A Provably Secure Traceability Authentication Protocol Based on Chebyshev Chaotic Map

doi:10.3969/j.issn.1671-1122.2022.12.004

Abstract

Abstract:

In order to reduce computational cost and improve security, a novel traceability verification algorithm was designed by means of the irreversibility of the Hash function and the semigroup characteristic of the Chebyshev chaotic map. Based on the traceability verification algorithm, an authentication protocol of registry centrel offline mode was proposed. The proposed scheme combined the traditional password, biological features and public key cryptography to realize the three-factor authentication and mutual traceability authentication. The dual-key dual-encryption mechanism was designed in the authentication scheme. The calculated one-time key was used to encrypt the transmitted information, which can effectively reduce the computation cost and realize the ciphertext transmission, privacy protection and forward security. Through security analysis, BAN logic proof, and ProVerif simulation tool verification, the results show that the protocol is secure. Compared with other similar schemes, the proposed scheme is safer and more efficient. To conclude, the proposed scheme is easy to be realized in the resource-limited mobile Internet environment.

Key words: Chebyshev chaos map, traceability verification, BAN logic, ProVerif, authentication

CLC Number:

TP309

ZHANG Yu, SUN Guangmin, ZHAI Peng, LI Yu. A Provably Secure Traceability Authentication Protocol Based on Chebyshev Chaotic Map[J]. Netinfo Security, 2022, 22(12): 25-33.

Figures/Tables 11

序号	规则
R1	$A\left\| \equiv \right.Q\overset{K}{\longleftrightarrow}A,A\triangleleft {{\left\{ X \right\}}_{K}}A\left\| \equiv \right.Q\left\| \sim X \right.$
R2	$A\left\| \equiv \right.\xrightarrow{{{K}_{Q}}}Q,A\triangleleft {{\left\{ X \right\}}_{K_{Q}^{-1}}}A\left\| \equiv \right.Q\left\| \sim X \right.$
R3	$A\left\| \equiv \right.A\overset{Y}{\mathop{\rightleftharpoons }}\,Q,A\triangleleft {{\left\{ X \right\}}_{Y}}A\left\| \equiv \right.Q\left\| \sim X \right.$
R4	$A\left\| \equiv \right.\#\left( X \right),A\left\| \equiv \right.Q\left\| \sim X \right.A\left\| \equiv \right.Q\left\| \equiv \right.X$
R5	$A\left\| \equiv Q\left\| \Rightarrow \right. \right.X,A\left\| \equiv \right.Q\left\| \equiv \right.XA\left\| \equiv \right.X$
R6	$A\triangleleft \left( X,Y \right)A\triangleleft X$
R7	$A\triangleleft {{\left\langle X \right\rangle }_{Y}}A\triangleleft X$
R8	$A\left\| \equiv A\overset{K}{\longleftrightarrow}Q,A \right.\triangleleft {{\left\{ X \right\}}_{K}}A\triangleleft X$
R9	$A\left\| \equiv \xrightarrow{{{K}_{Q}}}Q,A \right.\triangleleft {{\left\{ X \right\}}_{{{K}_{Q}}}}A\triangleleft X$
R10	$A\left\| \equiv \xrightarrow{{{K}_{Q}}}Q,A \right.\triangleleft {{\left\{ X \right\}}_{K_{Q}^{-1}}}A\triangleleft X$
R11	$A\left\| \equiv \#\left( X \right), \right.A\left\| \equiv \#\left( X,Y \right) \right.$
R12	$A\left\| \equiv X,A\left\| \equiv Y, \right. \right.A\left\| \equiv \left( X,Y \right) \right.$
R13	$A\left\| \equiv \left( X,Y \right), \right.A\left\| \equiv \right.X$
R14	$A\left\| \equiv Q\left\| \equiv \right.\left( X,Y \right), \right.A\left\| \equiv \right.Q\left\| \equiv \right.X$
R15	$A\left\| \equiv Q\left\| \sim \right.\left( X,Y \right), \right.A\left\| \equiv \right.Q\left\| \sim \right.X$
R16	$P\left\| \equiv W\overset{K}{\longleftrightarrow}{W}', \right.A\left\| \equiv {W}'\overset{K}{\longleftrightarrow}W \right.$
R17	$A\left\| \equiv Q\left\| \equiv W\overset{K}{\longleftrightarrow}{W}', \right. \right.A\left\| \equiv Q\left\| \equiv \right.{W}'\overset{K}{\longleftrightarrow}W \right.$
R18	$A\equiv W\overset{X}{\mathop{\rightleftharpoons }}\,{W}',A\equiv {W}'\overset{X}{\mathop{\rightleftharpoons }}\,W$
R19	$A\equiv Q\equiv W\overset{X}{\mathop{\rightleftharpoons }}\,{W}',A\equiv Q\equiv {W}'\overset{X}{\mathop{\rightleftharpoons }}\,W$

References 25

[1]	ZHU Hongfeng, HAO Xin, ZHANG Yifeng, et al. A Biometrics-Based Multi-Server Key Agreement Scheme on Chaotic Maps Cryptosystem[J]. Journal of Information Hiding and Multimedia Signal Processing, 2015, 6(2): 211-224.
[2]	JIANG Qi, WEI Fushan, FU Shuai, et al. Robust Extended Chaotic Maps-Based Three-Factor Authentication Scheme Preserving Biometric Template Privacy[J]. Nonlinear Dynamics, 2016, 83(4): 2085-2101. doi: 10.1007/s11071-015-2467-5 URL
[3]	ALI R, PAL A. A Secure and Robust Three-Factor Based Authentication Scheme Using RSA Cryptosystem[J]. International Journal of Business Data Communications and Networking, 2017, 13(1): 74-84. doi: 10.4018/IJBDCN.2017010107 URL
[4]	ZHANG Min. Research and Design of Remote Identity Authentication Schemes Based on Three-Factor in Multi-Environments[D]. Chengdu: Southwest Jiaotong University, 2017.
	张敏. 多环境下基于三因素的远程身份认证协议研究与设计[D]. 成都: 西南交通大学, 2017.
[5]	DONG Xiaolu, LI Meihong, DU Ye, et al. A Biometric Verification Based Authentication Scheme Using Chebyshev Chaotic Mapping[J]. Journal of Beijing University of Aeronautics and Astronautics, 2019, 45(5): 1052-1058.
	董晓露, 黎妹红, 杜晔, 等. 基于切比雪夫混沌映射和生物识别的身份认证方案[J]. 北京航空航天大学学报, 2019, 45(5): 1052-1058.
[6]	ZHOU Simin, GAN Qingqing, WANG Xiaoming. Authentication Scheme Based on Smart Card in Multi-Server Environment[J]. Wireless Networks, 2020, 26(2): 855-863. doi: 10.1007/s11276-018-1828-7 URL
[7]	LWAMO N, ZHU Lihuang, XU Chang, et al. Suaa: A Secure User Authentication Scheme with Anonymity for the Single & Multi-Server Environments[J]. Information Sciences, 2018, 477: 369-385. doi: 10.1016/j.ins.2018.10.037 URL
[8]	ROY S, DAS A, CHATTERJEE S, et al. Provably Secure Fine-Grained Data Access Control over Multiple Cloud Servers in Mobile Cloud Computing Based Healthcare Applications[J]. IEEE Transactions on Industrial Informatics, 2019, 15(1): 457-468. doi: 10.1109/TII.2018.2824815 URL
[9]	CHATTERJEE S, ROY S, DAS A, et al. Secure Biometric-Based Authentication Scheme Using Chebyshev Chaotic Map for Multi-Server Environment[J]. IEEE Transactions on Dependable and Secure Computing, 2018, 15(5): 824-839. doi: 10.1109/TDSC.2016.2616876 URL
[10]	LUO Yuling, LIU Yunqi, LIU Junxiu, et al. ECM-IBS: A Chebyshev Map-Based Broadcast Authentication for Wireless Sensor Networks[J]. International Journal of Bifurcation and Chaos, 2019, 29(9): 1-16.
[11]	RANGWANI D, SADHUKHAN D, RAY S, et al. A Robust Provable-Secure Privacy-Preserving Authentication Protocol for Industrial Internet of Things[J]. Peer-to-peer Networking and Applications, 2021, 14(12): 1548-1571. doi: 10.1007/s12083-020-01063-5 URL
[12]	XU Zhiqiang, HE Debiao, HUANG Xinyi. Secure and Efficient Two-Factor Authentication Protocol Using RSA Signature for Multi-Server Environments[C]// Springer. International Conference on Information and Communications Security. Berlin:Springer, 2017: 595-605.
[13]	BARMAN S, SHUM, H, CHATTOPADHYAY S, et al. A Secure Authentication Protocol for Multi-Server-Based E-Healthcare Using a Fuzzy Commitment Scheme[J]. IEEE Access, 2019, 7: 12557-12574. doi: 10.1109/ACCESS.2019.2893185 URL
[14]	ZHANG Xiao, LIU Jiqiang. Multi-Factor Authentication Protocol Based on Hardware Fingerprint and Biometrics[J]. Netinfo Security, 2020, 20(8): 9-15.
	张骁, 刘吉强. 基于硬件指纹和生物特征的多因素身份认证协议[J]. 信息网络安全, 2020, 20(8): 9-15.
[15]	NAMASUDR S, ROY P. A New Secure Authentication Scheme for Cloud Computing Environment[J]. Concurrency and Computation: Practice and Experience, 2017, 29(20): 1-20.
[16]	KOCAREV L, TASEV Z. Public-Key Encryption Based on Chebyshev Maps[C]// IEEE. International Symposium on Circuits and Systems. New York: IEEE, 2003: 25-28.
[17]	ZHANG Linhua. Cryptanalysis of the Public Key Encryption Based on Multiple Chaotic Systems[J]. Chaos, Solitons and Fractals, 2008, 37(3): 669-674. doi: 10.1016/j.chaos.2006.09.047 URL
[18]	LIU Tianhua, WANG Qian, ZHU Hongfeng. A Multi-Function Password Mutual Authentication Key Agreement Scheme with Privacy Preserving[J]. Journal of Information Hiding and Multimedia Signal Processing, 2014, 5(2): 165-178.
[19]	BURROWS M, ABADI M, NEEDHAM R. A Logic of Authentication[J]. Proceedings of the Royal Society, 1989, 426: 233-271.
[20]	SHUAI Mengxia, XIONG Ling, WANG Changhui, et al. A Secure Authentication Scheme with Forward Secrecy for Industrial Internet of Things Using Rabin Cryptosystem[J]. Computer Communications, 2020, 160(7): 215-227. doi: 10.1016/j.comcom.2020.06.012 URL
[21]	LEE C. A Simple Key Agreement Scheme Based on Chaotic Maps for VSAT Satellite Communications[J]. International Journal of Satellite Communications and Networking, 2013, 31(4): 177-186. doi: 10.1002/sat.1033 URL
[22]	ODELU V, DAS A, GOSWAMI A. A Secure Biometrics-Based Multi-Server Authentication Protocol Using Smart Cards[J]. IEEE Transactions on Information Forensics and Security, 2015, 10(9): 1953-1966. doi: 10.1109/TIFS.2015.2439964 URL
[23]	ZHANG Min, ZHANG Jiashu, ZHANG Ying. Remote Three-Factor Authentication Scheme Based on Fuzzy Extractors[J]. Security and Communication Networks, 2015, 8(4): 682-693. doi: 10.1002/sec.1016 URL
[24]	CHEN Sheng, LIU Yang, GAO Xiang, et al. MobileFaceNets: Efficient CNNs for Accurate Real-Time Face Verification on Mobile Devices[C]// Springer. Chinese Conference on Biometric Recognition. Berlin:Springer, 2018: 428-438.
[25]	MO Jiaqing, HU Zhongwang, SHEN Wei. A Provably Secure Three-Factor Authentication Protocol Based on Chebyshev Chaotic Mapping for Wireless Sensor Network[J]. IEEE Access, 2022, 10: 12137-12152. doi: 10.1109/ACCESS.2022.3146393 URL

符号	意义	符号	意义
RC	注册中心	$(x,{{T}_{{{k}_{j}}}}(x))$,${{k}_{j}}$	服务器的公钥和私钥
$(x,{{T}_{c}}(x))$,$c$	注册中心的公钥和私钥	$H(\cdot )$	Hash函数
$q$	一个大素数	${{E}_{k}}(\cdot )$	密钥为$k$的对称加密运算
$I{{D}_{i}}$	用户${{U}_{i}}$的标识	${{D}_{k}}(\cdot )$	密钥为$k$的对称解密运算
$P{{W}_{i}}$	用户${{U}_{i}}$的口令	${{r}_{i}},{{r}_{j}}$	随机数
$(x,{{T}_{{{k}_{i}}}}(x))$,${{k}_{i}}$	用户的公钥和私钥	$\Delta t$	有效时间间隔
${{B}_{i}}$	用户${{U}_{i}}$的生物特征数据	\|\|	比特串拼接
$I{{D}_{j}}$	服务器${{S}_{j}}$的标识	${{t}_{i}},{{t}_{j}},{{t}_{1}},{{t}_{2}}\cdots $	当前时间
$P{{W}_{j}}$	服务器${{S}_{j}}$的口令	${{K}_{US}}$	共享的临时会话密钥

安全问题	文献[1] 方案	文献[5] 方案	文献[11] 方案	文献[18] 方案	本文方案
完美前向安全	?	√	√	√	√
密钥安全性	?	√	√	√	√
双向认证和密钥协商	√	?	√	√	√
服务器欺骗攻击	√	√	√	√	√
抵御特权攻击	√	√	√	√	√
抵御中间人攻击	√	√	√	√	√
抵御重放攻击	√	√	?	?	√
抵御口令猜测攻击	?	√	√	√	√
抵御设备丢失攻击	√	√	√	?	√

符号	意义
$A\left\| \equiv \right.X$	主体$A$相信$X$
$A\triangleleft X$	主体$A$收到$X$，即存在其他主体向$A$发送了消息$X$
$A\left\| \sim \right.X$	主体$A$曾经发出$X$
$P\left\| \Rightarrow \right.X$	主体$A$对$X$有管辖权
$\text{ }\!\!\#\!\!\text{ }\left( X \right)$	$X$是新鲜的，一般是临时值
$A\overset{K}{\longleftrightarrow}Q$	$K$是主体$A$与$Q$的共享密钥，其他主体不知道该密钥
$\xrightarrow{{{K}_{A}}}A$	${{K}_{A}}$是主体$A$的公钥
$A\overset{X}{\mathop{\rightleftharpoons }}\,Q$	$X$是主体$A$与$Q$的共享秘密，其他主体不知道该秘密
${{\left\{ X \right\}}_{K}}$	用密钥$K$加密$X$后得到的密文
${{\left\langle X \right\rangle }_{Y}}$	消息$X$和秘密$Y$之间的级联（合成的消息），用$Y$证明发出消息${{\left\langle X \right\rangle }_{Y}}$的主体的身份

方案	注册阶段	登录、认证、密钥协商阶段	口令更改阶段
文献[1]方案	3T_H+T_Gen=404	12T_H+6T_C+8T_E+ T_Gen=422.5	2T_H+T_Gen=403.5
文献[5]方案	9T_H+T_Gen=407	21T_H+T_Rep+ 4T_C=108	8T_H+T_Rep+T_Gen=500
文献[11]方案	11T_H+9T_P+ 4T_A=600.5	17T_H+7T_P+ 7T_A=638.5	6T_H+4T_P+2T_A=269
文献[18]方案	T_H+T_ECC=484.5	4T_H+7T_ECC=3390	2T_H+T_ECC+4T_E=489
本文方案	4T_H+2T_C+T_F=19	8T_H+6T_C+4T_E+ 4T_D+T_B+T_F=33	5T_H+2T_C+T_B+T_F=19.5