摘要
目前基于身份的认证密钥协商协议均以单个私钥生成器(PKG)为可信第三方,但这种系统结构难以满足身份分层注册与认证需求。该文以基于层级化身份的加密(HIBE)系统为基础重构了私钥的组成元素,并利用椭圆曲线乘法循环群上的双线性映射提出一个基于层级化身份的认证密钥协商协议,为隶属于不同层级的云实体提供了安全的会话密钥协商机制。基于CDH(Computational Diffie-Hellman)与GDH(Gap Diffie-Hellman)假设,该文证明了新协议在e CK模型下具有已知密钥安全性、前向安全性和PKG前向安全性,并且能够抵抗基于密钥泄露的伪装攻击。
At present most Identity-based authenticated key agreement protocols are built on the security infrastructure in which a single Private Key Generator (PKG) is contained as the only trusted third party of the whole system, however such kind of infrastructure can not satisfy the requirements of hierarchical identity register and authentication. On the basis of Hierarchical Identity Based Encryption (HIBE) system, this paper reconstructs the private key and proposes a new hierarchical identity based authenticated key agreement protocol using the bilinear map in multiplicative cyclic group and it provides secure session key exchange mechanism for cloud entities on different hierarchical levels. Based on the Computational Diffie-Hellman (CDH) and Gap Diffie-Hellman (GDH) assumptions, this paper proves that the new protocol not only achieves known-key security, forward secrecy and PKG forward secrecy, but also resists key-compromise impersonation attacks in the eCK model.
出处
《电子与信息学报》
EI
CSCD
北大核心
2014年第12期2848-2854,共7页
Journal of Electronics & Information Technology
基金
国家自然科学基金(61003284
61121061)
北京市自然科学基金(4122053)
中央高校基本科研业务费专项资金(BUPT2013 RC0310)
新闻出版重大科技工程项目(GXTC-CZ-1015004/09
GXTC-CZ-1015004/15-1)资助课题
关键词
云计算
认证密钥协商协议
基于身份的密码体制
基于层级化身份的加密
eCK模型
Cloud computing
Authenticated key agreement protocol
Identity-Based Cryptography (IBC)
Hierarchical Identity Based Encryption (HIBE)
eCK Model
