兩個認(rèn)證密鑰協(xié)商協(xié)議的前向安全性分析

程慶豐; 馬玉千

doi:10.11999/JEIT211137

兩個認(rèn)證密鑰協(xié)商協(xié)議的前向安全性分析

doi: 10.11999/JEIT211137 cstr: 32379.14.JEIT211137

程慶豐,
馬玉千^,

1.
戰(zhàn)略支援部隊信息工程大學(xué) 鄭州 450001
2.
數(shù)學(xué)工程與先進計算國家重點實驗室鄭州 450001

基金項目: 國家自然科學(xué)基金(61872449)

詳細信息

作者簡介:
程慶豐：男，博士，教授，研究方向為公鑰密碼和密碼協(xié)議

馬玉千：女，碩士生，研究方向為密碼協(xié)議

通訊作者:
馬玉千　yuqianm2000@qq.com

中圖分類號: TN918; TP309
計量
- 文章訪問數(shù): 762
- HTML全文瀏覽量: 688
- PDF下載量: 89
- 被引次數(shù): 0
出版歷程
- 收稿日期: 2021-10-15
- 修回日期: 2022-04-20
- 錄用日期: 2022-05-05
- 網(wǎng)絡(luò)出版日期: 2022-05-10
- 刊出日期: 2022-12-16

Cryptoanalysis on the Forward Security of Two Authenticated Key Protocols

CHENG Qingfeng,
MA Yuqian^,

1.
Strategic Support Force Information Engineering University, Zhengzhou 450001, China
2.
State Key Laboratory of Mathematical Engineering and Advanced Computing, Zhengzhou 450001, China

Funds: The National Natural Science Foundation of China (61872449)

摘要

摘要: 目前，網(wǎng)絡(luò)安全及隱私受到廣泛關(guān)注。前向安全性是Günther在1989年提出的一種認(rèn)證密鑰協(xié)商協(xié)議( AKA)的安全屬性(doi: 10.1007/3-540-46885-4_5)，該性質(zhì)經(jīng)過30年的蓬勃發(fā)展已經(jīng)成為研究領(lǐng)域的熱點之一。該文主要分析了MZK20和VSR20兩個AKA協(xié)議。首先在啟發(fā)式分析的基礎(chǔ)上，利用BAN邏輯分析了MZK20協(xié)議不具有弱前向安全性；其次利用啟發(fā)式分析和Scyther工具證明了VSR20協(xié)議不具備前向安全性。最后，在分析VSR20協(xié)議設(shè)計缺陷的基礎(chǔ)上，提出了改進方案，并在eCK模型下證明了改進后協(xié)議的安全性；并且，結(jié)合Scyther軟件證明了改進VSR20協(xié)議與VSR20協(xié)議相比明顯提高了安全性。
- 安全協(xié)議形式化工具分析 /
- 認(rèn)證密鑰協(xié)商協(xié)議 /
- 前向安全性
Abstract: At present, network security and privacy have attracted extensive attention. Forward security is a security attribute of Authenticated Key Agreement protocol (AKA) proposed by Günther in 1989. Since then, this property has become one of the hot topics. This paper analyzes the security properties of two AKA protocols, MZK20 and VSR20. First, based on heuristic analysis and BAN logic, MZK20 protocol is proved that it does not satisfy weak forward security. Second, using heuristic analysis and Scyther, it is proved that VSR20 protocol does not fulfill forward security. Finally, the enhanced VSR20 protocol is designed and proved more secure than VSR20. The security of the modified VSR20 is verified both by the use of security reduction under eCK model and Scyther.
- Formal analysis of security protocols /
- Authenticated Key Agreement protocols (AKA) /
- Forward Security

HTML全文

圖 1 VSR20協(xié)議的登錄和認(rèn)證階段

下載: 全尺寸圖片幻燈片

圖 2 Scyther軟件分析VSR20協(xié)議

下載: 全尺寸圖片幻燈片

圖 3 改進VSR20協(xié)議

下載: 全尺寸圖片幻燈片

圖 4 Scyther軟件分析改進后VSR20協(xié)議

下載: 全尺寸圖片幻燈片

表 1 BAN邏輯分析MZK20協(xié)議

MZK20協(xié)議期望達成的目標(biāo)如下(參與雙方用$ {{\text{S}}_j} $和$ {{\text{U}}_u} $表示，$ {K_{uj}} $表示雙方達成的會話密鑰)：　G1. $ {{\text{S}}_j}\;{\text{believes}}\;{K_{uj}} $; 　G2. $ {{\text{S}}_j}\;{\text{believes}}\;({{\text{U}}_u}\;{\text{believes}}\;{K_{uj}}) $; 　G3. $ {{\text{U}}_u}\;{\text{believes}}\;{K_{uj}} $; 　G4. $ {{\text{U}}_u}\;{\text{believes}}\;({{\text{S}}_j}\;{\text{believes}}\;{K_{uj}}) $.
消息：　$ {\text{Message}}\,{\text{1}}\quad {{\text{U}}_u} \to {{\text{S}}_j}: < {\{ {\text{I}}{{\text{D}}_u}\} _{{K_u}}},{\{ {C_u}\} _{{K_S}}} > $; 　$ {\text{Message}}\,{\text{2}}\quad {{\text{S}}_j} \to {{\text{U}}_u}: < {D_j}{ > _{ < {\text{I}}{{\text{D}}_u}{ > _{{K_{{\text{RC}}}}}}}} $;	假設(shè)：　A1.$ {{\text{U}}_u}\;{\text{believes}}\;{\text{fresh}}({C_u}) $，$ {{\text{S}}_j}\;{\text{believes}}\;{\text{fresh}}({D_j}) $; 　A2.$ {{\text{U}}_u}\;{\text{believes}}\;{C_u} $，$ {{\text{S}}_j}\;{\text{believes}}\;{D_j} $; 　A3.$ {{\text{U}}_u}\;{\text{believes}}\;({{\text{U}}_u}\mathop \Leftrightarrow \limits^{{K_u}} {{\text{S}}_j}) $，$ {{\text{U}}_u}\;{\text{believes}}\;({{\text{U}}_u}\mathop \Leftrightarrow \limits^{{K_u}} {{\text{S}}_j}) $; 　A4.$ {{\text{U}}_u}\;{\text{believes}}\;({{\text{S}}_j}\;{\text{controls}}\;{K_{uj}}) $，$ {{\text{S}}_j}\;{\text{believes}}\;({{\text{U}}_u}\;{\text{controls}}\;{K_{uj}}) $; 　A5.$ {{\text{S}}_j}\;{\text{believes}}\;{K_{{\text{RC}}}} $，$ {{\text{U}}_u}\;{\text{believes}}\;{K_{{\text{RC}}}} $.
推理過程：　F1. $ {{\text{S}}_j}\;{\text{sees}}\; < {\{ {\text{I}}{{\text{D}}_u}\} _{{K_u}}},{\{ {C_u}\} _{{K_S}}} > $; 　F2. $ {{\text{S}}_j}\;{\text{sees}}\;{\{ I{D_u}\} _{{K_u}}} $，$ {{\text{S}}_j}\;{\text{sees}}\;{\{ {C_u}\} _{{K_s}}} $; 　F3. $ {{\text{S}}_j}\;{\text{believes}}\;({{\text{U}}_u}\;{\text{said}}\;{\text{I}}{{\text{D}}_u}) $，$ {{\text{S}}_j}\;{\text{believes}}\;({{\text{U}}_u}\;{\text{said}}\;{C_u}) $($ {\text{I}}{{\text{D}}_u} = {C_u}P \oplus {\text{PI}}{{\text{D}}_u} $, $ {X_u} = h({\text{I}}{{\text{D}}_u}\|\|{\text{p}}{{\text{k}}_{{\text{RC}}}}) $且$ {\text{PI}}{{\text{D}}_u} = {\{ {\text{I}}{{\text{D}}_u}\} _{{K_u}}} $); 　F4. $ {{\text{S}}_j}\;{\text{believes}}\;({{\text{U}}_u}\;{\text{believes}}\;{C_u}) $，$ {{\text{S}}_j}\;{\text{believes}}\;({{\text{U}}_u}\;{\text{believes}}\;{X_u}) $; 　F5. $ {{\text{S}}_j}\;{\text{believes}}\;({{\text{U}}_u}\;{\text{believes}}\;{K_{uj}}) $($ {K_{uj}} = {\text{S}}{{\text{K}}_{uj}} = h({\text{I}}{{\text{D}}_u}\|\|{C_u}P\|\|{D_j}\|\|{X_u}\|\|{\text{I}}{{\text{D}}_j}) $); 　F6. $ {{\text{S}}_j}\;{\text{believes}}\;{K_{uj}} $; 　F7. $ {{\text{U}}_u}\;{\text{sees}}\; < {D_j}{ > _{ < {\text{I}}{{\text{D}}_u}{ > _{{K_{{\text{RC}}}}}}}} $; 　F8. $ {{\text{U}}_u}\;{\text{believes}}\;({{\text{S}}_j}\;{\text{said}}\;{D_j}) $($ {K_{uj}} = {\text{S}}{{\text{K}}_{uj}} = h({\text{I}}{{\text{D}}_u}\|\|{C_u}P\|\|{D_j}\|\|{X_u}\|\|{\text{I}}{{\text{D}}_j}) $).

下載: 導(dǎo)出CSV

參考文獻(25)

[1]	GÜNTHER C G. An identity-based key-exchange protocol[C]. Workshop on the Theory and Application of of Cryptographic Techniques, Houthalen, Belgium, 1989: 29–37.
[2]	MATSUMOTO T, TAKASHIMA Y, and IMAI H. On seeking smart public-key-distribution systems[J]. Transactions of the Institute of Electronics and Communication Engineers of Japan Section E, 1986, 69(2): 99–106.
[3]	JEONG I R, KATZ J, and LEE D H. One-round protocols for two-party authenticated key exchange[C]. The 2nd International Conference on Applied Cryptography and Network Security, Yellow Mountain, China, 2004: 220–232.
[4]	KRAWCZYK H. HMQV: A high-performance secure Diffie-Hellman protocol[C]. The 25th Annual International Cryptology Conference, Santa Barbara, USA, 2005: 546–566.
[5]	BOYD C and NIETO J G. On forward secrecy in one-round key exchange[C]. The 13th IMA International Conference on Cryptography and Coding, Oxford, UK, 2011: 451–468.
[6]	曹晨磊, 劉明奇, 張茹, 等. 基于層級化身份的可證明安全的認(rèn)證密鑰協(xié)商協(xié)議[J]. 電子與信息學(xué)報, 2014, 36(12): 2848–2854. doi: 10.3724/SP.J.1146.2014.00684 CAO Chenlei, LIU Mingqi, ZHANG Ru, et al. Provably secure authenticated key agreement protocol based on hierarchical identity[J]. Journal of Electronics &Information Technology, 2014, 36(12): 2848–2854. doi: 10.3724/SP.J.1146.2014.00684
[7]	楊孝鵬, 馬文平, 張成麗. 一種新型基于環(huán)上帶誤差學(xué)習(xí)問題的認(rèn)證密鑰交換方案[J]. 電子與信息學(xué)報, 2015, 37(8): 1984–1988. doi: 10.11999/JEIT141506 YANG Xiaopeng, MA Wenping, and ZHANG Chengli. New authenticated key exchange scheme based on ring learning with errors problem[J]. Journal of Electronics &Information Technology, 2015, 37(8): 1984–1988. doi: 10.11999/JEIT141506
[8]	熊婧, 王建明. 基于HASH函數(shù)的RFID安全雙向認(rèn)證協(xié)議研究[J]. 中國測試, 2017, 43(3): 87–90,96. doi: 10.11857/j.issn.1674-5124.2017.03.018 XIONG Jing and WANG Jianming. Based on HASH function of RFID security authentication protocol and analysis[J]. China Measurement &Test, 2017, 43(3): 87–90,96. doi: 10.11857/j.issn.1674-5124.2017.03.018
[9]	LI Xiong, PENG Jieyao, OBAIDAT M S, et al. A secure three-factor user authentication protocol with forward secrecy for wireless medical sensor network systems[J]. IEEE Systems Journal, 2021, 14(1): 39–50. doi: 10.1109/JSYST.2019.2899580
[10]	SALEEM M A, SHAMSHAD S, AHMED S, et al. Security analysis on “A secure three-factor user authentication protocol with forward secrecy for wireless medical sensor network systems”[J]. IEEE Systems Journal, 2021, 15(4): 5557–5559. doi: 10.1109/JSYST.2021.3073537
[11]	YANG Zheng, HE Jun, TIAN Yangguang, et al. Faster authenticated key agreement with perfect forward secrecy for industrial internet-of-things[J]. IEEE Transactions on Industrial Informatics, 2020, 16(10): 6584–6596. doi: 10.1109/TII.2019.2963328
[12]	CHANG C C and LE H D. A provably secure, efficient, and flexible authentication scheme for ad hoc wireless sensor networks[J]. IEEE Transactions on Wireless Communications, 2016, 15(1): 357–366. doi: 10.1109/TWC.2015.2473165
[13]	GOPE P and HWANG T. A realistic lightweight anonymous authentication protocol for securing real-time application data access in wireless sensor networks[J]. IEEE Transactions on Industrial Electronics, 2016, 63(11): 7124–7132. doi: 10.1109/TIE.2016.2585081
[14]	王晨宇, 汪定, 王菲菲, 等. 面向多網(wǎng)關(guān)的無線傳感器網(wǎng)絡(luò)多因素認(rèn)證協(xié)議[J]. 計算機學(xué)報, 2020, 43(4): 683–700. doi: 10.11897/SP.J.1016.2020.00683 WANG Chenyu, WANG Ding, WANG Feifei, et al. Multi-factor user authentication scheme for multi-gateway wireless sensor networks[J]. Chinese Journal of Computers, 2020, 43(4): 683–700. doi: 10.11897/SP.J.1016.2020.00683
[15]	QIU Shuming, WANG Ding, XU Guoai, et al. Practical and provably secure three-factor authentication protocol based on extended chaotic-maps for mobile lightweight devices[J]. IEEE Transactions on Dependable and Secure Computing, 2022, 19(2): 1338–1351. doi: 10.1109/TDSC.2020.3022797
[16]	SHAMSHAD S, SALEEM M A, OBAIDAT M S, et al. On the security of a lightweight privacy-preserving authentication protocol for VANETs[C]. 2021 International Conference on Artificial Intelligence and Smart Systems (ICAIS), Coimbatore, India, 2021: 1766–1770.
[17]	RESCORLA E.Internet Engineering Task Force. RFC 8446-The Transport Layer Security (TLS) protocol version 1.3[S]. 2018.
[18]	BOYD C and GELLERT K. A modern view on forward security[J]. The Computer Journal, 2021, 64(4): 639–652. doi: 10.1093/comjnl/bxaa104
[19]	LAMACCHIA B, LAUTER K, and MITYAGIN A. Stronger security of authenticated key exchange[C]. The 1st International Conference on Provable Security, Wollongong, Australia, 2007: 1–16.
[20]	CANETTI R and KRAWCZYK H. Analysis of key-exchange protocols and their use for building secure channels[C]. International Conference on the Theory and Applications of Cryptographic Techniques, Innsbruck, Austria, 2001: 453–474.
[21]	MOHAMED M I, WANG Xiaofen, and ZHANG Xiaosong. Adaptively-secure authenticated key exchange protocol in standard model[J]. International Journal of Network Security, 2018, 20(2): 345–358. doi: 10.6633/IJNS.201803.20(2).16
[22]	BURROWS M, ABADI M, and NEEDHAM R M. A logic of authentication[J]. Proceedings of the Royal Society A:Mathematical, Physical and Engineering Sciences, 1989, 426(1871): 233–271. doi: 10.1098/rspa.1989.0125
[23]	CREMERS C J F. The scyther tool: Verification, falsification, and analysis of security protocols[C]. International Conference on Computer Aided Verification, Princeton, USA, 2008: 414–418.
[24]	AKRAM M A, GHAFFAR Z, MAHMOOD K, et al. An anonymous authenticated key-agreement scheme for multi-server infrastructure[J]. Human-centric Computing and Information Sciences, 2020, 10(1): 22. doi: 10.1186/s13673-020-00227-9
[25]	SURESHKUMAR V, ANANDHI S, AMIN R, et al. Design of robust mutual authentication and key establishment security protocol for cloud-enabled smart grid communication[J]. IEEE Systems Journal, 2021, 15(3): 3565–3572. doi: 10.1109/JSYST.2020.3039402