+高级检索
首页 > 过刊浏览>2022年第45卷第5期 >21-32,42. DOI:10.11835/j.issn.1000-582X.2022.05.003
PDF HTML阅读 XML下载 导出引用 引用提醒
一种适用于基于身份的认证密钥协商的逆向防火墙协议
作者:
中图分类号:

TP391

基金项目:

四川省科学技术资助项目(2020JDRC0100)。


A reverse firewall protocol for identity-based authenticated key agreement
Author:
  • 摘要
    • | |
  • 访问统计
    • |
  • 参考文献 [26]
    • |
  • 相似文献 [20]
    • | | |
  • 文章评论
    摘要:

    基于身份的认证密钥协商允许两方或者多方在不安全信道上建立安全的会话密钥。目前的认证密钥协商协议无法抵抗导致随机数泄露的后门攻击,比如已知特定于会话的临时攻击。基于此,我们设计了一种适用于基于身份的两方认证密钥协商的逆向防火墙协议。该协议在随机预言机模型下是安全的,能够抵抗强的临时会话秘密值泄露攻击,提供了消息抗泄露性。同时该协议不使用双线性对,节省了系统运行时间。最后,利用JPBC库实现了该协议。实验结果表明了该协议与同类型的协议相比,具有较小的带宽和较短的运行时间,十分适合应用于资源受限的系统中。

    Abstract:

    Identity-based authenticated key agreement allows two or more parties to establish secure session keys over insecure channels. Current authenticated key agreement protocols are unable to resist the backdoor attacks that lead to random number disclosure, such as known session-specific temporary attack. Therefore, we propose a reverse firewall protocol for identity-based authenticated key agreement. The protocol is secure under the random oracle model. In addition, it can resist strong temporary session secret value leakage attack and can provide message leakage resistance. Meanwhile, the protocol saves the system’s running time because it does not use bilinear pairing. Finally, we implement the protocol using JPBC library. The experimental results show that the protocol has smaller bandwidth and shorter running time compared with other protocols of the same type. It is very suitable for resource-constrained systems.

    参考文献
    [1] Diffie W, Hellman M. New directions in cryptography[J]. IEEE Transactions on Information Theory, 1976, 22(6):644-654.
    [2] Matsumoto T, Takashima Y, Imai H. On seeking smart public-key-distribution systems[J]. Ieice Transactions (1976-1990), 1986, 69(2):99-106.
    [3] Kunz-Jacques S, Pointcheval D. About the Security of MTI/C0 and MQV[C]//International Conference on Security and Cryptography for Networks. Berlin, Heidelberg:Springer, 2006:156-172.
    [4] Law L, Menezes A, Qu M H, et al. An efficient protocol for authenticated key agreement[J]. Designs, Codes and Cryptography, 2003, 28(2):119-134.
    [5] Krawczyk H. HMQV:A high-performance secure diffie-Hellman protocol[C]//Advances in Cryptology-CRYPTO 2005, 2005:546-566.
    [6] Canetti R, Krawczyk H. Analysis of key-exchange protocols and their use for building secure channels[C]//Advances in Cryptology-EUROCRYPT May 6-10, 2001. Innsbruck, Austria. Berlin:Springer, 2001:453-474.
    [7] LaMacchia B, Lauter K, Mityagin A. Stronger security of authenticated key exchange[C]//International Conference on Provable Security-ProvSec 2007. Berlin:Springer, 2007:1-16.
    [8] Yao C, Zhao Y. OAKE. A new family of implicitly authenticated Diffiee-Hellman protocols[C]//Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications-CCS. November 4-8, 2013. New York:Association for Computing Machinery, 2013:1113-1128.
    [9] Lauter K, Mityagin A. Security analysis of KEA authenticated key exchange protocol[C]//Public Key Cryptography-PKC 2006. New York:Springer-Verlag, 2006:378-394.
    [10] Shamir A. Identity-based cryptosystems and signature schemes[C]//Workshop on the theory and application of cryptographic techniques. Berlin, Heidelberg:Springer, 1984:47-53.
    [11] Boneh D, Franklin M. Identity-based encryption from the weil pairing[C]//Advances in Cryptology-CRYPTO 2001. Tokyo:Springer, 2001:213-229.
    [12] Joux A. A one round protocol for tripartite diffie-Hellman[J]. Journal of Cryptology, 2004, 17(4):263-276.
    [13] Smart N P. Identity-based authenticated key agreement protocol based on Weil pairing[J]. Electronics Letters, 2002, 38(13):630.
    [14] Chen L, Kudla C. Identity based authenticated key agreement protocols from pairings[C]//16th IEEE Computer Security Foundations Workshop, 2003. Proceedings. June 30-July 2, 2003, Pacific Grove, CA, USA:IEEE, 2003:219-233.
    [15] Huang H, Cao Z. An id-based authenticated key exchange protocol based on bilinear Diffiee-Hellman problem[C]//Proceedings of the 4th International Symposium on Information, Computer, and Communications Security-ASIACCS'09. Sydney, Australia.:ACM, 2009:333-342.
    [16] Cao X F, Kou W D, Du X N. A pairing-free identity-based authenticated key agreement protocol with minimal message exchanges[J]. Information Sciences, 2010, 180(15):2895-2903.
    [17] IslamS H, Biswas G P. An improved pairing-free identity-based authenticated key agreement protocol based on ECC[J]. Procedia Engineering, 2012, 30:499-507.
    [18] Daniel R M, Rajsingh E B, Silas S. An efficient ECK secure identity based two party authenticated key agreement scheme with security against active adversaries[J]. Information and Computation, 2020, 275:104630.
    [19] Bellare M, Paterson K G, Rogaway P. Security of symmetric encryption against mass surveillance[C]//Advances in Cryptology-CRYPTO'04. 2004. Berlin:Springer, 2014:1-19.
    [20] Tang Q, Yung M. Cliptography:Post-Snowden cryptography[C]//Proceedings of ACM SIGSAC Conference on Computer and Communications Security-CCS'17. October 30-November 3, 2017. Dallas, TX, USA:ACM, 2017:2615-2616.
    [21] Mironov I, Stephens-Davidowitz N. Cryptographic reverse firewalls[M]//Advances in Cryptology-EUROCRYPT 2015. Berlin, Heidelberg:Springer, 2015:657-686.
    [22] Ateniese G, Magri B, Venturi D. Subversion-resilient signature schemes[C]//Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security-CCS'15. October 12-16, 2015. USA:ACM, 2015:364-375.
    [23] Dodis Y, Mironov I, Stephens-Davidowitz N. Message transmission with reverse firewall-secure communication on corrupted machines[C]//Advances in Cryptology-CRYPTO 2016. Berlin:Springer, 2016:341-372.
    [24] Chen R, Mu Y, Yang G, et al. Cryptographic reverse firewall via malleable smooth projective hash functions[C]//Advances in Cryptology-ASIACRYPT 2016. Berlin:Springer, 2016:844-876.
    [25] Ma H, Zhang R, Yang G, et al. Concessive online/offline attribute based encryption with cryptographic reverse firewalls secure an efficient fine-grained access control on corrupted machines[C]//European Symposium on Research in Computer Security-ESORICS 2018. Berlin:Springer, 2018:507-526.
    [26] Hong B, Chen J, Zhang K, et al. Multi-authority non-monotonic KP-ABE with cryptographic reverse firewall[J]. IEEE Access, 2019, 7:159002-159012.[27] Zhou Y, Guan Y, Zhang Z, et al. Cryptographic reverse firewalls for identity-based encryption[C]//Frontiers in Cyber Security, FCS 2019. Singapore:Springer 2019:36-52.[28] Zhou Y Y, Guo J, Li F G. Certificateless public key encryption with cryptographic reverse firewalls[J]. Journal of Systems Architecture, 2020, 109:101754.[29] Kumar M, Saxena P. PF-AID-2KAP:Pairing-free authenticated identity-based two-party key agreement protocol for resource-constrained devices[C]//Futuristic Trends in Network and Communication Technologies. Singapore:Springer. 2018:425-440.[30] Tseng Y M, Huang S S, You M L. Strongly secure ID-based authenticated key agreement protocol for mobile multi-server environments[J]. International Journal of Communication Systems, 2017, 30(11):e3251.[31] Islam S H, Biswas G P. A pairing-free identity-based two-party authenticated key agreement protocol for secure and efficient communication[J]. Journal of King Saud University-Computer and Information Sciences, 2017, 29(1):63-73.[32] Barker E B, Barker W C, Burr W E, et al. Recommendation for key management, part 1:[R]. National Institute of Standards and Technology, 2005.[33] Barker E, Mouha N. Recommendation for the triple data encryption Algorithm (TDEA) block cipher[R]. National Institute of Standards and Technology, 2017.
    引证文献
    网友评论
    网友评论
    分享到微博
    发 布
引用本文

刘畅,王晋,田里,王捷,叶净宇,秦帆,周雨阳.一种适用于基于身份的认证密钥协商的逆向防火墙协议[J].重庆大学学报,2022,45(5):21-32,42.

复制
分享
文章指标
  • 点击次数:367
  • 下载次数: 733
  • HTML阅读次数: 648
  • 引用次数: 0
历史
  • 收稿日期:2021-02-12
  • 在线发布日期: 2022-06-11
文章二维码
您是第11708363 位访问者
主管单位:中华人民共和国教育部
主办单位:重庆大学
地址:重庆市沙坪坝正街174号
电话:
重庆大学学报 ® 2025 版权所有