【作者】 曹雪菲；

【导师】 寇卫东；

【作者基本信息】 西安电子科技大学 ， 通信与信息系统， 2008， 博士

【摘要】 认证是实现信息安全的基本手段,基于身份的密码体制作为一种公钥认证框架具有无公钥证书的优势,已成为传统公钥体制的有力替代。基于身份密码体制的认证协议具有重要的理论研究价值和广阔的应用前景。本文从理论和应用两个方面对基于身份的认证协议进行了研究。首先研究了两种基本认证模型:客户-服务器模型和客户-客户模型下基于身份的认证协议。然后结合理论研究成果,提出了具体应用场景下基于身份的认证协议。得到如下主要结果:1.提出了一种具有用户匿名性的基于身份的远程认证协议。协议将一种新提出的基于身份的签名算法和用户帐户索引的概念相结合,实现了认证性、用户匿名性和非否认性;相比于已有协议,减少了至少24.7%的用户运行时间和46.3%的信令开销。同时给出了随机预言机模型下的安全证明。2.利用椭圆曲线加法群构造了两个无双线性对的基于身份的认证密钥协商(ID-AK)协议。协议一基于除法性计算性Di?e-Hellman问题,首次实现了无双线性对的基于身份的隐式认证;协议二基于计算性Di?e-Hellman问题,最小化了消息交互次数。在随机预言机模型下证明了协议的安全性。两个协议提供完善安全性,并可实现不同管理域间的扩展;同时去除了双线性对,是已知最高效的ID-AK协议。3.提出了两个移动IP网络中基于身份的注册协议。协议一基于本文提出的认证会话密钥协商;协议二基于非时变的安全关联,以实现安全-效率折衷。两个协议利用盲签名去除了密钥托管,利用哈希函数去除了安全关联列表。相比于已有协议,新协议减少了至少19.4%的注册时延和11.6%的信令开销,同时具有强安全性和高效性。4.提出了一种无线传感器网络中基于身份的多用户广播认证协议IMBAS。IMBAS基于一种新的具有较短签名长度的签名算法vBNN-IBS和具有部分消息恢复的Schnorr签名,首次实现了同时具有强安全性、完善可扩展性和高效性的无线传感器网络多用户广播认证。5.给出了对一种已有高效无证书签名方案的替换公钥攻击,表明了在该方案中,攻击者可以通过替换签名者公钥伪造签名。进而提出了改进方案,在随机预言机模型下证明了改进方案具有存在性不可伪造性。更多还原

【Abstract】 Authentication is a basic guarantee for information security. As an asymmetric au-thentication framework, Identity-Based Cryptosystem (IBC) is advantageous to the tra-ditional Public Key Cryptosystem (PKC) in the former’s abolishment of the public keycertificate, and hence becomes a powerful alternative of PKC. The research on identity-based (ID-based) authentication protocol has importance in both theory and application.This dissertation investigates the ID-based authentication in both theoretical andapplicational aspects. We first study ID-based authentication protocols under two fun-damental authentication models, i.e., Client-server model and Client-client model. Thenbased on those theoretical results, we study ID-based authentication protocols in di?erentapplication scenarios. The authors obtain results as follows:1. An ID-based remote authentication protocol with user anonymity is presented. Theprotocol combines a newly-proposed ID-based signature algorithm and a novel con-cept of user account index, which makes the protocol realize authenticity, useranonymity and non-repudiation. Compared with previous protocols, the new proto-col reduces at least 24.7% of user running time and 46.3% of signalling tra?c. Thesecurity proof is given under the random oracle model.2. Two pairing-free ID-based authenticated key agreement (ID-AK) protocols are pro-posed based on additive elliptic curve group. Protocol I utilizes the Divisible Com-putational Di?e-Hellman problem and realizes for the first time the implicit ID-based authentication without pairing; Protocol II utilizes the Computational Di?e-Hellman problem and minimizes the message exchange round time. The securityof the proposed protocol can be proved in the random oracle model. Both pro-posals achieve strong security and can provide the authenticated key agreementbetween users of di?erent administrative domains. Moreover, the proposals elimi-nate the pairing operations, which makes them the most e?cient ID-AK protocolsever known.3. Two ID-based Mobile IP registration protocols are proposed. Protocol I is based onthe ID-AK protocol proposed in Chapter 4; Protocol II is based on the time-invariantsecurity association to achieve the security-e?ciency trade-o?. Both protocols elim-inate the key escrow with the blind signature, and remove the security associationtable with hash function. Compared with previous protocols, the proposed protocolsreduce at least 19.4% of registration delay and 11.6% of signalling tra?c, providingboth strong security and improved e?ciency. 4. IMBAS, an ID-based Multi-user Broadcast Authentication Scheme is proposed forwireless sensor networks (WSN). The protocol employs a newly proposed pairing-free ID-based signature with reduced signature size and the Schnorr signature withpartial message recovery, and becomes the first protocol that provides all of strongsecurity, sound scalability and e?ciency for the multi-user broadcast authenticationin WSN.5. That a presented proposal of e?cient certificateless signature scheme is insecureagainst public key replacement attack is demonstrated. It is shown that an adversarywho replaces the public key of a signer can forge valid signatures for the signerwithout knowledge of the signer’s private key. Then the scheme is improved, theimproved scheme is proven secure against existential forgery in the random oraclemodel.更多还原