一个改进的基于混沌映射的移动端认证协议
|
摘要
人们在使用移动设备进行电子转账、网上购物等经济活动时需要认证协议来保证安全。最近,Zhu Hongfeng提出了一个基于混沌映射的认证协议方案,针对此方案,分析了其存在的缺陷,包括易遭受用户模仿攻击、离线字典攻击、无法提供用户匿名性,以及注册阶段及口令修改阶段存在设计缺陷,由此提出了一个改进的基于混沌映射(切比雪夫多项式)的移动端认证协议来克服这些缺陷。用BAN逻辑证明了其安全性,并同其他相关方案进行了性能比较。仿真实验对比结果显示提出的协议更加安全实用。
When people transfer accounts or shop online using their mobile device,it needs authenticated scheme to protect the security. Recently,Zhu Hongfeng proposed a chaotic maps based authenticated scheme. This paper pointed out that Zhu's scheme was suffered from user impersonation attack,off-line dictionary attack and ID-theft attack. Moreover,this scheme had design flaws in login phase and password change phase. In order to overcome these flaws,this paper proposed an improved chaotic maps based mobile authenticated scheme. Furthermore,it certufued the proposed scheme by BAN logic. According to the comparison with other schemes and simulation results,the proposed scheme is more secure and efficient than other schemes.
When people transfer accounts or shop online using their mobile device,it needs authenticated scheme to protect the security. Recently,Zhu Hongfeng proposed a chaotic maps based authenticated scheme. This paper pointed out that Zhu's scheme was suffered from user impersonation attack,off-line dictionary attack and ID-theft attack. Moreover,this scheme had design flaws in login phase and password change phase. In order to overcome these flaws,this paper proposed an improved chaotic maps based mobile authenticated scheme. Furthermore,it certufued the proposed scheme by BAN logic. According to the comparison with other schemes and simulation results,the proposed scheme is more secure and efficient than other schemes.
引文
[1]Xiao Di,Liao Xiaofeng,Wong K W.An efficient entire chaos-based scheme for deniable authentication[J].Chaos Solitons&Fractals,2005,23(4):1327-1331.
[2]Bergamo P,D’Arco P,De Santis A,et al.Security of public-key crypto systems based on Chebyshev polynomials[J].IEEE Trans on Circuits&Systems I Regular Papers,2005,52(7):1382-1393.
[3]Xiao Di,Liao Xiaofeng,Deng Shaojian.A novel key agreement protocol based on chaotic maps[J].Information Sciences,2007,177(4):1136-1142.
[4]Song Han.Security of a key agreement protocol based on chaotic maps[J].Chaos Solitons&Fractals,2008,38(3):764-768.
[5]Xiang Tao,Wong K W,Liao Xiaofeng.On the security of a novel key agreement protocol based on chaotic maps[J].Chaos Solitons&Fractals,2009,40(2):672-675.
[6]Tseng H R,Jan R H,Yang W.A chaotic maps-based key agreement protocol that preserves user anonymity[C]//Proc of IEEE International Conference on Communications.Piscataway:IEEE Press,2009:1-6.
[7]Niu Yujun,Wang Xingyuan.An anonymous key agreement protocol based on chaotic maps[J].Communications in Nonlinear Science&Nu-merical Simulation,2011,16(4):1986-1992.
[8]Yoon E J.Efficiency and security problems of anonymous key agreement protocol based on chaotic maps[J].Communications in Nonlinear Science&Numerical Simulation,2012,17(7):2735-2740.
[9]Lin Hanyu.Chaotic map based mobile dynamic ID authenticated key agreement scheme[J].Wireless Personal Communications,2014,78(2):1487-1494.
[10]Zhu Hongfeng.Cryptanalysis and provable improvement of a chaotic maps-based mobile dynamic ID authenticated key agreement scheme[J].Wireless Personal Communications,2015,85(4):2141-2156.
[11]Dolev D,Yao A C.On the security of public key protocols[J].IEEE Trans on Information Theory,1981,29(2):198-208.
[12]Messerges T S,Dabbish E,Sloan R H.Examining smart-card security under the threat of power analysis attacks[J].IEEE Trans on Computers,2002,51(5):541-552.
[13]Charvet X,Pelletier H.Improving the DPA attack using Wavelet transform[C]//Proc of Nist Physical Security Testing Workshop.2005.
[14]Masuda N,Aihara K.Cryptosystems with discretized chaotic maps[J].IEEE Trans on Circuits&Systems I Fundamental Theory&Applications,2002,49(1):28-40.
[15]Kocarev L.Chaos-based cryptography:a brief overview[J].IEEE Circuits&Systems Magazine,2001,1(3):6-21.
[16]高岩,程胜利.构筑网络安全通道—虚拟专用网技术[J].交通信息与安全,2001,19(z1):30-32.
[17]Guo Dianli,Wen Qiaoyan,Li Wenmin,et al.Analysis and improvement of chaotic map based mobile dynamic ID authenticated key agreement scheme[J].Wireless Personal Communications,2015,83(1):35-48.
[18]杨世平.安全协议及其BAN逻辑分析研究[D].贵阳:贵州大学,2007.
[19]Xue Kaiping,Hong Peilin.Security improvement on an anonymous key agreement protocol based on chaotic maps[J].Communications in Nonlinear Science&Numerical Simulation,2012,17(7):2969-2977.
[2]Bergamo P,D’Arco P,De Santis A,et al.Security of public-key crypto systems based on Chebyshev polynomials[J].IEEE Trans on Circuits&Systems I Regular Papers,2005,52(7):1382-1393.
[3]Xiao Di,Liao Xiaofeng,Deng Shaojian.A novel key agreement protocol based on chaotic maps[J].Information Sciences,2007,177(4):1136-1142.
[4]Song Han.Security of a key agreement protocol based on chaotic maps[J].Chaos Solitons&Fractals,2008,38(3):764-768.
[5]Xiang Tao,Wong K W,Liao Xiaofeng.On the security of a novel key agreement protocol based on chaotic maps[J].Chaos Solitons&Fractals,2009,40(2):672-675.
[6]Tseng H R,Jan R H,Yang W.A chaotic maps-based key agreement protocol that preserves user anonymity[C]//Proc of IEEE International Conference on Communications.Piscataway:IEEE Press,2009:1-6.
[7]Niu Yujun,Wang Xingyuan.An anonymous key agreement protocol based on chaotic maps[J].Communications in Nonlinear Science&Nu-merical Simulation,2011,16(4):1986-1992.
[8]Yoon E J.Efficiency and security problems of anonymous key agreement protocol based on chaotic maps[J].Communications in Nonlinear Science&Numerical Simulation,2012,17(7):2735-2740.
[9]Lin Hanyu.Chaotic map based mobile dynamic ID authenticated key agreement scheme[J].Wireless Personal Communications,2014,78(2):1487-1494.
[10]Zhu Hongfeng.Cryptanalysis and provable improvement of a chaotic maps-based mobile dynamic ID authenticated key agreement scheme[J].Wireless Personal Communications,2015,85(4):2141-2156.
[11]Dolev D,Yao A C.On the security of public key protocols[J].IEEE Trans on Information Theory,1981,29(2):198-208.
[12]Messerges T S,Dabbish E,Sloan R H.Examining smart-card security under the threat of power analysis attacks[J].IEEE Trans on Computers,2002,51(5):541-552.
[13]Charvet X,Pelletier H.Improving the DPA attack using Wavelet transform[C]//Proc of Nist Physical Security Testing Workshop.2005.
[14]Masuda N,Aihara K.Cryptosystems with discretized chaotic maps[J].IEEE Trans on Circuits&Systems I Fundamental Theory&Applications,2002,49(1):28-40.
[15]Kocarev L.Chaos-based cryptography:a brief overview[J].IEEE Circuits&Systems Magazine,2001,1(3):6-21.
[16]高岩,程胜利.构筑网络安全通道—虚拟专用网技术[J].交通信息与安全,2001,19(z1):30-32.
[17]Guo Dianli,Wen Qiaoyan,Li Wenmin,et al.Analysis and improvement of chaotic map based mobile dynamic ID authenticated key agreement scheme[J].Wireless Personal Communications,2015,83(1):35-48.
[18]杨世平.安全协议及其BAN逻辑分析研究[D].贵阳:贵州大学,2007.
[19]Xue Kaiping,Hong Peilin.Security improvement on an anonymous key agreement protocol based on chaotic maps[J].Communications in Nonlinear Science&Numerical Simulation,2012,17(7):2969-2977.