A Multi-Factor Authentication Scheme Under the SM9 Algorithm Framework

ZHU Liufu; WANG Ding

doi:10.11999/JEIT231197

Volume 46 Issue 5

May 2024

Turn off MathJax

Article Contents

Article Navigation > Journal of Electronics & Information Technology > 2024 > 46(5): 2137-2148

ZHU Liufu, WANG Ding. A Multi-Factor Authentication Scheme Under the SM9 Algorithm Framework[J]. Journal of Electronics & Information Technology, 2024, 46(5): 2137-2148. doi: 10.11999/JEIT231197

Citation:

ZHU Liufu, WANG Ding. A Multi-Factor Authentication Scheme Under the SM9 Algorithm Framework[J]. Journal of Electronics & Information Technology, 2024, 46(5): 2137-2148. doi: 10.11999/JEIT231197

ZHU Liufu, WANG Ding. A Multi-Factor Authentication Scheme Under the SM9 Algorithm Framework[J]. Journal of Electronics & Information Technology, 2024, 46(5): 2137-2148. doi: 10.11999/JEIT231197

Citation:

ZHU Liufu, WANG Ding. A Multi-Factor Authentication Scheme Under the SM9 Algorithm Framework[J]. Journal of Electronics & Information Technology, 2024, 46(5): 2137-2148. doi: 10.11999/JEIT231197

PDF( 2852 KB)

A Multi-Factor Authentication Scheme Under the SM9 Algorithm Framework

doi: 10.11999/JEIT231197

ZHU Liufu,
WANG Ding^,

1.
College of Ciber Science, Nankai University, Tianjin 300350, China
2.
Tianjin Key Laboratory of Network and Data Security, Nankai University, Tianjin 300350, China
3.
Key Laboratory of Data and Intelligent System Security, Nankai University, Tianjin 300350, China

Funds: The Natural Science Foundation of Tianjin, China (21JCZXJC00100), The National Natural Science Foundation of China (62222208), The Natural Science Foundation of Tianjin, China (21JCZDJC00190)

Received Date: 2023-10-31
Rev Recd Date: 2023-12-20

Available Online: 2024-05-02

Publish Date: 2024-05-10

Abstract

Abstract

Wireless sensor networks use public wireless channels and their storage and computing resources are limited, making them vulnerable to active attacks and passive attacks. Identity authentication acts as the first line to ensure the security of information systems. Then, how to design multi-factor authentication schemes for wireless sensor devices is currently a hot topic. Nowadays, most existing schemes are based on foreign cryptographic standards that do not comply with the autonomous and controllable cyberspace security development strategy. SM9 is an identity-based cryptographic algorithm that has become a Chinese cryptographic standard recently. Therefore, this paper focuses on how to combine passwords, biometrics, and smart cards to design a multi-factor authentication scheme that can be used for wireless sensor networks under the framework of SM9. The proposed scheme applies the fuzzy verifier technique and the honeyword method to resist password guessing attacks and further enables session key negotiation and password update. The security is proved under the Random Oracle Model (ROM) and a heuristic security analysis is provided additionally. The comparison results show that the proposed scheme can be deployed to wireless sensor networks.
- Multi-factor authentication,
- Chinese cryptographic standard,
- Random oracle model

FullText(HTML)

References(30)

References

[1]	李文婷, 汪定, 王平. 无线传感器网络下多因素身份认证协议的内部人员攻击[J]. 软件学报, 2019, 30(8): 2375–2391. doi: 10.13328/j.cnki.jos.005766. LI Wenting, WANG Ding, and WANG Ping. Insider attacks against multi-factor authentication protocols for wireless sensor networks[J]. Journal of Software, 2019, 30(8): 2375–2391. doi: 10.13328/j.cnki.jos.005766.
[2]	SON S, LEE J, PARK Y, et al. Design of blockchain-based lightweight V2I handover authentication protocol for VANET[J]. IEEE Transactions on Network Science and Engineering, 2022, 9(3): 1346–1358. doi: 10.1109/TNSE.2022.3142287.
[3]	王晨宇, 汪定, 王菲菲, 等. 面向多网关的无线传感器网络多因素认证协议[J]. 计算机学报, 2020, 43(4): 683–700. doi: 10.11897/SP.J.1016.2020.00683. WANG Chenyu, WANG Ding, WANG Feifei, et al. Multi-factor user authentication scheme for multi-gateway wireless sensor networks[J]. Chinese Journal of Computers, 2020, 43(4): 683–700. doi: 10.11897/SP.J.1016.2020.00683.
[4]	汪定, 王平, 雷鸣. 基于RSA的网关口令认证密钥交换协议的分析与改进[J]. 电子学报, 2015, 43(1): 176–184. doi: 10.3969/j.issn.0372-2112.2015.01.028. WANG Ding, WANG Ping, and LEI Ming. Cryptanalysis and improvement of gateway-oriented password authenticated key exchange protocol based on RSA[J]. Acta Electronica Sinica, 2015, 43(1): 176–184. doi: 10.3969/j.issn.0372-2112.2015.01.028.
[5]	YU S and PARK Y. A robust authentication protocol for wireless medical sensor networks using blockchain and physically unclonable functions[J]. IEEE Internet of Things Journal, 2022, 9(20): 20214–20228. doi: 10.1109/JIOT.2022.3171791.
[6]	WATRO R, KONG D, CUTI S F, et al. TinyPK: Securing sensor networks with public key technology[C]. Proceedings of the 2nd ACM Workshop on Security of Ad Hoc and Sensor Networks, Washington, USA, 2004: 59–64. doi: 10.1145/1029102.1029113.
[7]	DAS M L. Two-factor user authentication in wireless sensor networks[J]. IEEE Transactions on Wireless Communications, 2009, 8(3): 1086–1090. doi: 10.1109/TWC.2008.080128.
[8]	HUANG Huifeng, CHANG Yafen, and LIU Chunhung. Enhancement of two-factor user authentication in wireless sensor networks[C]. Sixth International Conference on Intelligent Information Hiding and Multimedia Signal Processing, Darmstadt, Germany, 2010: 27–30. doi: 10.1109/IIHMSP.2010.14.
[9]	WANG Ding and WANG Ping. On the anonymity of two-factor authentication schemes for wireless sensor networks: Attacks, principle and solutions[J]. Computer Networks, 2014, 73: 41–57. doi: 10.1016/j.comnet.2014.07.010.
[10]	SADRI M J and ASAAR M R. An anonymous two-factor authentication protocol for IoT-based applications[J]. Computer Networks, 2021, 199: 108460. doi: 10.1016/j.comnet.2021.108460.
[11]	ALLADI T, CHAMOLA V, and NAREN N. HARCI: A two-way authentication protocol for three entity healthcare IoT networks[J]. IEEE Journal on Selected Areas in Communications, 2021, 39(2): 361–369. doi: 10.1109/JSAC.2020.3020605.
[12]	JIANG Jingwei, WANG Ding, ZHANG Guoyin, et al. Quantum-resistant password-based threshold single-sign-on authentication with updatable server private key[C]. 27th European Symposium on Research in Computer Security, Copenhagen, Denmark, , 2022: 295–316. doi: 10.1007/978-3-031-17146-8_15.
[13]	WANG Qingxuan, WANG Ding, CHENG Chi, et al. Quantum2FA: Efficient quantum-resistant two-factor authentication scheme for mobile devices[J]. IEEE Transactions on Dependable and Secure Computing, 2023, 20(1): 193–208. doi: 10.1109/TDSC.2021.3129512.
[14]	WANG Ding and WANG Ping. Two birds with one stone: Two-factor authentication with security beyond conventional bound[J]. IEEE Transactions on Dependable and Secure Computing, 2018, 15(4): 708–722. doi: 10.1109/TDSC.2016.2605087.
[15]	WANG Qingxuan and WANG Ding. Understanding failures in security proofs of multi-factor authentication for mobile devices[J]. IEEE Transactions on Information Forensics and Security, 2023, 18: 597–612. doi: 10.1109/TIFS.2022.3227753.
[16]	CHENG Zhaohui. Security analysis of SM9 key agreement and encryption[C]. 14th International Conference on Information Security and Cryptology, Fuzhou, China, 2019: 3–25. doi: 10.1007/978-3-030-14234-6_1.
[17]	赖建昌, 黄欣沂, 何德彪, 等. 国密SM9数字签名和密钥封装算法的安全性分析[J]. 中国科学:信息科学, 2021, 51(11): 1900–1913. doi: 10.1360/SSI-2021-0049. LAI Jianchang, HUANG Xinyi, HE Debiao, et al. Security analysis of SM9 digital signature and key encapsulation[J]. SCIENTIA SINICA Informationis, 2021, 51(11): 1900–1913. doi: 10.1360/SSI-2021-0049.
[18]	LAI Jianchang, HUANG Xinyi, HE Debiao, et al. Provably secure online/offline identity-based signature scheme based on SM9[J]. The Computer Journal, 2022, 65(7): 1692–1701. doi: 10.1093/comjnl/bxab009.
[19]	赖建昌, 黄欣沂, 何德彪, 等. 基于SM9的CCA安全广播加密方案[J]. 软件学报, 2023, 34(7): 3354–3364. doi: 10.13328/j.cnki.jos.006531. LAI Jianchang, HUANG Xinyi, HE Debiao, et al. CCA secure broadcast encryption based on SM9[J]. Journal of Software, 2023, 34(7): 3354–3364. doi: 10.13328/j.cnki.jos.006531.
[20]	LI Nan, GUO Fuchun, MU Yi, et al. Fuzzy extractors for biometric identification[C]. 37th International Conference on Distributed Computing Systems, Atlanta, USA, 2017: 667–677. doi: 10.1109/ICDCS.2017.107.
[21]	BELLARE M, POINTCHEVAL D, and ROGAWAY P. Authenticated key exchange secure against dictionary attacks[C]. International Conference on the Theory and Application of Cryptographic Techniques, Bruges, Belgium, 2000: 139–155. doi: 10.1007/3-540-45539-6_11.
[22]	LYU Qiuyun, LI Hao, DENG Zhining, et al. A2UA: An auditable anonymous user authentication protocol based on blockchain for cloud services[J]. IEEE Transactions on Cloud Computing, 2023, 11(3): 2546–2561. doi: 10.1109/TCC.2022.3216580.
[23]	ZHOU Quan, TANG Chunming, ZHEN Xianghan, et al. A secure user authentication protocol for sensor network in data capturing[J]. Journal of Cloud Computing, 2015, 4(1): 6. doi: 10.1186/s13677-015-0030-z.
[24]	AZEES M, VIJAYAKUMAR P, KARUPPIAH M, et al. An efficient anonymous authentication and confidentiality preservation schemes for secure communications in wireless body area networks[J]. Wireless Networks, 2021, 27(3): 2119–2130. doi: 10.1007/s11276-021-02560-y.
[25]	VIJAYAKUMAR P, AZEES M, KOZLOV S A, et al. An anonymous batch authentication and key exchange protocols for 6G enabled VANETs[J]. IEEE Transactions on Intelligent Transportation Systems, 2022, 23(2): 1630–1638. doi: 10.1109/TITS.2021.3099488.
[26]	YANG Qingyou, XUE Kaiping, XU Jie, et al. AnFRA: Anonymous and fast roaming authentication for space information network[J]. IEEE Transactions on Information Forensics and Security, 2019, 14(2): 486–497. doi: 10.1109/TIFS.2018.2854740.
[27]	ARFAOUI A, BOUDIA O R M, KRIBÈCHE A, et al. Context-aware access control and anonymous authentication in WBAN[J]. Computers & Security, 2020, 88: 101496. doi: 10.1016/j.cose.2019.03.017.
[28]	ODELU V, SAHA S, PRASATH R, et al. Efficient privacy preserving device authentication in WBANs for industrial e-health applications[J]. Computers & Security, 2019, 83: 300–312. doi: 10.1016/j.cose.2019.03.002.
[29]	VIJAYAKUMAR P, OBAIDAT M S, AZEES M, et al. Efficient and secure anonymous authentication with location privacy for IoT-based WBANs[J]. IEEE Transactions on Industrial Informatics, 2020, 16(4): 2603–2611. doi: 10.1109/TII.2019.2925071.
[30]	魏福山, 张刚, 马建峰, 等. 标准模型下隐私保护的多因素密钥交换协议[J]. 软件学报, 2016, 27(6): 1511–1522. doi: 10.13328/j.cnki.jos.005001. WEI Fushan, ZHANG Gang, MA Jianfeng, et al. Privacy-preserving multi-factor key exchange protocol in the standard model[J]. Journal of Software, 2016, 27(6): 1511–1522. doi: 10.13328/j.cnki.jos.005001.