层次身份基认证密钥协商方案的安全性分析和改进

doi:10.11999/JEIT151443

摘要
图/表
参考文献(25)
相关文章 (15)

全文: PDF (271 KB)
输出: BibTeX | EndNote (RIS)

摘要

该文分析了曹晨磊等人(2014)提出的层次身份基认证密钥协商方案的安全性，指出该方案无法抵抗基本假冒攻击。文中具体描述了对该方案实施基本假冒攻击的过程，分析了原安全性证明的疏漏和方案无法抵抗该攻击的原因。然后，在BONEH等人(2005)层次身份基加密方案基础上提出了一种改进方案。最后，在BJM模型中，给出了所提方案的安全性证明。复杂度分析表明所提方案在效率上同原方案基本相当。

	服务

	把本文推荐给朋友
	加入我的书架
	加入引用管理器
	E-mail Alert
	RSS
	作者相关文章
	毛可飞
	陈杰
	刘建伟

关键词 ：密码学, 可证明安全性, 认证密钥协商, 层次身份基密码体制

Abstract：

The security of hierarchical identity based authenticated key agreement scheme which was proposed by CAO et al. (2014) is cryptanalyzed. First, it is pointed out that the scheme is not completely secure against the basic impersonation attack. Then, the process and the reasons of the attack are described. Finally, an improvement scheme to mend the security leaks is proposed based on the hierarchical identity based encryption (BONEH et al. 2005). The security proof of the proposal is presented in the BJM model. The computation efficiency of the proposed scheme is nearly equivalent to the CAO et al.’s.

Key words： Cryptography Provable security Authenticated key agreement Hierarchical identity based cryptography

收稿日期: 2015-12-22 出版日期: 2016-07-04

PACS:

TP309

基金资助:

国家自然科学基金(61272501)，国家重点基础研究发展计划(2012CB315905)

通讯作者: 毛可飞：男，1977年生，博士生，研究方向为网络协议和优化算法. E-mail: owen.buaa@gmail.com

作者简介: 毛可飞：男，1977年生，博士生，研究方向为网络协议和优化算法. 陈杰：男，1985年生，博士生，研究方向为网络协议和信息安全. 刘建伟：男，1964年生，教授，研究方向为信息安全和密码学.

引用本文:

毛可飞,陈杰,刘建伟. 层次身份基认证密钥协商方案的安全性分析和改进[J]. 电子与信息学报, 2016, 38(10): 2619-2626. MAO Kefei, CHEN Jie, LIU Jianwei. Security Analysis and Improvements of Hierarchical Identity Based Authenticated Key Agreement Scheme. JEIT, 2016, 38(10): 2619-2626.

链接本文:

http://jeit.ie.ac.cn/CN/10.11999/JEIT151443 或 http://jeit.ie.ac.cn/CN/Y2016/V38/I10/2619

[1]	BONEH D and FRANKLIN M. Identity-based encryption from the Weil pairing[C]. Proceedings of 21st Annual International Cryptology Conference, Santa Barbara, California, USA, 2001: 213-229.
[2]	SHAMIR A. Identity-based cryptosystems and signature schemes[C]. Proceedings of 4rd Annual International Cryptology Conference, Santa Barbara, California, USA, 1984: 47-53.
[3]	夏松, 权建校, 韩文报. 不同PKG环境下可证安全的基于身份AKA协议[J]. 电子与信息学报, 2010, 32(10): 2393-2399. doi: 10.3724/SP.J.1146.2009.01382.
	XIA S, QUAN J, and HAN W. Provably secure identity-based authenticated key agreement protocols in multiple PKG environment[J]. Journal of Electronics & Information Technology, 2010, 32(10): 2393-2399. doi: 10.3724/SP.J.1146.2009.01382.
[4]	曹雪菲, 寇卫东, 樊凯, 等. 无双线性对的基于身份的认证密钥协商协议[J]. 电子与信息学报, 2009, 31(5): 1241-1244. doi: 10.3724/SP.J.1146.2008.00003.
	CAO X, KOU W, Fan K, et al. An identity-based authenticated key agreement protocol without bilinear pairing[J]. Journal of Electronics & Information Technology, 2009, 31(5): 1241-1244. doi: 10.3724/SP.J.1146.2008.00003.
[5]	HORWITZ J and LYNN B. Toward hierarchical identity-based encryption[C]. Proceedings of International Conference on the Theory and Applications of Cryptographic Techniques, Amsterdam, Netherland, 2002: 466-481.
[6]	GENTRY C and SILVERBERG A. Hierarchical ID-based cryptography[C]. Proceedings of 8th International Conference on the Theory and Application of Cryptology and Information Security, Queenstown, New Zealand, 2002: 548-566.
[7]	BONEH D, BOYEN X, and GOH E. Hierarchical identity based encryption with constant size ciphertext[C]. Proceedings of 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Aarhus, Denmark, 2005: 440-456.
[8]	GUO H, MU Y, LI Z, et al. An efficient and non-interactive hierarchical key agreement protocol[J]. Computers & Security, 2011, 30(1): 28-34.
[9]	曹晨磊, 刘明奇, 张茹, 等. 基于层级化身份的可证明安全的认证密钥协商协议[J]. 电子与信息学报, 2014, 36(12): 2848-2854. doi:10.3724/SP.J.1146.2014.00684.
	CAO C, LIU M, ZHANG R, et al. Provably secure authenticated key agreement protocol based on hierarchical identity[J]. Journal of Electronics & Information Technology, 2014, 36(12): 2848-2854. doi: 10.3724/SP.J.1146.2014.00684.
[10]	IBRIQ J and MAHGOUB I. HIKES: hierarchical key establishment scheme for wireless sensor networks[J]. International Journal of Communication Systems, 2014, 27(10): 1825-1856.
[11]	LIU W, LIU J, WU Q, et al. SAKE: scalable authenticated key exchange for mobile e-health networks[OL]. http://onlinelibrary.wiley.com/doi/10.1002/sec.1198/abstract, 2015.
[12]	KIM H. Freshness-preserving non-interactive hierarchical key agreement protocol over WHMS[J]. Sensors, 2014, 14(12): 23742-23757. doi: 10.3390/s141223742.
[13]	GOLDWASSER S and MICALI S. Probabilistic encryption[J]. Journal of Computer and System Sciences, 1984, 28(2): 270-299.
[14]	BELLARE M and PHILLIP R. Random oracles are practical: a paradigm for designing efficient protocols[C]. Proceedings of the 1st ACM Conference on Computer and Communications Security, Fairfax, VA, USA, 1993: 62-73.
[15]	BELLARE M and PHILLIP R. Entity authentication and key distribution[C]. Proceedings of 13th Annual International Cryptology Conference, Santa Barbara, California, USA, 1993: 232-249.
[16]	BLAKE-WILSON S, JOHNSON D, and MENEZES A. Key agreement protocols and their security analysis[C]. Proceedings of 6th IMA International Conference, Cirencester, UK, 2005: 30-45.
[17]	LAMACCHIA B, LAUTER K, and MITYAGIN A. Stronger security of authenticated key exchange[C]. Proceedings of First International Conference ProvSec, Wollongong, Australia, 2007: 1-16.
[18]	CHEN L, CHENG Z, and SMART N. Identity-based key agreement protocols from pairings[J]. International Journal of Information Security, 2007, 6(4): 213-241.
[19]	倪亮, 陈恭亮, 李建华. eCK模型的安全性分析[J]. 山东大学学报(理学版), 2013, 48(7): 46-48.
	NI L, CHEN G, and LI J. Security analysis of the eCK model[J]. Journal of Shandong University (Natural Science), 2013, 48(7): 46-48.
[20]	FUJIOKA A, SUZUKI K, XAGAWA K, et al. Strongly secure authenticated key exchange from factoring, codes, and lattices[C]. Proceedings of 15th International Conference on Practice and Theory in Public Key Cryptography, Darmstadt, Germany, 2012: 467-484.
[21]	BONEH D and BOYEN X. Efficient selective-ID secure identity-based encryption without random oracles[C]. Proceedings of International Conference on the Theory and Applications of Cryptographic Techniques, Interlaken, Switzerland, 2004: 223-238.
[22]	ZHU G, XIONG H, and QIN Z. On the security of an efficient and non-interactive hierarchical key agreement protocol[J]. Wireless Personal Communications, 2014, 74(2): 883-889.
[23]	魏江宏, 刘文芬, 胡学先. 标准模型下可证安全的属性基认证密钥交换协议[J]. 软件学报, 2014, 25(10): 2397-2408.
	WEI J, LIU W, and HU X. Provable secure attribute based authenticated key exchange protocols in the standard model[J]. Journal of Software, 2014, 25(10): 2397-2408.
[24]	DENG H, WU Q, QIN B, et al. Ciphertext-policy hierarchical attribute-based encryption with short ciphertexts[J]. Information Sciences, 2014, 275: 370-384.
[25]	LYNN B. On the implementation of pairing-based cryptosystems[D]. [Ph.D. dissertation], Stanford University, 2007.