A Password Authentication Key Agreement Protocol for IoT Devices

doi:10.3969/j.issn.1671-1122.2021.10.012

Abstract

Abstract:

Establishing an underwater wireless sensor network (UWSN) with high energy efficiency and high security is of great significance for monitoring resource-rich oceans and lakes. Due to the resource-constraint of UWSN and the high-energy consumption of underwater wireless communication, most of the current research on wireless communication starts with low energy consumption and ignores security issues. As the first line of defense for Communications security, identity authentication plays an important role in the secure interaction of UWSN. This paper proposes a new password-based identity authentication scheme for UWSN, which uses the advantages of password authentication to reduce the dependence on public key infrastructure. Utilizing the hash function simulation key distribution center (KDC) reduces the dependence on the KDC, which avoids additional communication costs and single point of failure, achieves a higher security. Finally, the proposed authentication key exchange protocol is implemented, and the performance of the authentication scheme is evaluated.

Key words: underwater wireless sensor network, communications security, password-based identity authentication, authenticated key exchange

CLC Number:

TP309

XIAO Shuai, ZHANG Hanlin, XIAN Hequn, CHEN Fei. A Password Authentication Key Agreement Protocol for IoT Devices[J]. Netinfo Security, 2021, 21(10): 83-89.

Figures/Tables 4

References 17

[1]	LIU Meiqin, HAN Xueyan, ZHANG Senlin, et al. Research Status and Prospect of Target Tracking Technologies via Underwater Sensor Networks[J]. Acta Automatica Sinica, 2021, 47(2):235-251.
	刘妹琴, 韩学艳, 张森林, 等. 基于水下传感器网络的目标跟踪技术研究现状与展望[J]. 自动化学报, 2021, 47(2):235-251.
[2]	GALINDO D, ROMAN R, LOPEZ J. A Killer Application for Pairings: Authenticated Key Establishment in Underwater Wireless Sensor Networks [C]// Springer. CANS 2008: Cryptology and Network Security, December 2-4, 2008, Hong Kong, China. Berlin: Springer, 2008: 120-132.
[3]	ZHENG Junjie, LI Yanbin, YIN Lu, et al. Research of Structure and Architecture for Underwater Sensor Networks[J]. Computer Science, 2013, 40(S1):251-254.
	郑君杰, 李延斌, 尹路, 等. 水下传感器网络系统架构与体系结构研究[J]. 计算机科学, 2013, 40(S1):251-254.
[4]	BELLOVIN S M, MERRITT M. Encrypted Key Exchange:Password-based Protocols Secure Against Dictionary Attacks [C]//IEEE. 1992 IEEE Symposium on Security and Privacy, May 4-6, 1992, Oakland, CA, USA. Piscataway: IEEE, 1992: 72-84.
[5]	LI Zengpeng, WANG Ding. Achieving One-round Password-based Authenticated Key Exchange over Lattices[EB/OL]. https://doi.org/10.1109/TSC.2019.2939836, 2021-04-15.
[6]	LI Zengpeng, WANG Ding, MORAIS E. Quantum-safe Round-optimal Password Authentication for Mobile Devices[EB/OL]. https://doi.org/10.1109/TDSC.2020.3040776, 2021-04-15.
[7]	HAO F, SHAHANDASHTI S F. The SPEKE Protocol Revisited [C]//Springer. SSR 2014: Security Standardisation Research, October 22-24, 2014, Heraklion, Crete, Greece. Cham: Springer, 2014: 26-38.
[8]	HAO F, RYAN P. J-PAKE:Authenticated Key Exchange without PKI [C]//Springer. Transactions on Computational Science XI, December 12-14, 2010, Kuala Lumpur, Malaysia. Berlin: Springer, 2010: 192-206.
[9]	SHIN S, KOBARA K. Efficient Augmented Password-only Authentication and Key Exchange for IKEv2[EB/OL]. https://www.rfc-editor.org/rfc/pdfrfc/rfc6628.txt.pdf, 2021-05-08.
[10]	LI Zengpeng, YANG Zheng, SZALACHOWSKI P, et al. Building Low-interactivity Multifactor Authenticated Key Exchange for Industrial Internet of Things[J]. IEEE Internet of Things Journal, 2021, 8(2):844-859. doi: 10.1109/JIoT.6488907 URL
[11]	ABDALLA M, POINTCHEVAL D. Simple Password-based Encrypted Key Exchange Protocols [C]//Springer. CT-RSA 2005, December 14-16, 2005, Xiamen, China. Berlin: Springer, 2005: 191-208.
[12]	ABDALLA M, BARBOSA M. Perfect Forward Security of SPAKE2[EB/OL]. https://eprint.iacr.org/2019/1194.pdf, 2021-04-15.
[13]	FIORE D, GENNARO R. Identity-based Key Exchange Protocols without Pairings [C]//Springer. Transactions on Computational Science X, December 12-14, 2010, Kuala Lumpur, Malaysia. Berlin: Springer, 2010: 42-77.
[14]	NAOR M, PAZ S, RONEN E. CHIP and CRISP: Compromise Resilient Identity-based Symmetric PAKEs[EB/OL]. https://eprint.iacr.org/2020/529.pdf, 2021-04-15.
[15]	WAN Changsheng, PHOHA V V, TANG Yuzhe, et al. Non-interactive Identity-based Underwater Data Transmission with Anonymity and Zero Knowledge[J]. IEEE Transactions on Vehicular Technology, 2018, 67(2):1726-1739. doi: 10.1109/TVT.25 URL
[16]	DIAMANT R, CASARI P, TOMASIN S. Cooperative Authentication in Underwater Acoustic Sensor Networks[J]. IEEE Transactions on Wireless Communications, 2019, 18(2):954-968. doi: 10.1109/TWC.2018.2886896 URL
[17]	SCHNORR C P. Efficient Signature Generation by Smart Cards[J]. Journal of Cryptology, 1991, 4(3):161-174. doi: 10.1007/BF00196725 URL

符号	含义	符号	含义
P_A, _PB	参与协议用户	Adv	攻击敌手
pw	口令	r_A, r_B	随机私钥
p	大素数	k	安全参数
id_A,id_B	用户身份标识	K	会话密钥
G	循环群	H_i(·)	单向哈希函数

口令长度/Byte 密钥长度/bit	4	6	8	10
128	1.549	1.638	1.692	1.659
256	6.559	6.492	6.755	6.495
512	14.436	14.413	14.375	14.418
1024	99.125	99.449	95.046	95.184
2048	675.921	679.367	683.874	680.275

方案	通信轮数	用户计算代价	服务器计算代价	是否需要KDC
文献[8]方案	同步2轮	5_τ_e	5τ_e	是
文献[9]方案	异步4轮	2τ_e	2τ_e	否
文献[11]方案	同步1轮	4τ_e	4τ_e	是
文献[13]方案	同步1轮	4τ_e	4τ_e	是
本文方案	同步1轮	6τ_e	6τ_e	否

方案	抵抗冒充攻击	会话密钥安全	零知识证明	抵抗重放攻击	前向安全
文献[8]方案	是	是	是	是	是
文献[11]方案	是	是	否	是	是
本文方案	是	是	是	是	是