心（Registry Centre，RC）离线模式的身份认证协议。文章提出的方案将传统的口令与生物特征、公钥密码相结合，实现了三因素认证和双向溯源认证，并且不需要注册中心参与认证过程。文章在认证方案中设计了双密钥双重加密机制，通过计算得到一次性密钥，传输的信息使用一次性密钥进行加密，能够有效降低计算开销，实现密文传输、隐私保护和前向安全。通过安全性分析、BAN逻辑证明、ProVerif工具仿真验证表明，文章提出的协议是安全的；与其他同类方案相比，文章所提方案更安全、更高效，适用于资源有限的移动互联网络环境。

关键词: 切比雪夫混沌映射, 溯源验证, BAN逻辑, ProVerif, 身份认证

Abstract:

In order to reduce computational cost and improve security, a novel traceability verification algorithm was designed by means of the irreversibility of the Hash function and the semigroup characteristic of the Chebyshev chaotic map. Based on the traceability verification algorithm, an authentication protocol of registry centrel offline mode was proposed. The proposed scheme combined the traditional password, biological features and public key cryptography to realize the three-factor authentication and mutual traceability authentication. The dual-key dual-encryption mechanism was designed in the authentication scheme. The calculated one-time key was used to encrypt the transmitted information, which can effectively reduce the computation cost and realize the ciphertext transmission, privacy protection and forward security. Through security analysis, BAN logic proof, and ProVerif simulation tool verification, the results show that the protocol is secure. Compared with other similar schemes, the proposed scheme is safer and more efficient. To conclude, the proposed scheme is easy to be realized in the resource-limited mobile Internet environment.

Key words: Chebyshev chaos map, traceability verification, BAN logic, ProVerif, authentication

中图分类号:

TP309

张昱, 孙光民, 翟鹏, 李煜. 一种基于切比雪夫混沌映射的可证明安全的溯源认证协议[J]. 信息网络安全, 2022, 22(12): 25-33.

ZHANG Yu, SUN Guangmin, ZHAI Peng, LI Yu. A Provably Secure Traceability Authentication Protocol Based on Chebyshev Chaotic Map[J]. Netinfo Security, 2022, 22(12): 25-33.

图/表 11

图1

图2

表1

图3

图4

图5

表2

表3

表4

BAN逻辑的推理规则

序号	规则
R1	$A\left\| \equiv \right.Q\overset{K}{\longleftrightarrow}A,A\triangleleft {{\left\{ X \right\}}_{K}}A\left\| \equiv \right.Q\left\| \sim X \right.$
R2	$A\left\| \equiv \right.\xrightarrow{{{K}_{Q}}}Q,A\triangleleft {{\left\{ X \right\}}_{K_{Q}^{-1}}}A\left\| \equiv \right.Q\left\| \sim X \right.$
R3	$A\left\| \equiv \right.A\overset{Y}{\mathop{\rightleftharpoons }}\,Q,A\triangleleft {{\left\{ X \right\}}_{Y}}A\left\| \equiv \right.Q\left\| \sim X \right.$
R4	$A\left\| \equiv \right.\#\left( X \right),A\left\| \equiv \right.Q\left\| \sim X \right.A\left\| \equiv \right.Q\left\| \equiv \right.X$
R5	$A\left\| \equiv Q\left\| \Rightarrow \right. \right.X,A\left\| \equiv \right.Q\left\| \equiv \right.XA\left\| \equiv \right.X$
R6	$A\triangleleft \left( X,Y \right)A\triangleleft X$
R7	$A\triangleleft {{\left\langle X \right\rangle }_{Y}}A\triangleleft X$
R8	$A\left\| \equiv A\overset{K}{\longleftrightarrow}Q,A \right.\triangleleft {{\left\{ X \right\}}_{K}}A\triangleleft X$
R9	$A\left\| \equiv \xrightarrow{{{K}_{Q}}}Q,A \right.\triangleleft {{\left\{ X \right\}}_{{{K}_{Q}}}}A\triangleleft X$
R10	$A\left\| \equiv \xrightarrow{{{K}_{Q}}}Q,A \right.\triangleleft {{\left\{ X \right\}}_{K_{Q}^{-1}}}A\triangleleft X$
R11	$A\left\| \equiv \#\left( X \right), \right.A\left\| \equiv \#\left( X,Y \right) \right.$
R12	$A\left\| \equiv X,A\left\| \equiv Y, \right. \right.A\left\| \equiv \left( X,Y \right) \right.$
R13	$A\left\| \equiv \left( X,Y \right), \right.A\left\| \equiv \right.X$
R14	$A\left\| \equiv Q\left\| \equiv \right.\left( X,Y \right), \right.A\left\| \equiv \right.Q\left\| \equiv \right.X$
R15	$A\left\| \equiv Q\left\| \sim \right.\left( X,Y \right), \right.A\left\| \equiv \right.Q\left\| \sim \right.X$
R16	$P\left\| \equiv W\overset{K}{\longleftrightarrow}{W}', \right.A\left\| \equiv {W}'\overset{K}{\longleftrightarrow}W \right.$
R17	$A\left\| \equiv Q\left\| \equiv W\overset{K}{\longleftrightarrow}{W}', \right. \right.A\left\| \equiv Q\left\| \equiv \right.{W}'\overset{K}{\longleftrightarrow}W \right.$
R18	$A\equiv W\overset{X}{\mathop{\rightleftharpoons }}\,{W}',A\equiv {W}'\overset{X}{\mathop{\rightleftharpoons }}\,W$
R19	$A\equiv Q\equiv W\overset{X}{\mathop{\rightleftharpoons }}\,{W}',A\equiv Q\equiv {W}'\overset{X}{\mathop{\rightleftharpoons }}\,W$

表4

图6

表5

参考文献 25

[1]	ZHU Hongfeng, HAO Xin, ZHANG Yifeng, et al. A Biometrics-Based Multi-Server Key Agreement Scheme on Chaotic Maps Cryptosystem[J]. Journal of Information Hiding and Multimedia Signal Processing, 2015, 6(2): 211-224.
[2]	JIANG Qi, WEI Fushan, FU Shuai, et al. Robust Extended Chaotic Maps-Based Three-Factor Authentication Scheme Preserving Biometric Template Privacy[J]. Nonlinear Dynamics, 2016, 83(4): 2085-2101. doi: 10.1007/s11071-015-2467-5 URL
[3]	ALI R, PAL A. A Secure and Robust Three-Factor Based Authentication Scheme Using RSA Cryptosystem[J]. International Journal of Business Data Communications and Networking, 2017, 13(1): 74-84. doi: 10.4018/IJBDCN.2017010107 URL
[4]	ZHANG Min. Research and Design of Remote Identity Authentication Schemes Based on Three-Factor in Multi-Environments[D]. Chengdu: Southwest Jiaotong University, 2017.
	张敏. 多环境下基于三因素的远程身份认证协议研究与设计[D]. 成都: 西南交通大学, 2017.
[5]	DONG Xiaolu, LI Meihong, DU Ye, et al. A Biometric Verification Based Authentication Scheme Using Chebyshev Chaotic Mapping[J]. Journal of Beijing University of Aeronautics and Astronautics, 2019, 45(5): 1052-1058.
	董晓露, 黎妹红, 杜晔, 等. 基于切比雪夫混沌映射和生物识别的身份认证方案[J]. 北京航空航天大学学报, 2019, 45(5): 1052-1058.
[6]	ZHOU Simin, GAN Qingqing, WANG Xiaoming. Authentication Scheme Based on Smart Card in Multi-Server Environment[J]. Wireless Networks, 2020, 26(2): 855-863. doi: 10.1007/s11276-018-1828-7 URL
[7]	LWAMO N, ZHU Lihuang, XU Chang, et al. Suaa: A Secure User Authentication Scheme with Anonymity for the Single & Multi-Server Environments[J]. Information Sciences, 2018, 477: 369-385. doi: 10.1016/j.ins.2018.10.037 URL
[8]	ROY S, DAS A, CHATTERJEE S, et al. Provably Secure Fine-Grained Data Access Control over Multiple Cloud Servers in Mobile Cloud Computing Based Healthcare Applications[J]. IEEE Transactions on Industrial Informatics, 2019, 15(1): 457-468. doi: 10.1109/TII.2018.2824815 URL
[9]	CHATTERJEE S, ROY S, DAS A, et al. Secure Biometric-Based Authentication Scheme Using Chebyshev Chaotic Map for Multi-Server Environment[J]. IEEE Transactions on Dependable and Secure Computing, 2018, 15(5): 824-839. doi: 10.1109/TDSC.2016.2616876 URL
[10]	LUO Yuling, LIU Yunqi, LIU Junxiu, et al. ECM-IBS: A Chebyshev Map-Based Broadcast Authentication for Wireless Sensor Networks[J]. International Journal of Bifurcation and Chaos, 2019, 29(9): 1-16.
[11]	RANGWANI D, SADHUKHAN D, RAY S, et al. A Robust Provable-Secure Privacy-Preserving Authentication Protocol for Industrial Internet of Things[J]. Peer-to-peer Networking and Applications, 2021, 14(12): 1548-1571. doi: 10.1007/s12083-020-01063-5 URL
[12]	XU Zhiqiang, HE Debiao, HUANG Xinyi. Secure and Efficient Two-Factor Authentication Protocol Using RSA Signature for Multi-Server Environments[C]// Springer. International Conference on Information and Communications Security. Berlin:Springer, 2017: 595-605.
[13]	BARMAN S, SHUM, H, CHATTOPADHYAY S, et al. A Secure Authentication Protocol for Multi-Server-Based E-Healthcare Using a Fuzzy Commitment Scheme[J]. IEEE Access, 2019, 7: 12557-12574. doi: 10.1109/ACCESS.2019.2893185 URL
[14]	ZHANG Xiao, LIU Jiqiang. Multi-Factor Authentication Protocol Based on Hardware Fingerprint and Biometrics[J]. Netinfo Security, 2020, 20(8): 9-15.
	张骁, 刘吉强. 基于硬件指纹和生物特征的多因素身份认证协议[J]. 信息网络安全, 2020, 20(8): 9-15.
[15]	NAMASUDR S, ROY P. A New Secure Authentication Scheme for Cloud Computing Environment[J]. Concurrency and Computation: Practice and Experience, 2017, 29(20): 1-20.
[16]	KOCAREV L, TASEV Z. Public-Key Encryption Based on Chebyshev Maps[C]// IEEE. International Symposium on Circuits and Systems. New York: IEEE, 2003: 25-28.
[17]	ZHANG Linhua. Cryptanalysis of the Public Key Encryption Based on Multiple Chaotic Systems[J]. Chaos, Solitons and Fractals, 2008, 37(3): 669-674. doi: 10.1016/j.chaos.2006.09.047 URL
[18]	LIU Tianhua, WANG Qian, ZHU Hongfeng. A Multi-Function Password Mutual Authentication Key Agreement Scheme with Privacy Preserving[J]. Journal of Information Hiding and Multimedia Signal Processing, 2014, 5(2): 165-178.
[19]	BURROWS M, ABADI M, NEEDHAM R. A Logic of Authentication[J]. Proceedings of the Royal Society, 1989, 426: 233-271.
[20]	SHUAI Mengxia, XIONG Ling, WANG Changhui, et al. A Secure Authentication Scheme with Forward Secrecy for Industrial Internet of Things Using Rabin Cryptosystem[J]. Computer Communications, 2020, 160(7): 215-227. doi: 10.1016/j.comcom.2020.06.012 URL
[21]	LEE C. A Simple Key Agreement Scheme Based on Chaotic Maps for VSAT Satellite Communications[J]. International Journal of Satellite Communications and Networking, 2013, 31(4): 177-186. doi: 10.1002/sat.1033 URL
[22]	ODELU V, DAS A, GOSWAMI A. A Secure Biometrics-Based Multi-Server Authentication Protocol Using Smart Cards[J]. IEEE Transactions on Information Forensics and Security, 2015, 10(9): 1953-1966. doi: 10.1109/TIFS.2015.2439964 URL
[23]	ZHANG Min, ZHANG Jiashu, ZHANG Ying. Remote Three-Factor Authentication Scheme Based on Fuzzy Extractors[J]. Security and Communication Networks, 2015, 8(4): 682-693. doi: 10.1002/sec.1016 URL
[24]	CHEN Sheng, LIU Yang, GAO Xiang, et al. MobileFaceNets: Efficient CNNs for Accurate Real-Time Face Verification on Mobile Devices[C]// Springer. Chinese Conference on Biometric Recognition. Berlin:Springer, 2018: 428-438.
[25]	MO Jiaqing, HU Zhongwang, SHEN Wei. A Provably Secure Three-Factor Authentication Protocol Based on Chebyshev Chaotic Mapping for Wireless Sensor Network[J]. IEEE Access, 2022, 10: 12137-12152. doi: 10.1109/ACCESS.2022.3146393 URL

符号	意义	符号	意义
RC	注册中心	$(x,{{T}_{{{k}_{j}}}}(x))$,${{k}_{j}}$	服务器的公钥和私钥
$(x,{{T}_{c}}(x))$,$c$	注册中心的公钥和私钥	$H(\cdot )$	Hash函数
$q$	一个大素数	${{E}_{k}}(\cdot )$	密钥为$k$的对称加密运算
$I{{D}_{i}}$	用户${{U}_{i}}$的标识	${{D}_{k}}(\cdot )$	密钥为$k$的对称解密运算
$P{{W}_{i}}$	用户${{U}_{i}}$的口令	${{r}_{i}},{{r}_{j}}$	随机数
$(x,{{T}_{{{k}_{i}}}}(x))$,${{k}_{i}}$	用户的公钥和私钥	$\Delta t$	有效时间间隔
${{B}_{i}}$	用户${{U}_{i}}$的生物特征数据	\|\|	比特串拼接
$I{{D}_{j}}$	服务器${{S}_{j}}$的标识	${{t}_{i}},{{t}_{j}},{{t}_{1}},{{t}_{2}}\cdots $	当前时间
$P{{W}_{j}}$	服务器${{S}_{j}}$的口令	${{K}_{US}}$	共享的临时会话密钥

安全问题	文献[1] 方案	文献[5] 方案	文献[11] 方案	文献[18] 方案	本文方案
完美前向安全	?	√	√	√	√
密钥安全性	?	√	√	√	√
双向认证和密钥协商	√	?	√	√	√
服务器欺骗攻击	√	√	√	√	√
抵御特权攻击	√	√	√	√	√
抵御中间人攻击	√	√	√	√	√
抵御重放攻击	√	√	?	?	√
抵御口令猜测攻击	?	√	√	√	√
抵御设备丢失攻击	√	√	√	?	√

符号	意义
$A\left\| \equiv \right.X$	主体$A$相信$X$
$A\triangleleft X$	主体$A$收到$X$，即存在其他主体向$A$发送了消息$X$
$A\left\| \sim \right.X$	主体$A$曾经发出$X$
$P\left\| \Rightarrow \right.X$	主体$A$对$X$有管辖权
$\text{ }\!\!\#\!\!\text{ }\left( X \right)$	$X$是新鲜的，一般是临时值
$A\overset{K}{\longleftrightarrow}Q$	$K$是主体$A$与$Q$的共享密钥，其他主体不知道该密钥
$\xrightarrow{{{K}_{A}}}A$	${{K}_{A}}$是主体$A$的公钥
$A\overset{X}{\mathop{\rightleftharpoons }}\,Q$	$X$是主体$A$与$Q$的共享秘密，其他主体不知道该秘密
${{\left\{ X \right\}}_{K}}$	用密钥$K$加密$X$后得到的密文
${{\left\langle X \right\rangle }_{Y}}$	消息$X$和秘密$Y$之间的级联（合成的消息），用$Y$证明发出消息${{\left\langle X \right\rangle }_{Y}}$的主体的身份

方案	注册阶段	登录、认证、密钥协商阶段	口令更改阶段
文献[1]方案	3T_H+T_Gen=404	12T_H+6T_C+8T_E+ T_Gen=422.5	2T_H+T_Gen=403.5
文献[5]方案	9T_H+T_Gen=407	21T_H+T_Rep+ 4T_C=108	8T_H+T_Rep+T_Gen=500
文献[11]方案	11T_H+9T_P+ 4T_A=600.5	17T_H+7T_P+ 7T_A=638.5	6T_H+4T_P+2T_A=269
文献[18]方案	T_H+T_ECC=484.5	4T_H+7T_ECC=3390	2T_H+T_ECC+4T_E=489
本文方案	4T_H+2T_C+T_F=19	8T_H+6T_C+4T_E+ 4T_D+T_B+T_F=33	5T_H+2T_C+T_B+T_F=19.5