适用于移动客户端——多服务器环境的用户认证与密钥协商协议

User Authentication and Key Agreement Protocol for Mobile Client-multi-server Environment

随着电子商务的快速发展,网络服务提供商为用户提供多种多样的服务,而这些服务往往运行在不同的服务器上.因此,多服务器架构已经普遍存在;同时,越来越多的人通过手机等移动设备来快速获取网络服务,这就是当前得到广泛应用的移动客户端——多服务器模型.一方面移动设备为我们的生活带来了便捷,另一方面移动互联网的开放性使得其安全性问题也越来越突出.因此,设计一种适用于移动客户端——多服务器环境的用户认证与密钥协商协议是非常有必要的.但是由于移动设备与个人电脑相比具有资源受限的特点,要设计一种兼具安全性与高效性的协议并不是一件容易的事情.为了解决上述问题,本文利用无证书公钥密码技术、提出了一种适用于移动客户端——多服务器环境的用户认证与密钥协商协议.无证书公钥密码体制能够解决传统公钥密钥体制的证书管理问题和基于身份公钥密码体制的密钥托管问题,所以其兼具高效性与安全性的优点.同时,由于移动设备具有资源受限的特点,无证书公钥密码体制非常适合用来设计应用于移动设备的安全协议.在随机预言模型下,我们证明了该协议能够提供双向认证性和安全的密钥协商.同时,将该协议与其它同类型的协议做对比后得出,该协议在计算效率上具有明显的优势.

With the rapid development of E-commerce, network service providers usually provide users with a wide range of services running on different servers. Thus, multi-server model has been widely used. Meanwhile, more and more people access network services more quickly through the mobile phones or other mobile devices, this is the current mobile client-multi-server model which has been very popular. On one hand, mobile devices bring convenience to our lives. On the other hand,the openness of mobile Internet makes its security issues more serious. It is necessary to design a user authentication and key agreement protocol for the mobile client-multi-server model. However,compared with personal computers, mobile devices have resource-constrained features. So how to design a protocol that combines security and efficiency is not an easy task. In order to solve this problem, this study proposes a user authentication and key agreement protocol under the mobile client-multi-server model. Certificateless public key cryptography can solve the problem of certificate management in traditional public key systems and the inherent key escrow problem in identity-based public key cryptography, it has the advantages of both high efficiency and security. In addition,the mobile devices have the characteristics of resource constraints, so the certificateless public key cryptography is very suitable for designing a security protocol for mobile devices which have limited resources. In this paper, it is proved that the proposed protocol can provide mutual authentication and secure key agreement services in the random oracle model. Compared with other protocols of the same type, the proposed protocol in this paper has a better computational efficiency.