UCAP：云计算中一种PCL安全的用户认证协议

doi:10.11959/j.issn.1000-436x.2018147

Abstract

Abstract:

As the combine of cloud computing and Internet breeds many flexible IT services,cloud computing becomes more and more significant.In cloud computing,a user should be authenticated by a trusted third party or a certification authority before using cloud applications and services.Based on this,a protocol composition logic (PCL) secure user authentication protocol named UCAP for cloud computing was proposed.The protocol used a symmetric encryption symmetric encryption based on a trusted third party to achieve the authentication and confidentiality of the protocol session,which comprised the initial authentication phase and the re-authentication phase.In the initial authentication phase,the trusted third party generated a root communication session key.In the re-authentication phase,communication users negotiated a sub session key without the trusted third party.To verify the security properties of the protocol,a sequential compositional proof method was used under the protocol composition logic model.Compared with certain related works,the proposed protocol satisfies the PCL security.The performance of the initial authentication phase in the proposed scheme is slightly better than that of the existing schemes,while the performance of the re-authentication phase is better than that of other protocols due to the absence of the trusted third party.Through the analysis results,the proposed protocol is suitable for the mutual authentication in cloud computing.

Key words: cloud computing, user authentication, protocol composition logic, confidentiality, mutual authentication

CLC Number:

TP309

Xuefeng LI,Junwei ZHANG,Jianfeng MA. UCAP:a PCL secure user authentication protocol in cloud computing[J]. Journal on Communications, 2018, 39(8): 94-105.

Figures/Tables 9

第一阶段：初始认证阶段	第二阶段：重认证阶段
$U C A P_{1 A} = [< (v R_{A}) \hat{A}, \hat{B}, I D_{A}, {R_{A}, I D_{A}, I D_{B}}_{A_S} > (\hat{S}, \hat{A}, {z, w, R_{B}})$	$U C A P_{2 A} = [< (v R'_{A}) \hat{A}, \hat{B}, I D_{A}, {I D_{A}, K, T_{B}, E X P}_{B_S} >$
$(z / {K, I D_{B}, R_{A}, T_{B}, E X P}_{\bar{A_S}}) < \hat{A}, \hat{B}, w, u (u / {R_{B}}_{\bar{K}}) >]_{A}$	$(\hat{B}, \hat{A}, {I D_{B}, R'_{B}, u'}) (u' / {R'_{A}, I D_{A}, I D_{B}, R'_{B}}_{\bar{K'}}),$
	$< (\hat{A}, \hat{B}, {R'_{B}, I D_{A}, I D_{B}, R'_{A}}_{K'} (K' / H a s (K, R'_{A}, R'_{B})) >]_{A}$
$U C A P_{1 B} = [(I D_{A}, x), < (v R_{B}) \hat{B}, \hat{S}, I D_{B}, I D_{A} {x, T_{B}, I D_{A}, E X P}_{B_S}, R_{B} >$	$U C A P_{2 B} = [(\hat{A}, \hat{B}, w) (v R'_{B}) (w / {K, A, T_{B}, I D_{A} E X P}_{\bar{K}}),$
$(\hat{A}, \hat{B}, w, u) (w / {K, I D_{A}, T_{B}, E X P}_{\bar{B_S}}) (u / {R_{B}}_{\bar{K}})]_{B}$	$< (\hat{B}, \hat{A}, {I D_{B}, R' {}_{B}, {R'_{A}, I D_{A}, I D_{B}, R'_{B}}_{K'}}) >,$
	$(\hat{A}, \hat{B}, {u''} (K' / H a s (K', R'_{A}, R'_{B})) (u'' / {R'_{B}, I D_{A}, I D_{B}, R'_{A}}_{\bar{K}'}))]_{B}$
$U C A P_{1 S} = [(\hat{B}, \hat{S}, {I D_{B}, y, R_{B}, E X P}) (x / {R_{A}, I D_{A}, I D_{B}}_{\bar{A_S}})$
$(y / {x, T_{B}}_{\bar{B_S}}) (I D_{B} / \hat{B}) < (v K) \hat{S}, \hat{A}, {z, w, R_{B}} >]_{S}$

第一阶段UCAP₁的前提条件	第二阶段UCAP₂的前提条件
$θ_{U C A P_{1}} = H a s (A, A_S) \land H a s (B, B_S) \land H a s (S, A_S) \land H a s (S, B_S)$	$θ_{U C A P_{2}} = H a s (A, B_S) \land H a s (B, B_S) \land H a s (B, K) \land H a s (A, K)$

第一阶段UCAP₁的安全属性	第二阶段UCAP₂的安全属性
$ϕ_{U C A P_{1. a u t h}} = H o n e s t (\hat{A}) \land H o n e s t (\hat{B}) \land H o n e s t (\hat{S}) \supset \exists B . A c t i o n I n O r d e r ($	$ϕ_{U C A P_{2 .auth}} = H o n e s t (\hat{A}) \land H o n e s t (\hat{B})) \supset \exists B . A c t i o n I n O r d e r ($
$S e n d (A, {\hat{A}, \hat{B}, I D_{A}, {R_{A}, I D_{A}, I D_{B}}_{A_S}}),$	$S e n d (A, {\hat{A}, \hat{B}, I D_{A}, R'_{A}, {I D_{A}, K, T_{B}, E X P}_{B_S}}),$
$R e c e i v e (B, {\hat{A}, \hat{B}, A, {R_{A}, I D_{A}, I D_{B}}_{A_S}}),$	$R e c e i v e (B, {\hat{A}, \hat{B}, I D_{A}, R'_{A}, {I D_{A}, K, T_{B}, E X P}_{B_S}),$
$S e n d (B, {\hat{B}, \hat{S}, I D_{B}, {R_{A}, I D_{A}, I D_{B}}_{A_S}, T_{B}}_{B_S}, I D_{A}, R_{B}),$	$S e n d (B, {\hat{B}, \hat{A}, I D_{B}, R'_{B}, {R'_{A}, I D_{A}, I D_{B}, R'_{B}}_{K'}}),$
$R e c e i v e (S, {\hat{B}, \hat{S}, I D_{B}, I D_{A}, {R_{A}, I D_{A}, I D_{B}}_{A_S}, T_{B}}_{B_S}, R_{B}),$	$R e c e i v e (A, {\hat{B}, \hat{A}, I D_{B}, R'_{B}, {R'_{A}, I D_{A}, I D_{B}, R'_{B}}_{K'}}),$
$S e n d (S, {\hat{S}, \hat{A}, {K, I D_{B}, R_{A}, T_{B}, E X P}_{A_S}, {K, I D_{A}, T_{B}, E X P}_{B_S}}, R_{B}),$	$S e n d (A, {\hat{A}, \hat{B}, {R'_{B}, I D_{A}, I D_{B}, R'_{A}}_{K'}),$
$R e c e i v e (A, {\hat{S}, \hat{A}, {K, I D_{B}, R_{A}, T_{B}, E X P}_{A_S}, {K, I D_{B}, T_{B}, E X P}_{B_S}}, R_{B}),$	$R e c e i v e (B, {\hat{A}, \hat{B}, {R'_{B}, I D_{A}, I D_{B}, R'_{A}}_{K'})$
$S e n d (A, {\hat{A}, \hat{B}, {K, I D_{A}, T_{B}, E X P}_{B_S}, {R_{B}}_{K}}),$
$R e c e i v e (B, {\hat{A}, \hat{B}, {{K, I D_{A}, T_{B}, E X P}_{B_S}, {R_{B}}_{K}})$
$ϕ_{U C A P_{1. \sec}} = H o n e s t (\hat{A}) \land H o n e s t (\hat{B}) \land H o n e s t (\hat{S}) \supset$	$ϕ_{U C A P_{2. \sec}} = H o n e s t (\hat{A}) \land H o n e s t (\hat{B}) \supset (H a s (Z, K)) \supset$
$(H a s (Z, K)) \land Z \neq \hat{S} \supset (Z = \hat{A} \lor Z = \hat{B}) \land H a s (\hat{A}, K) \land H a s (\hat{B}, K)$	$(Z = \hat{A} \lor Z = \hat{B}) \land H a s (\hat{A}, K') \land H a s (\hat{B}, K')$

第一阶段UCAP₁的不变量	第二阶段UCAP₂的不变量
$Γ_{U C A P, 1} = = H o n e s t (\hat{A}) \supset ((◇ S e n d (A, x_{0}) \land$	$Γ_{U C A P, 5} = = H o n e s t (\hat{A}) \supset ((◇ S e n d (A, x'_{0}) \land$
$C o n t a i n s (x_{0}, {R_{A}, I D_{A}, I D_{B}}_{A_S})$	$C o n t a i n s (x_{0}, {I D_{A}, K, T_{B}, E X P}_{B_S}) \land \neg ◇ F r e s h (A, R'_{A})) \supset$
$\land \neg ◇ F r e s h (\hat{A}, R_{A})) \supset ((x_{0} = {\hat{A}, \hat{B}, {K, I D_{A}, T_{B}, E X P}_{B_S}},$	$((x_{0} = {\hat{A}, \hat{B}, {K, I D_{A}, T_{B}, E X P}_{B_S}} \land A f t e r$
${R_{B}}_{K}, {R_{A}, I D_{A}, I D_{B}}_{A_S}) \land A f t e r$	$(R e c e i v e (A, {\hat{B}, \hat{A}, R'_{A} {K, \hat{A}, T_{B}, E X P}_{B_S}})), K^{'} = H a s ({R^{'}}_{B} \| \| K \| \| {R^{'}}_{A})$
$(Re c e i v e (A, {\hat{S}, \hat{A}, {K, I D_{B}, R_{A}, T_{B}, E X P}_{A_S},$	$S e n d (A, {\hat{A}, \hat{B}, {R'_{B}, I D_{A}, I D_{B}, R'_{A}}_{K'}))$
$S e n d (A, {\hat{A}, \hat{B}, {K, I D_{B}, T_{B}, E X P}_{B_S}}, {R_{B}}_{K}))$	$Γ_{U C A P, 6} = H o n e s t (\hat{B}) (\exists B ◇ S e n d (B, y_{0}) \land$
	$C o n t a i n s (y_{0}, {R'_{A}, I D_{A}, I D_{B}, R'_{B}}_{K'}))$
$Γ_{U C A P, 2} = H o n e s t (\hat{B}) (\exists B ◇ S e n d (B, y_{0}) \land$	$\supset ((y_{0} = {R'_{A}, I D_{A}, I D_{B}, R'_{B}}_{K'}) \land ◇ F r e s h (B, R'_{B}) \land$
$C o n t a i n s (y_{0}, {{R_{A}, I D_{A}, I D_{B}}_{A_S}, T_{B}}_{B_S})) \supset$	$A f t e r (R e c e i v e (B, {\hat{A}, \hat{B}, {I D_{A}, K, T_{B}, E X P}_{B_S}})),$
$((y_{0} = {\hat{A}, \hat{B}, I D_{A}, {R_{A}, I D_{A}, I D_{B}}_{A_S}, {{R_{A}, I D_{A}, I D_{B}}_{A_S}, T_{B}}_{B_S}, R_{B})$	$S e n d (B, {\hat{B}, \hat{A}, {{R'_{B}, I D_{A}, I D_{B}, R'_{A}}_{K'}}))$
$\land ◇ F r e s h (B, R_{B}) \land ◇ F r e s h (B, T_{B}) \land$	$Γ_{U C A P, 7} = (H a s (X', K) \supset \neg ((S e n d (X', m) \land C o n t a i n s (m, K'))$
$A f t e r (R e c e i v e (B, {\hat{A}, \hat{B}, I D_{A}, {R_{A}, I D_{A}, I D_{B}}_{A_S}})),$	$\land H a s (\hat{A}, K') \land H a s (\hat{B}, K'))$
$S e n d (B, {\hat{B}, \hat{S}, I D_{B}, I D_{A}, {{R_{A}, I D_{A}, I D_{B}}_{A_S}, T_{B}}_{B_S}, R_{B}}))$	$Γ_{U C A P_{2}} = Γ_{U C A P, 5} \land Γ_{U C A P, 6} \land Γ_{U C A P, 7}$
$Γ_{U C A P, 3} = H o n e s t (\hat{S}) (◇ S e n d (S, z_{0}) \land$
$C o n t a i n s (z_{0}, {K, I D_{B}, R_{A}, T_{B}, E X P}_{A_S}, {K, I D_{A}, T_{B}, E X P}_{B_S}))$
$\land ⊖ F r e s h (S, K) \supset ((z_{0} = {\hat{B}, \hat{S}, I D_{B}, {{R_{A}, I D_{A}, I D_{B}}_{A_S}, T_{B}}_{B_S}, R_{B}},$
${\hat{S}, \hat{A}, {K, I D_{B}, R_{A}, T_{B}, E X P}_{A_S}, {K, I D_{A}, T_{B}, E X P}_{B_S}, R_{B}} \land$
$A f t e r (R e c e i v e (S, {\hat{B}, \hat{S}, I D_{B}, I D_{A}, {{R_{A}, I D_{A}, I D_{B}}_{A_S}, T_{B}}_{B_S}, R_{B}})),$
$S e n d (S, {\hat{S}, \hat{A}, {K, I D_{B}, R_{A}, T_{B}, E X P}_{A_S}, {K, I D_{A}, T_{B}, E X P}_{B_S}, R_{B}}))$
$Γ_{U C A P, 4} = (H a s (X, K) \supset$
$\neg ((S e n d (X, m) \land C o n t a i n s (m, K)) \land H a s (\hat{A}, K) \land$
$H a s (\hat{B}, K) \land H a s (\hat{S}, A_S) \land H a s (\hat{S}, B_S))$
$Γ_{U C A P_{1}} = Γ_{U C A P, 1} \land Γ_{U C A P, 2} \land Γ_{U C A P, 3} \land Γ_{U C A P, 4}$

References 25

[1]	林闯, 苏文博, 孟坤 ,等. 云计算安全:架构,机制与模型评价[J]. 计算机学报, 2013,36(9): 1765-1784.
	LIN C , SU W B , MENG K ,et al. Cloud computing security:architecture ,mechanism and modeling[J]. Chinese Journal of Computers, 2013,36(9): 1765-1784.
[2]	KANDUKURI B R , RAKSHIT A . Cloud security issues[C]// IEEE International Conference on Services Computing. 2009: 517-520.
[3]	XIAO Z , XIAO Y . Security and privacy in cloud computing[J]. IEEE Communications Surveys ＆ Tutorials, 2013,15(2): 843-859.
[4]	BOYKO V , MACKENZIE P , PATEL S . Provably secure password-authenticated key exchange using Diffie-Hellman[C]// International Conference on the Theory and Applications of Cryptographic Techniques. 2000: 156-171.
[5]	MACKENZIE P , PATEL S , SWAMINATHAN R . Password-authenticated key exchange based on RSA[C]// International Conference on the Theory and Application of Cryptology and Information Security. 2000: 599-613.
[6]	BERTINO E , PACI F , FERRINI R ,et al. Privacy-preserving digital identity management for cloud computing[J]. Bulletin of the Technical Committee on Data Engineering, 2009,32(1): 21-27.
[7]	BRAINARD J , JUELES A , KALISKI B S ,et al. A new two-server approach for authentication with short secret[C]// The 12th Conference USENIX Security. 2003: 201-214.
[8]	KOHL J , NEUMAN C . The Kerberos network authentication service (v5)[R]. 1993.
[9]	HOJABRI M , . Innovation in cloud computing:implementation of Kerberos version5 in cloud computing in order to enhance the security issues[C]// 2013 International Conference on Information Communication and Embedded Systems (ICICES). 2013: 452-456.
[10]	ZISSIS D , LEKKAS D . Addressing cloud computing security issues[J]. Future Generation Computer Systems, 2012,28(3): 583-592.
[11]	BINU S , MISBAHUDDIN M , RAJ P . A mobile based remote user authentication scheme without verifier table for cloud based services[C]// The Third International Symposium on Women in Computing and Informatics. 2015: 502-509.
[12]	DATTA A . Security analysis of network protocols:compositional reasoning and complexity-theoretic foundations[D]. Stanford University, 2005.
[13]	ZHNG J , MA J F , YANG C . Protocol derivation system for the needham-schroeder family[J]. Security and Communication Networks, 2015,8(16): 2687-2703.
[14]	DATTA A , DEREK A , MITCHELL J C ,et al. Protocol composition logic (PCL)[J]. Electronic Notes in Theoretical Computer Science, 2007,172: 311-358.
[15]	ZHANG H , CHEN L . An efficient authentication protocol of WLAN and its security proof[C]// The 2008 International Conference on Communications and Networking. 2008: 1133-1137.
[16]	HE C , SUNDARARAJAN M , DATTA A ,et al. A modular correctness proof of IEEE 802.11i and TLS[C]// The 12th ACM conference on Computer and communications security. 2005: 2-15.
[17]	王丽丽, 冯涛, 马建峰 . 协议组合逻辑安全的 4G 无线网络接入认证方案[J]. 通信学报, 2012,33(4): 77-84.
	WANG L L , FENG T , MA J F . Secure access authentication scheme for 4G wireless network based on PCL[J]. Journal on Communications, 2012,33(4): 77-84.
[18]	URIEN P , MARIE E , KIENNERT C . An innovative solution for cloud computing authentication:grids of EAP-TLS smart cards[C]// 2010 Fifth International Conference on Digital Telecommunications (ICDT). 2010: 22-27.
[19]	LI C T , LEE C W , SHEN J J . A secure three-party authenticated keyexchange protocol based on extended chaotic maps in cloud storage service[C]// The 2015 International Conference on Information Networking (ICOIN). 2015: 31-36.
[20]	ZISSIS D , LEKKAS D . Addressing cloud computing security issues[J]. Future Generation Computer Systems, 2012,28(3): 583-592.
[21]	YIN X C , LIU Z G , LEE H J . An efficient and secured data storage scheme in cloud computing using ECC-based PKI[C]// 2014 16th International Conference on Advanced Communication Technology(ICACT). 2014: 523-527.
[22]	YAN L , RONG C , ZHAO G . Strengthen cloud computing security with federal identity management using hierarchical identity-based cryptography[C]// IEEE International Conference on Cloud Computing. 2009: 167-177.
[23]	GOEL A , GUPTA G , BHUSHAN M ,et al. Identity management in hybrid cloud[C]// 2015 International Conference on Green Computing and Internet of Things (ICGCIoT). 2015: 1096-1100.
[24]	YANG J H , LIN P Y . An ID-based user authentication scheme for cloud computing[C]// 2014 Tenth International Conference on Intelligent Information Hiding and Multimedia Signal (IIH-MSP). 2014: 98-101.
[25]	QIAN L , LUO Z , DU Y ,et al. Cloud computing:an overview[M]// Springer Berlin Heidelberg, 2009: 626-631.

Metrics

Recommended 0

No Suggested Reading articles found!

协议	F₁	F₂	F₃	F₄	F₅	F₆	F₇	F₈
3PAKE	Y	Y	N	N	Y	N	Y	Y
EPP	Y	N	N	N	Y	N	Y	Y
IDP	Y	N	N	N	Y	N	N	Y
Kerberos	Y	Y	N	Y	Y	Y	N	Y
UCAP	Y	N	Y	Y	Y	Y	Y	Y

协议	用户		CSP		TTP		总计			CN
协议	IC	RC	IC	RC	IC	RC	IC	RC	IC	RC
Kerberos	3D+3E	3D+3E	2E	2E	3D+3E	3D+3E	6D+8E	6D+8E	6		6
3PAKE	4C+2H	4C+2H	4C+2H	4C+2H	5C	5C	13C+4H	13C+4H	5		5
EPP	Ec+3H+Kp+Dp	Ec+3H+Kp+Dp	Ec+3H+Kp+Dp	Ec+3H+Kp+Dp	2Ec+6H+2Kp+2Dp	2Ec+6H+2Kp+2Dp	4Ec+12H+4Kp+4Dp	4Ec+12H+4Kp+4Dp	5		5
IDP	12H+2M+1G+1R+2E+D	12H+2M+1G+1R+2E+D	8H+D+E	8H+D+E	6H+M+G+R	6H+M+G+R	26H+3M+2G+2R+3E+2D	26H+3M+2G+2R+3E+2D	7		7
UCAP	D+2E	E	2D+E	2D+E+H	2D+2E	—	5D+5E	2D+2E+H	4		3

协议	用户	CSP	TTP	总计
Kerberos	366	188	366	920
3PAKE	236	236	190	662
EPP	696	696	1 392	2 784
IDP	792	458	324	1 574
UCAP	155	171	122	448

UCAP:a PCL secure user authentication protocol in cloud computing

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 9

References 25

Related Articles 15

Metrics

Recommended 0

[1]	Ling MA, Qiliang FAN, Ting XU, Guanchen GUO, Shenglin ZHANG, Yongqian SUN, Yuzhi ZHANG. Scheduling framework based on reinforcement learning in online-offline colocated cloud environment [J]. Journal on Communications, 2023, 44(6): 90-102.
[2]	Shengbao WANG, Xin ZHOU, Kang WEN, Bosen WENG. Tripartite authenticated key exchange protocol for smart grid [J]. Journal on Communications, 2023, 44(2): 210-218.
[3]	Zhenyu WANG, Yang GUO, Shaoqing LI, Shen HOU, Ding DENG. Design of efficient anonymous identity authentication protocol for lightweight IoT devices [J]. Journal on Communications, 2022, 43(7): 49-61.
[4]	Huaqun WANG, Zhe LIU, Debiao HE, Jiguo LI. Identity-based provable data possession scheme for multi-source IoT terminal data in public cloud [J]. Journal on Communications, 2021, 42(7): 52-60.
[5]	Jianhong ZHANG, Menglong WU, Jing WANG, Pei LIU, Zhengtao JIANG, Changgen PENG. Secure and verifiable multi-keyword searchable encryption scheme in cloud [J]. Journal on Communications, 2021, 42(4): 139-149.
[6]	Ruiqi LI, Chunfu JIA, Yafei WANG. Multi-key homomorphic proxy re-encryption scheme based on NTRU and its application [J]. Journal on Communications, 2021, 42(3): 11-22.
[7]	Jiawei ZHANG, Jianfeng MA, Zhuo MA, Teng LI. Time-based and privacy protection revocable and traceable data sharing scheme in cloud computing [J]. Journal on Communications, 2021, 42(10): 81-94.
[8]	Wenjuan WANG, Xuehui DU, Dibin SHAN. Construction method of attack scenario in cloud environment based on dynamic probabilistic attack graph [J]. Journal on Communications, 2021, 42(1): 1-17.
[9]	Youliang TIAN,Qin LUO. Verifiable multi-keyword search scheme based on improved Merkle-Tree authentication method [J]. Journal on Communications, 2020, 41(9): 118-129.
[10]	Na WANG,Kun ZHENG,Junsong FU,Jian LI. Method of ciphertext retrieval in mobile edge computing based on block segmentation [J]. Journal on Communications, 2020, 41(7): 95-102.
[11]	Lindong ZHAO,Wenqin ZHUANG,Jianxin CHEN,Liang ZHOU. Hierarchical task offloading in heterogeneous cellular network:modeling and optimization [J]. Journal on Communications, 2020, 41(4): 34-44.
[12]	Bing LIANG,Wen JI. Multiuser computation offloading for edge-cloud collaboration using submodular optimization [J]. Journal on Communications, 2020, 41(10): 25-36.
[13]	SU Mingfeng,WANG Guojun,LI Renfa. Multidimensional QoS cloud computing resource scheduling method based on stakeholder perspective [J]. Journal on Communications, 2019, 40(6): 102-115.
[14]	CHEN Xingshu,HUA Qiang,WANG Yitong,GE Long,ZHU Yi. Research on low-rate DDoS attack of SDN network in cloud environment [J]. Journal on Communications, 2019, 40(6): 210-222.
[15]	Wanliang WANG, Zelin ZANG, Guoqi CHEN, Hangyao TU, Yule WANG, Linyan LU. Research on optimal two element exchange algorithm for large scale cloud computing server scheduling problem [J]. Journal on Communications, 2019, 40(5): 180-191.