Research on Mobile Internet Authentication Scheme Based on SM9 Algorithm

doi:10.3969/j.issn.1671-1122.2021.04.001

Abstract

Abstract:

The traditional authentication scheme in the single-server environment of the mobile internet has security problems, such as users needing to memorize different passwords corresponding to different servers, password leakage in traditional authentication methods, and so on. In order to solve the problems described above, this paper proposes a single-server environment authentication scheme based on SM9 algorithm for mobile internet. For different application systems, users that only needed to memorize a unified identification and password could pass through authentication in different application systems and obtained application services and resources. The proposed scheme combined the SM9 algorithm and password hiding to realize ciphertext transmission and mutual authentication, achieved higher security and robustness with one-time key. At the same time, the proposed scheme could reduce the user’s memory burden and offer a better application experience. Through security analysis, the proposed scheme can provide resistance to replay attacks, counterfeiting attacks, smartphone loss attacks and other common attacks. Through performance comparison, the proposed scheme has stronger robustness, higher security, better convenience and less computation cost than other similar schemes, and has high application value in high security scenario, such as mobile payment and contactless access control.

Key words: SM9 algorithm, mobile internet, single-server environment, authentication

CLC Number:

TP309

ZHANG Yu, SUN Guangmin, LI Yu. Research on Mobile Internet Authentication Scheme Based on SM9 Algorithm[J]. Netinfo Security, 2021, 21(4): 1-9.

Figures/Tables 6

符号	所代表的意义
N	${{G}_{1}}$ , ${{G}_{2}}$ , ${{G}_{T}}$ 的阶,均为素数
${{P}_{1}}$	${{G}_{1}}$ 的生成元
${{P}_{2}}$	${{G}_{2}}$ 的生成元
KGC	服务器的密钥生成中心
$hid$	KGC选择并公开用一个字节表示的私钥生成函数识别符
RC	服务器的注册中心
$I{{D}_{S}}$	系统服务器的标识
${{P}_{pub}}$	系统服务器的主公钥
$s$	系统服务器的主私钥
$I{{D}_{A}}$	终端用户A自主选定的自身标识
${{Q}_{A}}$	终端用户A的公钥
${{d}_{A}}$	终端用户A的私钥（服务器密钥生成中心KGC生成）
$r$	用于加解密的随机数
$p{{w}_{A}}$	终端用户A的口令
${{R}_{A1}}$	终端用户A在首次注册时产生的随机数
${{R}_{Ai}}$	终端用户A在第i次注册（或认证）时产生的随机数
$H\cdot$	单向哈希运算
$t_{reg}^{A1}$	终端用户A首次注册的时间
$t_{reg}^{Ai}$	终端用户A第i次注册（或认证）的时间
$\Delta t$	有效时间间隔
${{D}_{A}}(M)$	使用用户A的私钥对消息M执行数字签名算法
${{E}_{A}}(M)$	使用用户A的公钥对消息M执行加密算法

用户身份标识	用户公钥	用户注册（或认证）随机数	用户注册（或认证）哈希值	用户注册（或认证）时间
$I{{D}_{A}}$	${{Q}_{A}}$	${{R}_{A1}}$	${{H}_{A}}={{H}_{1}}(p{{w}_{A}}\|\|{{R}_{\text{A1}}})$	$t_{reg}^{A1}$
$I{{D}_{B}}$	${{Q}_{B}}$	${{R}_{B1}}$	${{H}_{B}}={{H}_{1}}(p{{w}_{B}}\|\|{{R}_{\text{B1}}})$	$t_{reg}^{B1}$
$I{{D}_{C}}$	${{Q}_{C}}$	${{R}_{C1}}$	${{H}_{C}}={{H}_{1}}(p{{w}_{C}}\|\|{{R}_{\text{C1}}})$	$t_{reg}^{C1}$
…	…	…	…	…

运算	执行时间	运算	执行时间
MD5哈希运算： ${{T}_{H}}$	0.97	从特征 ${w}'$ 和P恢复出R： ${{T}_{R\text{ep}}}$	180.97
DES对称加密： ${{T}_{E}}$	16	IBC基于身份的签名： ${{T}_{IBS}}$	23.866
DES对称解密： ${{T}_{D}}$	16	IBC基于身份的签名验证： ${{T}_{IBV}}$	5.872
切比雪夫映射： ${{T}_{C}}$	0.97	SM9基于身份的签名： ${{T}_{SM9S}}$	704.4
RSA非对称加密： ${{T}_{PE}}$	4	SM9基于身份的验证： ${{T}_{SM9V}}$	593.29
RSA非对称解密： ${{T}_{PD}}$	15.6	SM9基于公钥的加密： ${{T}_{SM9PE}}$	938.96
原始生物特征 $w$ 中获得s： ${{T}_{SS}}$	780	SM9基于公钥的解密： ${{T}_{SM9PD}}$	938.96
从生物特征 ${w}'$ 恢复特征 $w$ ： ${{T}_{REC}}$	180	点乘运算： ${{T}_{M}}$	2.226
从特征 $w$ 中获得P和R： ${{T}_{GEN}}$	780.97	双线性对： ${{T}_{P}}$	5.811

方案	用户端（单位/ms）	服务器端（单位/ms）
文献[20]方案	$2{{T}_{E}}+{{T}_{D}}+{{T}_{X}}+{{T}_{\operatorname{Re}c}}+{{T}_{PE}}$ =232	${{T}_{E}}+{{T}_{PD}}+2{{T}_{D}}$ =63.6
文献[21]方案	$3{{T}_{H}}+3{{T}_{X}}$ =2.91	$2{{T}_{H}}+2{{T}_{X}}$ =1.94
文献[22]方案	$4{{T}_{X}}+5{{T}_{H}}$ =4.85	$4{{T}_{X}}+8{{T}_{H}}$ =7.76
文献[23]方案	$5{{T}_{X}}+10{{T}_{H}}+3{{T}_{C}}$ =12.61	$3{{T}_{X}}+7{{T}_{H}}+3{{T}_{C}}$ =9.7
文献[26]方案	$8{{T}_{X}}+3{{T}_{H}}+{{T}_{SS}}+{{T}_{\operatorname{Re}c}}+{{T}_{Gen}}+{{T}_{R\text{e}\text{p}}}$ = 2541	$4{{T}_{X}}+6{{T}_{H}}$ =5.82
本文方案	$2{{T}_{X}}+{{T}_{H}}+{{T}_{SM9S}}+{{T}_{SM9PE}}$ = 1644.3	${{T}_{SM9PD}}+{{T}_{SM9V}}+{{T}_{H}}$ = 1533.2

References 31

[1]	SHI Sha. Research on the Key Technologies of Secure Authentication and Applications in the Mobile Internet[D]. Beijing: Beijing University of Posts and Telecommunications, 2012.
	石莎. 移动互联网络安全认证及安全应用中若干关键技术研究[D]. 北京:北京邮电大学, 2012.
[2]	LUO Junzhou, WU Wenjia, YANG Ming. Mobile Internet: Terminal Device, Networks and Service[J]. Chinese Journal of Computers, 2011,34(11):2029-2051. doi: 10.3724/SP.J.1016.2011.02029 URL
	罗军舟, 吴文甲, 杨明. 移动互联网:终端、网络与服务[J]. 计算机学报, 2011,34(11):2029-2051.
[3]	ZHAO Goufeng, SHAN Qing, XIAO Shasha, et al. Modeling Web Browsing on Mobile Internet[J]. Communications Letters IEEE, 2011,15(10):1081-1083. doi: 10.1109/LCOMM.2011.082011.111368 URL
[4]	LI Jun. Thoughts on Mobile Internet Security[J]. Network&Information, 2010,24(10):61.
	李钧. 移动互联网的安全之思[J]. 网络与信息, 2010,24(10):61.
[5]	LI Xiong. Research and Design on Identity Authentication Protocol for Multi-environments[D]. Beijing: Beijing University of Posts and Telecommunications, 2012.
	李雄. 多种环境下身份认证协议的研究与设计[D]. 北京:北京邮电大学, 2012.
[6]	LI Gang. Biometric Authentication: Sixth Token for Identity Authentication[J]. China Information Security, 2013,4(3):34-43.
	李刚. 生物识别: 身份认证的第六道“令牌”[J]. 中国信息安全, 2013,4(3):34-43.
[7]	YANG T C, LO N W, LIAW H T, et al. A Secure Smart Card Authentication and Authorization Framework Using in Multimedia Cloud[J]. Multimedia Tools and Applications, 2017,76(9):1715-1737.
[8]	KARUPPIAH M, PRADHAN A, KUMARI S, et al. Security on "Secure Remote Login Scheme with Password and Smart Card Update Facilities"[C]// ICMC. Third International Conference on Mathematics and Computing, January 17-21, 2017, Haldia, India. Singapore: Springer, 2017: 26-33.
[9]	SAE-BAE N, AHMED K, ISBISTER K, et al. Biometric-rich Gestures: A Novel Approach to Authentication on Multi-touch Devices[C]// SIGCHI. CHI '12: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, May 5-10, 2012, Austin, Texas, USA. New York: Association for Computing Machinery, 2012: 977-986.
[10]	SEO H, KIM E, KIM H K. A Novel Biometric Identification Based on a User’s Input Pattern Analysis for Intelligent Mobile Devices[J]. International Journal of Advanced Robotic Systems, 2012,2012(9):1-10.
[11]	JANAKIRAMAN R, ZHANG Sheng, SIM T, et al. Continuous Verification Using Multimodal Biometrics[J]. IEEE Transactions on Pattern Analysis and Machine Intelligence, 2007,29(4):687-700. doi: 10.1109/TPAMI.2007.1010 URL
[12]	LAMPORT L. Password Authentication with Insecure Communication[J]. Communications of the ACM, 1981,24(11):770-772. doi: 10.1145/358790.358797 URL
[13]	HWANG M S, LI L H. A New Remote User Authentication Scheme Using Smart Cards[J]. IEEE Transactions on Consumer Electronics, 2000,46(1):28-30. doi: 10.1109/30.826377 URL
[14]	CHIEN H Y, JAN J K, TSENG Y M. An Efficient and Practical Solution to Remote Authentication: Smart Card[J]. Computers & Security, 2002,21(4):372-375. doi: 10.1016/S0167-4048(02)00415-7 URL
[15]	LI Xiong, NIU Jianwei, MA Jian, et al. Cryptanalysis and Improvement of a Biometrics-based Remote User Authentication Scheme Using Smart Cards[J]. Journal of Network and Computer Applications, 2011,34(1):73-79. doi: 10.1016/j.jnca.2010.09.003 URL
[16]	HUANG X, XIANG Y, CHONKA A, et al. A Generic Framework for Three-factor Authentication: Preserving Security and Privacy in Distributed Systems[J]. Parallel and Distributed Systems, IEEE Transactions on, 2011,22(8):1390-1397. doi: 10.1109/TPDS.2010.206 URL
[17]	HALEVI S, KRAWCZYK H. Public-key Cryptography and Password Protocols[J]. ACM Transactions on Information and System Security (TISSEC), 1999,2(3):230-268. doi: 10.1145/322510.322514 URL
[18]	YANG Piyi, CAO Zhenfu, DONG Xiaolei. Fuzzy Identity Based Signature with Applications to Biometric Authentication[J]. Computers & Electrical Engineering, 2011,37(4):532-540.
[19]	NEEDHAM R M, SCHROEDER M D. Using Encryption for Authentication in Large Networks of Computers[J]. Communications of the ACM, 1978,21(12):993-999. doi: 10.1145/359657.359659 URL
[20]	FAN C I, LIN Yihui. Provably Secure Remote Truly Three Factor Authentication Scheme with Privacy Protection on Biometrics[J]. IEEE Transactions on Information Forensics and Security, 2009,4(4):933-945. doi: 10.1109/TIFS.2009.2031942 URL
[21]	LI C T, HWANG M S. An Efficient Biometrics-based Remote User Authentication Scheme Using Smart Cards[J]. Journal of Network and Computer Applications, 2010,33(1):1-5. doi: 10.1016/j.jnca.2009.08.001 URL
[22]	DAS A K. Analysis and Improvement on an Efficient Biometric-based Remote User Authentication Scheme Using Smart Cards[J]. IET Information Security, 2011,5(3):145-151. doi: 10.1049/iet-ifs.2010.0125 URL
[23]	LEE C C, HSU C W. A Secure Biometric-based Remote User Authentication with Key Agreement Scheme Using Extended Chaotic Maps[J]. Nonlinear Dynamics, 2013,71(1-2):201-211. doi: 10.1007/s11071-012-0652-3 URL
[24]	JIANG Qi, WEI Fushan, FU Shuai, et al. Robust Extended Chaotic Maps-based Three-factor Authentication Scheme Preserving Biometric Template Privacy[J]. Nonlinear Dynamics, 2016,83(4):2085-2101. doi: 10.1007/s11071-015-2467-5 URL
[25]	ALI R, PAL A K. A Secure and Robust Three-factor Based Authentication Scheme Using RSA Cryptosystem[J]. International Journal of Business Data Communications and Networking (IJBDCN), 2017,13(1):74-84.
[26]	ZHANG Min, ZHANG Jiashu, ZHANG Ying. Remote Three-factor Authentication Scheme Based on Fuzzy Extractors[J]. Security and Communication Networks, 2015,8(4):682-693. doi: 10.1002/sec.1016 URL
[27]	ARMANDO A, CARBONE R, COMPAGNA L, et al. An Authentication Flaw in Browser-based Single Sign-on Protocols: Impact and Remediations[J]. Computers & Security, 2013,33(4):41-58. doi: 10.1016/j.cose.2012.08.007 URL
[28]	ZHANG Fuyou, WANG Qiongxiao, SONG Li. Research on Unified Identity Authentication System Based on Biometrics[J]. Netinfo Security, 2019,19(9):86-90.
	张富友, 王琼霄, 宋利. 基于生物特征识别的统一身份认证系统研究[J]. 信息网络安全, 2019,19(9):86-90.
[29]	ZHANG Xiao, LIU Jiqiang. Multi-factor Authentication Protocol Based on Hardware Fingerprint and Biometrics[J]. Netinfo Security, 2020,20(8):9-15.
	张骁, 刘吉强. 基于硬件指纹和生物特征的多因素身份认证协议[J]. 信息网络安全, 2020,20(8):9-15.
[30]	CHANG H, CHOI E. User Authentication in Cloud Computing[C]// UCMA. Second International Conference on Ubiquitous Computing and Multimedia Applications, April 13-15, 2011, Daejeon, Korea. Heidelberg: Springer-Verlag, 2011: 338-342.
[31]	LEE CC. A Simple Key Agreement Scheme Based on Chaotic Maps for VSAT Satellite Communications[J]. International Journal of Satellite Communications and Networking, 2013,31(4):77-186. doi: 10.1002/sat.v31.2 URL

安全问题	文献[20] 方案	文献[21] 方案	文献[22] 方案	文献[23] 方案	文献[26] 方案	本文方案
用户是否统一口令	No	No	No	No	No	Yes
用户身份伪造攻击	Yes	No	No	No	Yes	Yes
口令猜测攻击	Yes	No	No	No	Yes	Yes
特权攻击	Yes	No	No	Yes	Yes	Yes
会话密钥攻击	Yes	No	No	Yes	Yes	Yes
口令更改是否服务器参与	No	Yes	Yes	Yes	Yes	Yes