ISSN 1000-1239 CN 11-1777/TP

计算机研究与发展 ›› 2016, Vol. 53 ›› Issue (11): 2446-2453.doi: 10.7544/issn1000-1239.2016.20150107

• 信息安全 • 上一篇    下一篇



  1. 1(华东交通大学信息工程学院 南昌 330013); 2(西安电子科技大学计算机学院 西安 710071) (
  • 出版日期: 2016-11-01
  • 基金资助: 
    国家自然科学基金项目(U1405255,71361009,41402290) This work was supported by the National Natural Science Foundation of China (U1405255, 71361009, 41402290).

Authentication and Key Agreement Protocol for Multi-Server Architecture

Wan Tao1,2, Liu Zunxiong1, Ma Jianfeng2   

  1. 1(School of Information Engineering, East China Jiaotong University, Nanchang 330013); 2(School of Computer Science and Technology, Xidian University, Xi’an 710071)
  • Online: 2016-11-01

摘要: 随着网络应用的广泛发展,网络中服务器的体系结构通常由许多不同的服务器组成.多服务器架构下的认证与密钥协商协议是实现远程用户认证的关键.单次注册是多服务架构下的认证与密钥协商协议的最重要特性,而采用动态的身份进行登录认证能有效地保护隐私.Chuang等人结合智能卡和生物特征,提出了一种基于可信计算的匿名可认证密钥协商协议,并指出其协议适用于多服务器环境同时能满足其必需的安全需求.分析指出Chuang等人的协议并不能实现用户的匿名性,同时还容易遭到服务器假冒攻击和智能卡丢失攻击.为了弥补这些安全缺陷,设计每个应用服务器选用不同的秘密参数,提出了一种改进方案.通过对敌手可能的攻击行为分析,证明了改进方案能有效防范服务器假冒攻击、智能卡丢失攻击、窃听攻击、重放攻击等安全威胁,同时改进协议保持着运算简单的特性.

关键词: 认证, 密钥协商, 匿名, 多服务器, 生物特征

Abstract: With the rapid growth of Internet applications, the architecture of server providing resources to be accessed over the network often consists of many different servers. Authentication and key agreement protocol play an important role to authenticate remote users for multi-server architecture. In recent years, several authentication and key agreement protocols for multi-server architecture have been developed. Single registration is the most important feature in a multi-server architecture which may help users take desired services without repeating registration to each service provider. Employing a dynamic ID for each login may efficiently preserve privacy. Recently, Chuang et al. presented an anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics. They claimed that their protocol not only supported multi-server environments but also achieved many security requirements. A cryptanalysis on Chuang et al.’s scheme shows that their scheme cannot provide the anonymity and is vulnerable to server masquerade attack and smart card loss attack. To overcome these security flaws, an improved protocol is proposed by choosing different secret parameters for each application server. This protocol can be proved to be secure against server masquerade attack, smart card loss attack, impersonation attack, eavesdropping attack, replay attack and so on. Besides, the improved protocol maintains the feature of simple operation.

Key words: authentication, key agreement, anonymous, multi-server, biometrics