面向隐私保护的口令认证和密钥交换协议研究

Nowadays, as people increasingly dependent on the network, users’ privacy protection is of increasing importance. Anonymous password authenticated key exchange (APAKE) protocols allow one to authenticate himself to a server and to exchange a high-entropy session key via only a low-entropy password, while preserve the user’s privacy. Because of their convenience in practice, APAKE protocols have attracted many attentions. However, the existed research works are usually analyzed in weak security models and rely on random oracle heuristics, and the efficiency of these schemes are also not sufficient for practical use. In this project, we address the problem of analyzing and designing APAKE protocols that are of stronger security guarantees in preserving users’ privacy, namely providing users with additional capacity of anonymous authentication. Firstly, in order to preserve security under protocol composition, we put forward an appropriate functionality for APAKE in the universal composability (UC) framework, which captures several security goals of APAKE in a unified way. Secondly, through utilizing standard cryptographic primitives, we design new APAKE protocols and prove their security in the standard model, i.e., without random oracle heuristics. Finally, for developing APAKE protocols that are suitable for large scale setting, we present a new approach for constructing password-protected-credential-based APAKE protocols. By using anonymous credentials based on symmetric keys instead of those based on public keys, practical APAKE protocols are provided. Through the research of this project, we could enrich and develop the provable security theory for APAKE protocols, construct APAKE protocols fulfilling high-level security requirements, and provide security supports for the development of the password- authenticated network information infrastructure.

随着人们对网络的依赖日益增强，用户隐私保护越来越重要。匿名口令认证密钥交换（APAKE）协议使得用户仅凭一个低熵口令就可以向服务器认证其合法身份，同时还能保护用户身份的隐私性。本项目针对现有APAKE协议安全模型偏弱、基础假设过强、实现效率较低等不足，对增强安全属性的APAKE协议分析和设计问题进行系统的研究。首先，面向协议的可组合安全性，在通用可组合框架下给出APAKE协议的安全定义，对多个安全目标进行统一地刻画；其次，针对用户仅拥有口令的情形，利用标准密码学原语作为构件，设计标准模型下可证明安全的APAKE协议；最后，面向大规模用户群组应用场景，利用基于对称密钥的凭证系统提出基于口令保护凭证的APAKE协议设计新方法，给出高效实用的APAKE协议新构造。本项目研究可以深化口令协议的可证明安全理论，丰富强安全APAKE协议设计方法，为基于口令认证的网络信息基础设施建设提供安全技术支撑。

匿名口令认证密钥交换（APAKE）协议使得用户仅凭一个低熵口令就可以向服务器认证其合法身份，同时还能保护用户身份的隐私性。本项目针对现有APAKE协议安全模型偏弱、基础假设过强、实现效率较低等不足，对增强安全属性的APAKE协议分析和设计问题进行系统的研究。在APAKE协议的安全定义方面，我们在通用可组合框架（UC）下构造了同时实现PAKE基本安全目标和用户身份匿名性的APAKE理想功能，给出了UC安全的APAKE的严格定义；在基于纯口令的APAKE协议设计方面，我们设计了首个标准模型下基于纯口令的APAKE协议，并利用可证明安全理论对所设计的协议进行了严格的安全性证明；在基于口令保护凭证的APAKE协议设计方面，我们提出了一个新的、更快的基于口令保护凭证的APAKE协议，将现有国际标准ISO/IEC 20009-4中同类方案的最快登录时间从385毫秒提高到了约2.8毫秒；另外，项目组还对研究内容进行关联性拓展，对UC安全的网关PAKE协议、UC安全的三方PAKE协议、安全性增强的多因素认证密钥协商协议、存储可撤销的多机构密文策略属性基加密及其在云数据安全共享中的应用、前向安全和标准模型下安全的属性基签名方案、隐私保护的数据发布和挖掘等增强安全属性的协议和算法也开展了相关研究，取得了丰硕的成果。本项目研究成果丰富了强安全APAKE协议设计理论和方法，为基于口令认证的网络信息基础设施建设提供安全技术支撑。在上述研究的基础上，绝大部分结果已形成学术论文，在“SCIENCE CHINA Information Sciences”，“ACM CCS 2016”和“计算机学报”等国内外重要期刊和学术会议上发表相关论文23篇，其中SCI检索论文16篇，EI检索论文7篇；培养博士生2名，硕士生4名，其中1名博士的学位论文被评为信息工程大学优秀博士学位论文。

内容获取失败，请点击重试