面向物联网场景的动态三因素认证密钥协商协议

doi:10.3969/j.issn.1671-1122.2025.09.009

摘要/Abstract

摘要：

近年来，物联网设备的广泛应用，显著提升了人们的生活质量和工作效率。然而，物联网设备之间的数据共享通过网络进行，这使得数据容易受到网络攻击和泄露的威胁。文章旨在提高物联网设备数据交换的安全性，研究重点是多因素认证密钥协商（MFAKA）协议。文章围绕物联网设备间数据共享的安全性展开研究，采用了生物哈希技术（BioHash）和椭圆曲线密码学（ECC），并基于可证明安全中的真实或随机（ROR）模型进行理论分析，设计了一种结合了生物哈希技术和椭圆曲线密码学的新型动态三因素认证密钥协商协议D3FAKAP，确保了用户在登录过程中的匿名性和不可链接性。此外，文章所提方案在真实或随机模型下被证明具有语义安全性。性能分析表明，该方案在安全性和资源占用方面适合物联网环境。

关键词: 物联网, 多因素认证, 认证密钥协商协议, 可证明安全

Abstract:

In recent years, the widespread adoption of Internet of Things (IoT) devices has significantly enhanced both the quality of life and work efficiency. However, the data sharing between IoT devices occurs over networks, making it susceptible to attacks and breaches. This paper aims to enhance the security of data exchange among IoT devices, focusing on Multi-Factor Authentication and Key Agreement (MFAKA) protocols. The research was centered on the security of data sharing between IoT devices, utilizing BioHash technology and Elliptic Curve Cryptography (ECC), and conducting theoretical analysis based on the Real-Or-Random (ROR) model in provable security. A novel dynamic three-factor authentication and key agreement protocol, named D3FAKAP, was proposed. This protocol integrated BioHash technology and ECC to achieve genuine three-factor authentication, This ensures user anonymity and unlinkability during the login process. Additionally, the proposed scheme is proven to be semantically secure under the Real-Or-Random model. Performance analysis indicates that the proposed scheme is well-suited for IoT environments in terms of security and resource efficiency.

Key words: IoT, multi-factor authentication, authentication key agreement protocol, provable security

中图分类号:

TP309

杨昱坤, 肖为恩, 梁博轩, 黄鑫. 面向物联网场景的动态三因素认证密钥协商协议[J]. 信息网络安全, 2025, 25(9): 1407-1417.

YANG Yukun, XIAO Weien, LIANG Boxuan, HUANG Xin. Dynamic Three-Factor Authentication Key Agreement Protocol for IoT Scenarios[J]. Netinfo Security, 2025, 25(9): 1407-1417.

图/表 9

表1

图1

图2

图3

图4

表2

表3

图5

图6

参考文献 27

[1]	XIE Qi, WONG D S, WANG Guilin, et al. Provably Secure Dynamic ID-Based Anonymous Two-Factor Authenticated Key Exchange Protocol with Extended Security Model[J]. IEEE Transactions on Information Forensics & Security, 2017, 12(6): 1382-1392.
[2]	GOPE P. PMAKE: Privacy-Aware Multi-Factor Authenticated Key Establishment Scheme for Advance Metering Infrastructure in Smart Grid[J]. Computer Communications, 2020, 152: 338-344.
[3]	ZHOU Lu, GE Chunpeng, SU Chunhua. A Privacy Preserving Two-Factor Authentication Protocol for the Bitcoin SPV Nodes[J]. Science China Information Sciences, 2020, 63(3): 34-48.
[4]	HAQ I U, WANG Jian. Secure Two-Factor Lightweight Authentication Protocol Using Self-Certified Public Key Cryptography for Multi-Server 5G Networks[EB/OL]. (2020-07-01)[2025-03-21]. https://www.sciencedirect.com/science/article/abs/pii/S108480452030134X.
[5]	BADAR H M S, QADRI S, SHAMSHAD S, et al. An Identity Based Authentication Protocol for Smart Grid Environment Using Physical Uncloneable Function[J]. IEEE Transactions on Smart Grid, 2021, 12(5): 4426-4434.
[6]	ZHANG Xin, HUANG Xin, YIN Haotian, et al. LLAKEP: A Low-Latency Authentication and Key Exchange Protocol for Energy Internet of Things in the Metaverse Era[EB/OL]. (2022-07-21)[2025-03-21]. https://www.mdpi.com/2227-7390/10/14/2545.
[7]	QI Mingping. An Improved Three-Factor Authentication and Key Agreement Protocol for Smart Grid[J]. Journal of Ambient Intelligence and Humanized Computing, 2023, 14(12): 16465-16476.
[8]	MEHTA P J, PARNE B L, PATEL S J. MAKA: Multi-Factor Authentication and Key Agreement Scheme for LoRa-Based Smart Grid Communication Services[J]. IETE Journal of Research, 2023, 70(5): 4989-5005.
[9]	SHUKLA S, PATEL S J. A Novel ECC-Based Provably Secure and Privacy-Preserving Multi-Factor Authentication Protocol for Cloud Computing[J]. Computing, 2022, 104(5): 1173-1202.
[10]	SHUKLA S, PATEL S J. A Design of Provably Secure Multi-Factor ECC-Based Authentication Protocol in Multi-Server Cloud Architecture[J]. Cluster Computing, 2024, 27(2): 1559-1580.
[11]	BRAEKEN A. Highly Efficient Bidirectional Multifactor Authentication and Key Agreement for Real-Time Access to Sensor Data[J]. IEEE Internet of Things Journal, 2023, 10(23): 21089-21099.
[12]	ZHANG Shiwen, YAN Ziwei, LIANG Wei, et al. BAKA: Biometric Authentication and Key Agreement Scheme Based on Fuzzy Extractor for Wireless Body Area Networks[J]. IEEE Internet of Things Journal, 2023, 11(3): 5118-5128.
[13]	MALL P, AMIN R, DAS A K, et al. PUF-Based Authentication and Key Agreement Protocols for IoT, WSNs, and Smart Grids: A Comprehensive Survey[J]. IEEE Internet of Things Journal, 2022, 9(11): 8205-8228.
[14]	DEVANAPALLI S, PHANEENDRA K. Security Analysis of Three-Factor Authentication Protocol Based on Extended Chaotic-Maps[C]// IEEE. 2022 OPJU International Technology Conference on Emerging Technologies for Sustainable Development (OTCON). New York: IEEE, 2023: 1-6.
[15]	QIU Shuming, WANG Ding, XU Guoai, et al. Practical and Provably Secure Three-Factor Authentication Protocol Based on Extended ChaoticMmaps for Mobile Lightweight Devices[J]. IEEE Transactions on Dependable and Secure Computing, 2020, 19(2): 1338-1351.
[16]	LEE J, YU S, KIM M, et al. On the Design of Secure and Efficient Three-Factor Authentication Protocol Using Honey List for Wireless Sensor Networks[J]. IEEE Access, 2020, 8: 107046-107062.
[17]	CHAKRABORTY N, LI Jiangqiang, LEUNG V C M, et al. Honeyword-Based Authentication Techniques for Protecting Passwords: A Survey[J]. ACM Computing Surveys, 2022, 55(8): 1-37.
[18]	HUANG Zonghao, BAUER L, REITER M K. The Impact of Exposed Passwords on Honeyword Efficacy[C]// USENIX. 33th USENIX Security Symposium. Berkeley:USENIX,2024: 559-576.
[19]	FAN C, LIN Yihui. Provably Secure Remote Truly Three-Factor Authentication Scheme with Privacy Protection on Biometrics[J]. IEEE Transactions on Information Forensics and Security, 2009, 4(4): 933-945.
[20]	ZHANG Liping, ZHANG Yixin, TANG Shanyu, et al. Privacy Protection for E-Health Systems by Means of Dynamic Authentication and Three-Factor Key Agreement[J]. IEEE Transactions on Industrial Electronics, 2017, 65(3): 2795-2805.
[21]	KOBLITZ N. Elliptic Curve Cryptosystems[J]. Mathematics of Computation, 1987, 48(177): 203-209.
[22]	MILLER V S. Use of Elliptic Curves in Cryptography[C]// Springer. Conference on the Theory and Application of Cryptographic Techniques. Heidelberg: Springer, 1985: 417-426.
[23]	JIN A T B, LING D N C, GOH A. Biohashing: Two Factor Authentication Featuring Fingerprint Data and Tokenised Random Number[J]. Pattern Recognition, 2004, 37(11): 2245-2255.
[24]	RATHA N, CONNELL J, BOLLE R M, et al. Cancelable Biometrics: A Case Study in Fingerprints[C]// IEEE.18th International Conference on Pattern Recognition (ICPR’06). New York: IEEE, 2006: 370-373.
[25]	LUMINI A, NANNI L. An Improved Biohashing for Human Authentication[J]. Pattern Recognition, 2007, 40(3): 1057-1065.
[26]	TEOH A B J, KUAN Y W, LEE S. Cancellable Biometrics and Annotations on Biohash[J]. Pattern Recognition, 2008, 41(6): 2034-2044.
[27]	HANKERSON D, MENEZES A. NIST Elliptic Curves[M]. Heidelberg: Springer, 2025.

符号	描述
$E/{{F}_{p}}$	定义在有限素数域${{F}_{p}}$上的椭圆曲线$E$，其中${{F}_{p}}$包含所有模一个素数$p$的整数集合的元素
$p$	${{F}_{p}}$中的基点
$I{{D}_{U}},P{{W}_{U}}$	用户的身份标识和密码
$SC$	拥有一定存储和计算能力的智能卡
$B$	用户输入的生物特征
$Tp$	用户注册时录入的生物特征模板
$H\left( \cdot \right)$	无碰撞哈希函数
${{h}_{bio}}\left( \cdot \right)$	生物哈希函数
$\oplus $	异或操作
$\parallel $	连接操作
$sk$	会话密钥

攻击/安全特性	文献[1]	文献[3]	文献[12]	D3FAKAP
认证因子数量	2	2	3	3
用户匿名性	√	√	√	√
不可链接性	×	×	×	√
密码更新	无关	无关	√	√
生物特征更新	无关	无关	√	√
会话密钥验证	√	√	√	√
重放攻击	×	√	√	√
智能卡偷窃攻击	×	√	√	√
离线密码猜测攻击	√	√	√	√
形式化的安全证明	√	√	√	√
真正三因素认证	×	×	×	√

开销方案	U端开销	S端开销	通信开销/bit
文献[1]	$3M+A+6H$	$3M+A+2SED+5H$	2112
文献[3]	$3M+6H$	$3M+6H$	2210
文献[12]	$3M+F+3SED+3H$	$3M+3SED+4H$	2752
D3FAKAP	$2M+11H$	$4M+7H$	2172