基于椭圆曲线密码的智能电网通信认证协议
|
摘要
为了确保通信在智能电网中的安全可靠,越来越多的认证协议被应用在通信过程中。针对Mahmood等(MAHMOOD K, CHAUDHRY S A, NAQVI H, et al. An elliptic curve cryptography based lightweight authentication scheme for smart grid communication. Future Generation Computer Systems, 2018,81:557-565)提出的认证协议,指出此协议易受到内部特权人员攻击,缺少更换口令阶段,对用户缺少亲和性,无法保证用户有唯一的用户名,并有一个公式的错误。为改进此协议,提出一个基于椭圆曲线的认证协议。首先,增加用户与设备之间的登录阶段,其次,利用椭圆曲线密码学难题进行信息交互,最后补充口令更换阶段。通过BAN逻辑形式化分析,改进协议安全可行,能抵挡住内部人员攻击,并具有口令更换、用户名唯一、对用户有亲和性的特点。
To ensure the security and reliability of communication in the smart grid, more and more authentication protocols have been applied in the communication process. For the authentication protocol proposed by Mahmood et al.(MAHMOOD K, CHAUDHRY S A, NAQVI H, et al. An elliptic curve cryptography based lightweight authentication scheme for smart grid communication. Future Generation Computer Systems. 2018,81: 557-565), some defects were pointed out. For example, this protocol can be easily attacked by internal privileged personnel, is lack of password replacement phase and unfriendly to users, in which unique username cannot be guaranteed, even a formula error exists. To improve this protocol, an authentication protocol based on elliptic curve was proposed. Firstly, a login phase between the user and the device was added in the improved protocol. Secondly, elliptic curve cryptography puzzle was used to realize information exchange. Finally, the password replacement phase was added. Through the formal analysis by BAN(Burrows-Abadi-Needha) logic, the improved protocol is safe and feasible, which can resist internal personnel attacks, has password replacement and unique username, and is more friendly to users.
To ensure the security and reliability of communication in the smart grid, more and more authentication protocols have been applied in the communication process. For the authentication protocol proposed by Mahmood et al.(MAHMOOD K, CHAUDHRY S A, NAQVI H, et al. An elliptic curve cryptography based lightweight authentication scheme for smart grid communication. Future Generation Computer Systems. 2018,81: 557-565), some defects were pointed out. For example, this protocol can be easily attacked by internal privileged personnel, is lack of password replacement phase and unfriendly to users, in which unique username cannot be guaranteed, even a formula error exists. To improve this protocol, an authentication protocol based on elliptic curve was proposed. Firstly, a login phase between the user and the device was added in the improved protocol. Secondly, elliptic curve cryptography puzzle was used to realize information exchange. Finally, the password replacement phase was added. Through the formal analysis by BAN(Burrows-Abadi-Needha) logic, the improved protocol is safe and feasible, which can resist internal personnel attacks, has password replacement and unique username, and is more friendly to users.
引文
[1]NICANFAR H,LEUNG V C M.Password-authenticated clusterbased group key agreement for smart grid communication[J].Security and Communication Networks,2014,7(1):221-233.
[2]NICANFAR H,LEUNG V C M.Multilayer Consensus ECC-based Password Authenticated Key-exchange(MCEPAK)protocol for smart grid system[J].IEEE Transactions on Smart Grid,2013,4(1):253-264.
[3]LI D,AUNG Z,WILLIAMS J R,et al.Efficient and fault-diagnosable authentication architecture for AMI in smart grid[J].Security and Communication Networks,2015,8(4):598-616.
[4]MAHMOOD K,CHAUDHRY S A,NAQVI H,et al.An elliptic curve cryptography based lightweight authentication scheme for smart grid communication[J].Future Generation Computer Systems,2018,81:557-565.
[5]BURROWS M,ABADI M,NEEDHAM R.A logic of authentication[C]//Proceedings of the Royal Society of London A:Mathematical,Physical and Engineering Sciences.London:Royal Society,1989,426:233-271.
[6]KOBLITZ N.Elliptic Curve Cryptosystem[M].Platt Boulevard,Claremon:Mathematics Computing,1987:203-209.
[7]HE D,KUMAR N,CHILAMKURTI N.A secure temporal-credential-based mutual authentication and key agreement scheme for wireless sensor networks[C]//Proceedings of the 2014 International Symposium on Wireless and Pervasive Computing.Piscataway,NJ:IEEE,2014:263-277.
[8]LI Q,CAO G.Multicast authentication in the smart grid with onetime signature[J].IEEE Transactions on Smart Grid,2011,2(4):686-696.
[9]NAM J,CHOO K R,HAN S,et al.Efficient and anonymous twofactor user authentication in wireless sensor networks:achieving user anonymity with lightweight sensor computation[J].PLo S One,2015,10(4):e0116709.
[10]CAO X,ZHONG S.Breaking a remote user authentication scheme for multiserver architecture[J].IEEE Communications Letters,2006,10(8):580-581.
[11]CHIM T W,YIU S M,HUI L C K,et al.PASS:privacy-preserving authentication scheme for smart grid network[C]//Proceedings of the 2011 IEEE International Conference on Smart Grid Communications.Piscataway,NJ:IEEE,2011:196-201.
[12]FOUDA M M,FADLULLAH Z M,KATO N,et al.A lightweight message authentication scheme for smart grid communications[J].IEEE Transactions on Smart Grid,2011,2(4):675-685.
[13]ZHANG L,TANG S,LUO H.Elliptic curve cryptography-based authentication with identity protection for smart grids[J].PLo SOne,2016,11(3):e0151253.
[14]夏鹏真,陈建华.基于椭圆曲线密码的多服务器环境下三因子认证协议[J].计算机应用研究,2017,34(10):3061-3067.(XIA P Z,CHEN J H.Three-factor authentication scheme for multi-server environments based on elliptic curve cryptography[J].Application Research of Computers,2017,34(10):3061-3067.)
[15]VERGADOS D,STERGIOU G.An authentication scheme for AdHoc networks using threshold secret sharing[J].Wireless Personal Communications,2007,43(4):1767-1780.
[2]NICANFAR H,LEUNG V C M.Multilayer Consensus ECC-based Password Authenticated Key-exchange(MCEPAK)protocol for smart grid system[J].IEEE Transactions on Smart Grid,2013,4(1):253-264.
[3]LI D,AUNG Z,WILLIAMS J R,et al.Efficient and fault-diagnosable authentication architecture for AMI in smart grid[J].Security and Communication Networks,2015,8(4):598-616.
[4]MAHMOOD K,CHAUDHRY S A,NAQVI H,et al.An elliptic curve cryptography based lightweight authentication scheme for smart grid communication[J].Future Generation Computer Systems,2018,81:557-565.
[5]BURROWS M,ABADI M,NEEDHAM R.A logic of authentication[C]//Proceedings of the Royal Society of London A:Mathematical,Physical and Engineering Sciences.London:Royal Society,1989,426:233-271.
[6]KOBLITZ N.Elliptic Curve Cryptosystem[M].Platt Boulevard,Claremon:Mathematics Computing,1987:203-209.
[7]HE D,KUMAR N,CHILAMKURTI N.A secure temporal-credential-based mutual authentication and key agreement scheme for wireless sensor networks[C]//Proceedings of the 2014 International Symposium on Wireless and Pervasive Computing.Piscataway,NJ:IEEE,2014:263-277.
[8]LI Q,CAO G.Multicast authentication in the smart grid with onetime signature[J].IEEE Transactions on Smart Grid,2011,2(4):686-696.
[9]NAM J,CHOO K R,HAN S,et al.Efficient and anonymous twofactor user authentication in wireless sensor networks:achieving user anonymity with lightweight sensor computation[J].PLo S One,2015,10(4):e0116709.
[10]CAO X,ZHONG S.Breaking a remote user authentication scheme for multiserver architecture[J].IEEE Communications Letters,2006,10(8):580-581.
[11]CHIM T W,YIU S M,HUI L C K,et al.PASS:privacy-preserving authentication scheme for smart grid network[C]//Proceedings of the 2011 IEEE International Conference on Smart Grid Communications.Piscataway,NJ:IEEE,2011:196-201.
[12]FOUDA M M,FADLULLAH Z M,KATO N,et al.A lightweight message authentication scheme for smart grid communications[J].IEEE Transactions on Smart Grid,2011,2(4):675-685.
[13]ZHANG L,TANG S,LUO H.Elliptic curve cryptography-based authentication with identity protection for smart grids[J].PLo SOne,2016,11(3):e0151253.
[14]夏鹏真,陈建华.基于椭圆曲线密码的多服务器环境下三因子认证协议[J].计算机应用研究,2017,34(10):3061-3067.(XIA P Z,CHEN J H.Three-factor authentication scheme for multi-server environments based on elliptic curve cryptography[J].Application Research of Computers,2017,34(10):3061-3067.)
[15]VERGADOS D,STERGIOU G.An authentication scheme for AdHoc networks using threshold secret sharing[J].Wireless Personal Communications,2007,43(4):1767-1780.