基于口令认证的移动AdHoc网密钥协商方案

ISSN1000-9825,CODENRUXUEWE-mail:jos@iscas.ac.cnJournalofSoftware,Vol.17,No.8,August2006,pp.1811−1817:+86-10-62562563©2006byJournalofSoftware.Allrightsreserved.AdHoc∗+,,,,(,710054)AKeyAgreementSchemeforMobileAdHocNetworksBasedonPasswordAuthenticationWANGXiao-Feng+,ZHANGJing,WANGShang-Ping,ZHANGYa-Ling,QINBo(LaboratoryofCryptographyTheoryandNetworkSecurity,Xi’anUniversityofTechnology,Xi’an710054,China)+Correspondingauthor:Phn:+86-29-82066369,Fax:+86-29-82066369,E-mail:wang-xf66@sohu.com,(8):1811−1817.:Asanewtypeofwirelessmobilenetworks,AdHocnetworksdonotdependonanyfixedinfrastructure,andhavenocentralizedcontrolunitandsoitscomputationcapabilitiesarelimitedbymobilenodes.Inthispaper,anovelmulti-partykeyagreementschemewithpasswordauthenticationandsharingpasswordevolvementforAdHocnetworksisproposedbasedonECC(ellipticcurvescryptography).Oneofthefunctionsofpasswordsisusedassharinginformationtoauthenticatethemobilenode’ssecretkeys,andtheotherisusedasasymmetricalkeytoencryptalternatinginformationbetweenmobilenodes.Thefreshnessandsecurityofpasswordsareguaranteedbysharingpasswordevolvementeverytimeinmobilenode’ssecretkeysauthenticationandkeyagreement.Consequently,thecomputationaloverheadsandthestoreloadofmobilenodesarelessened,moreover,secretkeysauthenticationandinformationencryptionbetweenmobilenodesareprovided.Thenewschemeenjoysmanysecurepropertiessuchasagainstman-in-the-middleattack,againstreplayattack,keyindependence,forwardsecurity,etc.Keywords:AdHocnetwork;ellipticcurve;keyagreement;keyauthentication:AdHoc.ECC(ellipticcurvescryptography),AdHoc.,.,,..∗SupportedbytheNationalNaturalScienceFoundationofChinaunderGrantNo.60273089();theNationalHigh-TechResearchandDevelopmentPlanofChinaunderGrantNo.2003AA1Z2560((863));theShanxiProvinceNaturalScienceFoundationResearchPlanofChinaunderGrantNo.2005F02();theScienceandTechnologyInnovationFoundationofXi’anUniversityofTechnologyofChinaunderGrantNo.108210402()Received2005-06-02;Accepted2005-10-101812JournalofSoftwareVol.17,No.8,August2006:AdHoc;;;:TP309:A(mobileAdHocnetwork)[1],.AdHoc.,,.AdHoc[2,3].,AdHoc,AdHoc.AdHoc,AdHoc.AdHoc.,,,[4−8].,Diffie-Hellman(ellipticcurvescryptography,ECC),,[9−11],.,,,,AdHoc.M.Aydos[12],,CA,AdHoc.XinjunDu[13],[14],,AdHoc..JonathanKatz[15],[15],.,[16][15],,.[17],[18]ECC,.,.,,,.ECC,AdHoc.AdHoc.,;,..:,.,,,.,,,.,,;,ECCAdHoc.,,,.ECC[7,8],AdHoc.1Co-Gap-Diffie-HellmanCo-Diffie-Hellman[19],Co-DH.Co-DH.Co-DHGap-Diffie-Hellman.(1)E(Fq),S∈E(Fq)p,:p≠q;p|/q;p2|/|E(Fq)|.(2)α1〈S〉,Q∈)(qFE′′S([20]).(3)G1=〈S〉,G2=〈Q〉.(4)SQ,Weil*21:ˆqFGGe′′→×.E(Fq)(G1,G2),:1(Co-Diffie-HellmanCo-Diffie-Hellman).:AdHoc1813(1)(G1,G2)Co-Diffie-Hellman(Co-CDH):Q,aQ∈G2,R∈G1,aR∈G1.(2)(G1,G2)Co-Diffie-Hellman(Co-DDH):QR,aQ∈G2,bR∈G1,a=b,,(Q,aQ,R,bR)Co-Diffie-Hellman.G1=G2,Diffie-HellmanDiffie-Hellman.2(Co-Gap-Diffie-Hellman(Co-GDH)).Co-GDH(G1,G2),Co-DDH,Co-CDH.eˆCo-DDH[21]:(Q,aQ,R,bR),R∈G1,Q∈G2,*,pZba∈,:),(ˆ),(ˆmodQbReaQRepba=⇔=.2AdHoc,AdHoc.n{U1,U2,…,Un}.2.1AdHoc3.AdHoc(Setup(1k),UkeyGen(1k),UKeyAuth(·),KeyAgreement(·)).(1)Setup(1k):k,M;(2)UkeyGen(1k):M,i/(SKi,PKi)(1≤i≤n);(3)UkeyAuth(PKi,PWj):iPKijPWj,10;(4)KeyAgreement(PWj,SKi,ijr,PKt):jPWj,iSKiijr,itPKt(1≤t≤n,t≠i),jKj.2.2AdHoc,,,.:(1):.,,;(2):,;(3):,;(4):,,;(5)(),;(6):,.,AdHoc4~9.4().Ui∈{U1,U2,…,Un}(1≤i≤n),jKeyAgreement(PWj,SKi,ijr,PKt),UijKj.5().j,Ui∉{U1,U2,…,Un}A(⋅),Pr[A(PK1,…,PKi,…,PKn)=Kj]ε,εk.6().j,Ui∈{U1,U2,…,Un}(1≤i≤n),Ui,Kj.7().A,jKjm(m≠j)Km.8().j,A∉{U1,U2,…,Un},Ua,Ub∈{U1,1814JournalofSoftwareVol.17,No.8,August2006U2,…,Un},AUaUb.9().A,;,.3AdHoc3.1,Co-GDH(G1,G2)AdHoc.n{U1,U2,…,Un},,n.(1)Setup(1k)k,l,p≥2k,G1G21p,(G1,G2)Co-GDH.G1=〈S〉,G2=〈Q〉,*21:ˆqTFGGGe′′∈→×.GT.G1,G2GT()l.H1(·),f1(·),f2(·)Hash,H1(·):{0,1}*→G1,f1(·):G1→G1,f2(·):G1→GT.f1(·),(G1,G2,GT,Q,p,q,,ˆeH1(·),f1(·),f2(·)).(2)UkeyGen(1k)Ui∈{U1,U2,…,Un}(1≤i≤n)PW0∈G1;UiUkeyGen(1k):*pRiZx∈,yi=xiQ∈G2,{SKi,PKi}={xi,yi}.(3)UkeyAuth(PKi,PWj),Ui∈{U1,U2,…,Un}(1≤i≤n),.1,Ui∈{U1,U2,…,Un}(1≤i≤n):Ui:R1=H1(PW0),PW1=f1(PW0),111PWRxii⊕=σ,),,(1iiyσPW0;Ui),(1kkyσ(1≤k≤n,k≠i),R1=H1(PW0),∏∑===⎟⎟⎠⎞⎜⎜⎝⎛⊕niiniyReQPWei11111),(ˆ),(ˆσ:,,;,0,.⋮j,Ui∈{U1,U2,…,Un}(1≤i≤n):Ui:Rj=H1(PWj−1),PWj=f1(PWj−1),jjijPWRxi⊕=σ,ijiyσ,,PWj−1;Ui),(kjkyσ(1≤k≤n,k≠i),Rj=H1(PWj−1),∏∑===⎟⎟⎠⎞⎜⎜⎝⎛⊕niijnijjyReQPWei11),(ˆ),(ˆσ:,1,;0,.:,UixiRj[22]xiRj,PWjxiRj,jjijPWRxi⊕=σ.,;,xiRj,.,HashPWj=f1(PWj−1),,PWj−1.:,,,,.f1(·),PWj,PWj−1,.f1(·),.AdHoc,,,,..(4)KeyAgreement(PWj,SKi,ijr,PKt):AdHoc1815(3),1,.,(p):j,U1*1pRjZr∈,jxrnjPWyyewj⊕=111),(ˆ2,.1jwUn*pRjZrn∈,jxrnjPWyyewnnjn⊕=−),(ˆ11,.njwUi∈{U1,U2,…,Un}(1in)*pRjZri∈,jxriijPWyyewiiji⊕=+−),(ˆ11,ijw.Ui∈{U1,U2,…,Un}(1≤i≤n):∏=⊕=nijjjPWwKi1)(.:,PWj,,;,PWj,.3.23.2.11().,.(j):Ui∈{U1,U2,…,Un}(1≤i≤n)Kj;.),(ˆ),(ˆ...),(ˆ...),(ˆ))...()(()(111123211211121......111121njnnijiiijjnnnjiijjnirxxxrxxxrxxxrxxxxrnxriixrnjjjjjjnijjjQQeyyeyyeyyePWwPWwPWwPWwK−+−+++++−+−===⊕⊕⊕=⊕