高级搜索

留言板

尊敬的读者、作者、审稿人, 关于本刊的投稿、审稿、编辑和出版的任何问题, 您可以本页添加留言。我们将尽快给您答复。谢谢您的支持!

姓名
邮箱
手机号码
标题
留言内容
验证码

支持商密SM9算法框架的多因素认证方案

朱留富 汪定

朱留富, 汪定. 支持商密SM9算法框架的多因素认证方案[J]. 电子与信息学报, 2024, 46(5): 2137-2148. doi: 10.11999/JEIT231197
引用本文: 朱留富, 汪定. 支持商密SM9算法框架的多因素认证方案[J]. 电子与信息学报, 2024, 46(5): 2137-2148. doi: 10.11999/JEIT231197
ZHU Liufu, WANG Ding. A Multi-Factor Authentication Scheme Under the SM9 Algorithm Framework[J]. Journal of Electronics & Information Technology, 2024, 46(5): 2137-2148. doi: 10.11999/JEIT231197
Citation: ZHU Liufu, WANG Ding. A Multi-Factor Authentication Scheme Under the SM9 Algorithm Framework[J]. Journal of Electronics & Information Technology, 2024, 46(5): 2137-2148. doi: 10.11999/JEIT231197

支持商密SM9算法框架的多因素认证方案

doi: 10.11999/JEIT231197
基金项目: 京津冀基础研究合作专项(21JCZXJC00100),国家自然科学基金 (62222208),天津市自然科学基金重点项目(21JCZDJC00190)
详细信息
    作者简介:

    朱留富:博士生,研究方向为公钥密码学、密码安全协议

    汪定:教授,博士生导师,研究方向为公钥密码学、信息安全

    通讯作者:

    汪定 wangding@nankai.edu.cn

  • 中图分类号: TN918.2

A Multi-Factor Authentication Scheme Under the SM9 Algorithm Framework

Funds: The Natural Science Foundation of Tianjin, China (21JCZXJC00100), The National Natural Science Foundation of China (62222208), The Natural Science Foundation of Tianjin, China (21JCZDJC00190)
  • 摘要: 无线传感器技术使用公开无线信道且存储和计算资源受限,这使其容易遭受潜在的主动攻击(篡改等)和被动攻击(监听等)。身份认证是保障信息系统安全的第一道防线,如何为无线传感器设备设计多因素认证方案是目前安全协议研究的热点。目前,大多数身份认证方案都基于国外密码标准设计,不符合国家核心技术自主可控的网络空间安全发展战略。商密SM9标识密码算法是中国密码标准,已由ISO/IEC标准化并被广泛使用。因此,该文研究如何在商密SM9标识密码算法框架下,将口令、生物特征以及智能卡相结合来设计多因素身份认证方案,并利用模糊验证技术和蜜罐口令方法增强口令安全。该文在随机谕言模型(Random Oracle Model, ROM)下证明了方案的安全性,并给出启发式安全分析。与相关身份认证方案的对比结果表明,该文提出的身份认证方案在提供安全性的同时能够适用于资源受限的无线传感器网络。
  • 图  1  MFAS-SM9方案的系统框架

    图  2  用户注册

    图  3  用户登录及认证

    图  4  方案的计算开销对比

    图  5  方案的通信开销对比

    表  1  方案的敌手模型和系统评价指标对比

    文献 敌手模型 系统评价指标
    1 2 3 4 5 6 1 2 3 4 5 6 7 8 9 10 11 12
    文献[22] × × × ×
    文献[23] × × × × × ×
    文献[24] × × × × ×
    文献[25] × × × × ×
    文献[26] × ×
    文献[27] × × × × × × ×
    文献[28] × × × × ×
    文献[29] × × × × × ×
    文献[30] × × × × ×
    文献[3] × ×
    MFAS-SM9
    其中,“√”表示满足该条件;“×”表示不满足该条件。
    下载: 导出CSV

    表  2  方案的计算开销对比

    文献 用户 认证网关 传感器节点
    文献[22] $ 4{{T}}_{\mathrm{H}}+6{{T}}_{\mathrm{C}}+4{{T}}_{\mathrm{M}}+2{{T}}_{\mathrm{P}} $ $ 5{{T}}_{\mathrm{H}}+4{{T}}_{\mathrm{M}}+3{{T}}_{\mathrm{E}}+4{{T}}_{\mathrm{P}} $ $ 9{{T}}_{\mathrm{H}}+2{{T}}_{\mathrm{M}}+7{{T}}_{\mathrm{E}}+4{{T}}_{\mathrm{P}} $
    文献[23] $ 21{{T}}_{\mathrm{H}}+2{{T}}_{\mathrm{C}}+4{{T}}_{\mathrm{M}}+2{{T}}_{\mathrm{s}}+2{{T}}_{\mathrm{P}} $ $ 13{{T}}_{\mathrm{H}}+6{{T}}_{\mathrm{c}}+4{{T}}_{\mathrm{M}}+6{{T}}_{\mathrm{S}}+2{{T}}_{\mathrm{P}} $ $ 6{{T}}_{\mathrm{H}}+2{{T}}_{\mathrm{M}}+2{{T}}_{\mathrm{S}}+2{{T}}_{\mathrm{P}} $
    文献[24] $ 5{{T}}_{\mathrm{H}}+11{{T}}_{\mathrm{C}}+2{{T}}_{\mathrm{M}}+2{{T}}_{\mathrm{s}} $ $ 7{{T}}_{\mathrm{H}}+12{{T}}_{\mathrm{C}}+4{{T}}_{\mathrm{M}}+2{{T}}_{\mathrm{s}}+4{{T}}_{\mathrm{P}} $
    文献[25] $ {{T}}_{\mathrm{H}}+3{{T}}_{\mathrm{E}}+{{T}}_{\mathrm{P}} $ $ {{T}}_{\mathrm{H}}+2{{T}}_{\mathrm{E}}+{{T}}_{\mathrm{M}}+{{T}}_{\mathrm{P}} $
    文献[26] $ 2{{T}}_{\mathrm{H}}+4{{T}}_{\mathrm{E}}+19{{T}}_{\mathrm{C}}+2{{T}}_{\mathrm{P}} $ $ 2{{T}}_{\mathrm{H}}+5{{T}}_{\mathrm{E}}+14{{T}}_{\mathrm{C}}+5{{T}}_{\mathrm{P}} $ $ {{T}}_{\mathrm{H}}+4{{T}}_{\mathrm{E}}+4{{T}}_{\mathrm{C}} $
    文献[27] $ 8{{T}}_{\mathrm{H}}+2{{T}}_{\mathrm{E}}+9{{T}}_{\mathrm{C}}+4{{T}}_{\mathrm{M}}+2{{T}}_{\mathrm{s}}+3{{T}}_{\mathrm{P}} $ $ 7{{T}}_{\mathrm{H}}+2{{T}}_{\mathrm{E}}+4{{T}}_{\mathrm{C}}+4{{T}}_{\mathrm{M}}+2{{T}}_{\mathrm{s}}+4{{T}}_{\mathrm{P}} $
    文献[28] $ 6{{T}}_{\mathrm{H}}+4{{T}}_{\mathrm{E}}+3{{T}}_{\mathrm{C}}+{{T}}_{\mathrm{S}} $ $ 3{{T}}_{\mathrm{H}}+4{{T}}_{\mathrm{E}}+2{{T}}_{\mathrm{C}}+{{T}}_{\mathrm{S}} $+$ {{T}}_{\mathrm{P}} $
    文献[29] $ 12{{T}}_{\mathrm{H}}+4{{T}}_{\mathrm{C}} $ $ 18{{T}}_{\mathrm{H}}+5{{T}}_{\mathrm{C}} $ $ 7{{T}}_{\mathrm{H}}+2{{T}}_{\mathrm{C}} $
    文献[30] $ 2{{T}}_{\mathrm{H}}+2{{T}}_{\mathrm{B}}+{{T}}_{\mathrm{C}}+4{{T}}_{\mathrm{E}}+6{{T}}_{\mathrm{P}\mathrm{R}\mathrm{F}}+{{T}}_{\mathrm{S}}+{{T}}_{\mathrm{S}\mathrm{i}\mathrm{g}} $ $ 2{{T}}_{\mathrm{H}}+3{{T}}_{\mathrm{C}}+5{{T}}_{\mathrm{E}}+6{{T}}_{\mathrm{P}\mathrm{R}\mathrm{F}}+{{T}}_{\mathrm{S}}+2{{T}}_{\mathrm{S}\mathrm{i}\mathrm{g}} $
    文献[3] $ 17{{T}}_{\mathrm{H}}+2{{T}}_{\mathrm{B}}+3{{T}}_{\mathrm{C}} $ $ 15{{T}}_{\mathrm{H}}+{{T}}_{\mathrm{C}} $ $ 4{{T}}_{\mathrm{H}}+2{{T}}_{\mathrm{C}} $
    MFAS-SM9 $ 12{{T}}_{\mathrm{H}}+4{{T}}_{\mathrm{C}}+2{{T}}_{\mathrm{E}}+2{{T}}_{\mathrm{P}} $ $ 6{{T}}_{\mathrm{H}}+3{{T}}_{\mathrm{C}}+2{{T}}_{\mathrm{E}}+{{T}}_{\mathrm{P}} $ $ 7{{T}}_{\mathrm{H}}+5{{T}}_{\mathrm{C}}+2{{T}}_{\mathrm{E}}+2{{T}}_{\mathrm{P}} $
    下载: 导出CSV

    表  3  方案的通信开销对比

    文献 用户 认证网关 传感器节点
    文献[22] $ \left|{\mathbb{G}}_{1}\right|+2\left|{\mathbb{G}}_{2}\right|+5\left|{\mathbb{G}}_{{\mathrm{T}}}\right|+5\left|{\mathbb{Z}}_{p}^{*}\right| $ $ 4\left|{\mathbb{G}}_{1}\right|+3\left|{\mathbb{G}}_{2}\right|+6\left|{\mathbb{G}}_{{\mathrm{T}}}\right|+6\left|{\mathbb{Z}}_{p}^{*}\right| $ $ \left|{\mathbb{G}}_{1}\right|+2\left|{\mathbb{G}}_{2}\right|+3\left|{\mathbb{G}}_{{\mathrm{T}}}\right|+5\left|{\mathbb{Z}}_{p}^{*}\right| $
    文献[23] $ \left|{\mathbb{G}}_{1}\right|+2\left|{\mathbb{G}}_{2}\right|+\left|{\mathbb{G}}_{{\mathrm{T}}}\right|+6\left|\right|{\mathbb{Z}}_{p}^{*}| $ $ \left|{\mathbb{G}}_{1}\right|+2\left|{\mathbb{G}}_{2}\right|+2\left|{\mathbb{G}}_{{\mathrm{T}}}\right|+15\left|{\mathbb{Z}}_{p}^{*}\right| $ $ \left|{{\mathbb{G}}}_{{\mathrm{T}}}\right|+5\left|{\mathbb{Z}}_{p}^{*}\right| $
    文献[24] $ 2\left|{\mathbb{G}}_{1}\right|+\left|{\mathbb{G}}_{2}\right|+3\left|{\mathbb{Z}}_{p}^{*}\right| $ $ 2\left|{\mathbb{G}}_{1}\right|+\left|{\mathbb{G}}_{2}\right|+2\left|{\mathbb{Z}}_{p}^{*}\right| $
    文献[25] $ \left|{\mathbb{G}}_{1}\right|+2\left|{\mathbb{G}}_{2}\right|+5\left|{\mathbb{Z}}_{p}^{*}\right| $ $ 2\left|{\mathbb{G}}_{1}\right|+2\left|{\mathbb{G}}_{2}\right|+3\left|{\mathbb{Z}}_{p}^{*}\right| $
    文献[26] $ 5\left|{\mathbb{G}}_{1}\right|+\left|{\mathbb{G}}_{2}\right|+4\left|{\mathbb{Z}}_{p}^{*}\right| $ $ 4\left|{\mathbb{G}}_{1}\right|+2\left|{\mathbb{G}}_{2}\right|+8\left|{\mathbb{Z}}_{p}^{*}\right| $ $ \left|{\mathbb{G}}_{1}\right|+\left|{\mathbb{Z}}_{p}^{*}\right| $
    文献[27] $ 3\left|{\mathbb{G}}_{1}\right|+\left|{\mathbb{G}}_{2}\right|+5\left|{\mathbb{Z}}_{p}^{*}\right| $ $ \left|{\mathbb{G}}_{1}\right|+\left|{\mathbb{Z}}_{p}^{*}\right| $
    文献[28] $ 2\left|{\mathbb{G}}_{1}\right|+\left|{\mathbb{G}}_{2}\right|+3\left|{\mathbb{Z}}_{p}^{*}\right| $ $ \left|{\mathbb{G}}_{1}\right|+\left|{\mathbb{G}}_{2}\right|+3\left|{\mathbb{Z}}_{p}^{*}\right| $
    文献[29] $ 2\left|{\mathbb{G}}_{1}\right|+9\left|{\mathbb{Z}}_{p}^{*}\right| $ $ \left|{\mathbb{G}}_{1}\right|+13\left|{\mathbb{Z}}_{p}^{*}\right| $ $ \left|{\mathbb{G}}_{1}\right|+10\left|{\mathbb{Z}}_{p}^{*}\right| $
    文献[30] $ 2\left|{\mathbb{G}}_{1}\right|+3\left|{\mathbb{Z}}_{p}^{\mathrm{*}}\right| $ $ \left|{\mathbb{G}}_{1}\right|+4\left|{\mathbb{Z}}_{p}^{\mathrm{*}}\right| $
    文献[3] $ 2\left|{\mathbb{G}}_{1}\right|+5\left|{\mathbb{Z}}_{p}^{\mathrm{*}}\right| $ $ 2\left|{\mathbb{G}}_{1}\right|+8\left|{\mathbb{Z}}_{p}^{\mathrm{*}}\right| $ $ \left|{\mathbb{G}}_{1}\right|+\left|{\mathbb{Z}}_{p}^{\mathrm{*}}\right| $
    MFAS-SM9 $ 2\left|{\mathbb{G}}_{1}\right|+3\left|{\mathbb{Z}}_{p}^{*}\right| $ $ 2\left|{\mathbb{G}}_{1}\right|+2\left|{\mathbb{Z}}_{p}^{*}\right| $ $ 2\left|{\mathbb{G}}_{1}\right|+2\left|{\mathbb{Z}}_{p}^{*}\right| $
    下载: 导出CSV
  • [1] 李文婷, 汪定, 王平. 无线传感器网络下多因素身份认证协议的内部人员攻击[J]. 软件学报, 2019, 30(8): 2375–2391. doi: 10.13328/j.cnki.jos.005766.

    LI Wenting, WANG Ding, and WANG Ping. Insider attacks against multi-factor authentication protocols for wireless sensor networks[J]. Journal of Software, 2019, 30(8): 2375–2391. doi: 10.13328/j.cnki.jos.005766.
    [2] SON S, LEE J, PARK Y, et al. Design of blockchain-based lightweight V2I handover authentication protocol for VANET[J]. IEEE Transactions on Network Science and Engineering, 2022, 9(3): 1346–1358. doi: 10.1109/TNSE.2022.3142287.
    [3] 王晨宇, 汪定, 王菲菲, 等. 面向多网关的无线传感器网络多因素认证协议[J]. 计算机学报, 2020, 43(4): 683–700. doi: 10.11897/SP.J.1016.2020.00683.

    WANG Chenyu, WANG Ding, WANG Feifei, et al. Multi-factor user authentication scheme for multi-gateway wireless sensor networks[J]. Chinese Journal of Computers, 2020, 43(4): 683–700. doi: 10.11897/SP.J.1016.2020.00683.
    [4] 汪定, 王平, 雷鸣. 基于RSA的网关口令认证密钥交换协议的分析与改进[J]. 电子学报, 2015, 43(1): 176–184. doi: 10.3969/j.issn.0372-2112.2015.01.028.

    WANG Ding, WANG Ping, and LEI Ming. Cryptanalysis and improvement of gateway-oriented password authenticated key exchange protocol based on RSA[J]. Acta Electronica Sinica, 2015, 43(1): 176–184. doi: 10.3969/j.issn.0372-2112.2015.01.028.
    [5] YU S and PARK Y. A robust authentication protocol for wireless medical sensor networks using blockchain and physically unclonable functions[J]. IEEE Internet of Things Journal, 2022, 9(20): 20214–20228. doi: 10.1109/JIOT.2022.3171791.
    [6] WATRO R, KONG D, CUTI S F, et al. TinyPK: Securing sensor networks with public key technology[C]. Proceedings of the 2nd ACM Workshop on Security of Ad Hoc and Sensor Networks, Washington, USA, 2004: 59–64. doi: 10.1145/1029102.1029113.
    [7] DAS M L. Two-factor user authentication in wireless sensor networks[J]. IEEE Transactions on Wireless Communications, 2009, 8(3): 1086–1090. doi: 10.1109/TWC.2008.080128.
    [8] HUANG Huifeng, CHANG Yafen, and LIU Chunhung. Enhancement of two-factor user authentication in wireless sensor networks[C]. Sixth International Conference on Intelligent Information Hiding and Multimedia Signal Processing, Darmstadt, Germany, 2010: 27–30. doi: 10.1109/IIHMSP.2010.14.
    [9] WANG Ding and WANG Ping. On the anonymity of two-factor authentication schemes for wireless sensor networks: Attacks, principle and solutions[J]. Computer Networks, 2014, 73: 41–57. doi: 10.1016/j.comnet.2014.07.010.
    [10] SADRI M J and ASAAR M R. An anonymous two-factor authentication protocol for IoT-based applications[J]. Computer Networks, 2021, 199: 108460. doi: 10.1016/j.comnet.2021.108460.
    [11] ALLADI T, CHAMOLA V, and NAREN N. HARCI: A two-way authentication protocol for three entity healthcare IoT networks[J]. IEEE Journal on Selected Areas in Communications, 2021, 39(2): 361–369. doi: 10.1109/JSAC.2020.3020605.
    [12] JIANG Jingwei, WANG Ding, ZHANG Guoyin, et al. Quantum-resistant password-based threshold single-sign-on authentication with updatable server private key[C]. 27th European Symposium on Research in Computer Security, Copenhagen, Denmark, , 2022: 295–316. doi: 10.1007/978-3-031-17146-8_15.
    [13] WANG Qingxuan, WANG Ding, CHENG Chi, et al. Quantum2FA: Efficient quantum-resistant two-factor authentication scheme for mobile devices[J]. IEEE Transactions on Dependable and Secure Computing, 2023, 20(1): 193–208. doi: 10.1109/TDSC.2021.3129512.
    [14] WANG Ding and WANG Ping. Two birds with one stone: Two-factor authentication with security beyond conventional bound[J]. IEEE Transactions on Dependable and Secure Computing, 2018, 15(4): 708–722. doi: 10.1109/TDSC.2016.2605087.
    [15] WANG Qingxuan and WANG Ding. Understanding failures in security proofs of multi-factor authentication for mobile devices[J]. IEEE Transactions on Information Forensics and Security, 2023, 18: 597–612. doi: 10.1109/TIFS.2022.3227753.
    [16] CHENG Zhaohui. Security analysis of SM9 key agreement and encryption[C]. 14th International Conference on Information Security and Cryptology, Fuzhou, China, 2019: 3–25. doi: 10.1007/978-3-030-14234-6_1.
    [17] 赖建昌, 黄欣沂, 何德彪, 等. 国密SM9数字签名和密钥封装算法的安全性分析[J]. 中国科学:信息科学, 2021, 51(11): 1900–1913. doi: 10.1360/SSI-2021-0049.

    LAI Jianchang, HUANG Xinyi, HE Debiao, et al. Security analysis of SM9 digital signature and key encapsulation[J]. SCIENTIA SINICA Informationis, 2021, 51(11): 1900–1913. doi: 10.1360/SSI-2021-0049.
    [18] LAI Jianchang, HUANG Xinyi, HE Debiao, et al. Provably secure online/offline identity-based signature scheme based on SM9[J]. The Computer Journal, 2022, 65(7): 1692–1701. doi: 10.1093/comjnl/bxab009.
    [19] 赖建昌, 黄欣沂, 何德彪, 等. 基于SM9的CCA安全广播加密方案[J]. 软件学报, 2023, 34(7): 3354–3364. doi: 10.13328/j.cnki.jos.006531.

    LAI Jianchang, HUANG Xinyi, HE Debiao, et al. CCA secure broadcast encryption based on SM9[J]. Journal of Software, 2023, 34(7): 3354–3364. doi: 10.13328/j.cnki.jos.006531.
    [20] LI Nan, GUO Fuchun, MU Yi, et al. Fuzzy extractors for biometric identification[C]. 37th International Conference on Distributed Computing Systems, Atlanta, USA, 2017: 667–677. doi: 10.1109/ICDCS.2017.107.
    [21] BELLARE M, POINTCHEVAL D, and ROGAWAY P. Authenticated key exchange secure against dictionary attacks[C]. International Conference on the Theory and Application of Cryptographic Techniques, Bruges, Belgium, 2000: 139–155. doi: 10.1007/3-540-45539-6_11.
    [22] LYU Qiuyun, LI Hao, DENG Zhining, et al. A2UA: An auditable anonymous user authentication protocol based on blockchain for cloud services[J]. IEEE Transactions on Cloud Computing, 2023, 11(3): 2546–2561. doi: 10.1109/TCC.2022.3216580.
    [23] ZHOU Quan, TANG Chunming, ZHEN Xianghan, et al. A secure user authentication protocol for sensor network in data capturing[J]. Journal of Cloud Computing, 2015, 4(1): 6. doi: 10.1186/s13677-015-0030-z.
    [24] AZEES M, VIJAYAKUMAR P, KARUPPIAH M, et al. An efficient anonymous authentication and confidentiality preservation schemes for secure communications in wireless body area networks[J]. Wireless Networks, 2021, 27(3): 2119–2130. doi: 10.1007/s11276-021-02560-y.
    [25] VIJAYAKUMAR P, AZEES M, KOZLOV S A, et al. An anonymous batch authentication and key exchange protocols for 6G enabled VANETs[J]. IEEE Transactions on Intelligent Transportation Systems, 2022, 23(2): 1630–1638. doi: 10.1109/TITS.2021.3099488.
    [26] YANG Qingyou, XUE Kaiping, XU Jie, et al. AnFRA: Anonymous and fast roaming authentication for space information network[J]. IEEE Transactions on Information Forensics and Security, 2019, 14(2): 486–497. doi: 10.1109/TIFS.2018.2854740.
    [27] ARFAOUI A, BOUDIA O R M, KRIBÈCHE A, et al. Context-aware access control and anonymous authentication in WBAN[J]. Computers & Security, 2020, 88: 101496. doi: 10.1016/j.cose.2019.03.017.
    [28] ODELU V, SAHA S, PRASATH R, et al. Efficient privacy preserving device authentication in WBANs for industrial e-health applications[J]. Computers & Security, 2019, 83: 300–312. doi: 10.1016/j.cose.2019.03.002.
    [29] VIJAYAKUMAR P, OBAIDAT M S, AZEES M, et al. Efficient and secure anonymous authentication with location privacy for IoT-based WBANs[J]. IEEE Transactions on Industrial Informatics, 2020, 16(4): 2603–2611. doi: 10.1109/TII.2019.2925071.
    [30] 魏福山, 张刚, 马建峰, 等. 标准模型下隐私保护的多因素密钥交换协议[J]. 软件学报, 2016, 27(6): 1511–1522. doi: 10.13328/j.cnki.jos.005001.

    WEI Fushan, ZHANG Gang, MA Jianfeng, et al. Privacy-preserving multi-factor key exchange protocol in the standard model[J]. Journal of Software, 2016, 27(6): 1511–1522. doi: 10.13328/j.cnki.jos.005001.
  • 加载中
图(5) / 表(3)
计量
  • 文章访问数:  364
  • HTML全文浏览量:  87
  • PDF下载量:  62
  • 被引次数: 0
出版历程
  • 收稿日期:  2023-10-31
  • 修回日期:  2023-12-20
  • 网络出版日期:  2024-05-02
  • 刊出日期:  2024-05-30

目录

    /

    返回文章
    返回