摘要
随着人们对隐私保护问题的关注,无线网络环境下身份认证的匿名问题越来越引起人们的重视.目前大部分匿名身份认证方案都是基于非共享密钥,此类方案计算量大导致资源消耗严重,对于一些计算能力有限的设备并不适用.同时对于基于共享密钥的方案,存在易被追踪或存储开销较大等问题.通过分析和实验证明Li等人所提出的基于共享密钥的方案不能抵抗时间关联攻击,从而泄露用户身份信息,进一步考虑现有常数时间认证方案存储开销较大的问题,引入用户分组机制,在Li等人基于共享密钥认证方案的基础上提出了一种基于共享密钥的轻量级匿名认证方案.通过对用户进行分组并且分配对应的组标识,认证阶段用户仅需要发送组标识和共享密钥的哈希信息到认证服务器,认证服务器根据组标识遍历对应分组的共享密钥验证认证用户的真实身份信息,并完成认证过程.形式化的安全证明说明了协议的安全性和匿名性,进一步的安全分析和实验表明,所提方案不仅具有更高的安全性,而且具有计算开销、通信开销和存储开销小等优点.
With the rapid development of wireless communication technology and the popularity of mobile intelligent terminal equipment.Wireless network has been used in many field,but if a user leaks his personal identity while using the wireless network,he will expose his personal privacy information.Since people pay more and more attention to the protection of their privacy,anonymous authentication in wireless networks has become a hot topic.Currently,most anonymous authentication schemes are based on the asymmetric keys.However,in those methods,the clients have to perform complex calculation,such as asymmetric encryption or decryption,which leads to serious resource consumption.Therefore,they are unsuitable for mobile devices with limited computing power and resource in wireless network environment.At the same time,the existing anonymous authentication scheme based on shared key has many problems,such as easy tracking or storage overhead issues.In this paper,theoretical analysis and experiments prove that Li proposed scheme based on the Shared key can’t resist the attack on time correlation,and there is a linear relationship between the location of user identifier in the k-pseudonym set and the authentication time.Attacker can obtain the user’s real identity in a very high probability using this correlation.Although existing constant time authentication scheme has a certain extent to solve the problem of inconsistent authentication time,but such solutions have the problem of storage overhead,and with the user number increasing,the search efficiency will be greatly reduced.In view of these problems,a lightweight anonymous authentication scheme for wireless networks is proposed in this paper.It is based on shared key,with a user grouping mechanism.In this scheme,the registered users are grouped and each group of users is assigned the corresponding group identifier(GID).In the authentication process,the user sends his group identifier and the hash information of his shared keys to authentication server.After the authentication server traversals the shared key with each of the users in the group and verifies the authentication information,it can determine the real user and complete the authentication safely and anonymously.In this methodology,the construction of the group is a key issue.Compared with the existing schemes,our scheme outperforms them in the security and practicality.With the grouping mechanism,even if the attacker knows the user’s group identifier,the user cannot be distinguished from other users in the group,so that the specific user’s information cannot be obtained.It is also very efficient because our scheme only use shared keys and only need to traversals the shared keys with each of the users in the group.The formalized security evidence illustrates the security and anonymity of the protocol.Security analyses and experiment results show this scheme can resist multiple attacks,such as association analysis attack,replay attack etc.and is very efficient at the same time.We also compare the scheme of this paper with the existing ones,the results show that our scheme has the advantages of small computing cost,storage cost and communication cost etc.
作者
钟成
李兴华
宋园园
马建峰
ZHONG Cheng;LI Xing-Hua;SONG Yuan-Yuan;MA Jian-Feng(School of Cyber Engineering,Xidian Universality,Xi’an 710071)
出处
《计算机学报》
EI
CSCD
北大核心
2018年第5期1157-1171,共15页
Chinese Journal of Computers
基金
国家自然科学基金(U1708262
61672413)资助~~
关键词
无线网络
共享密钥
匿名认证
时间关联攻击
轻量级
wireless networks
shared key
anonymous authentication
time correlation attack
lightweight
作者简介
钟成,男,1994年生,硕士研究生,主要研究方向为网络与信息安全、隐私保护.E-mail:czhongcs@126.com.;李兴华(通信作者),男,1978年生,博士,教授,博士生导师,主要研究领域为网络与信息安全、隐私保护、云计算、安全协议形式化方法.E-mail:xhli1@mail.xidian.edu.cn.;宋园园,男,1990年生,硕士研究生,主要研究方向为网络与信息安全、隐私保护.;马建峰,男,1963年生,博士,教授,主要研究领域为信息安全、编码理论、密码学.
