A ProVerif2.03 code.

The Internet has advanced so quickly that we can now access any service at any time, from any location. As a result of this capability, People around the world can benefit from the popularity and convenience of teleworking systems. Teleworking systems, however, are vulnerable to a range of attacks; as an unauthorized user enters the open communication line and compromises the whole system, that, in turn, creates a big hurdle for the teleworkers. Professional groups have presented numerous mechanisms for the security of teleworking systems to stop any harm, but there are still a lot of security issues like insider, stolen verifier, masquerade, replay, traceability and impersonation threats. In this paper, we propose that one of the security issues with teleworking systems is the lack of a secure authentication mechanism. In order to provide a secure teleworking environment, we have proposed a lightweight and secure protocol to authenticate all the participants and make the requisite services available in an efficient manner. The security analysis of the presented protocol has been investigated formally using the random oracle model (ROM) and ProVerif simulation and informally through illustration/attack discussions. Meanwhile, the performance metrics have been measured by considering computation and communication overheads. Upon comparing the proposed protocol with prior works, it has been demonstrated that our protocol is superior to its competitors. It is suitable for implementation because it achieved a 73% improvement in computation and 34% in communication costs.

互联网发展日新月异，如今人们可随时随地访问各类服务。依托这项能力，全球用户均可从远程办公系统的普及与便捷性中获益。然而，远程办公系统易受多种攻击威胁：未经授权的攻击者可侵入开放通信链路，破坏整个系统，进而为远程工作者带来极大阻碍。专业领域已提出诸多保障远程办公系统安全的机制以规避潜在危害，但当前仍存在诸多安全隐患，包括内部人员威胁、验证器被盗威胁、伪装威胁、重放威胁、可追踪性威胁与身份冒充威胁。本文指出，远程办公系统现存的一项安全问题在于缺乏可靠的身份认证机制。为构建安全的远程办公环境，本文提出了一种轻量且安全的协议，用于对所有参与方进行身份认证，并以高效方式提供所需服务。本文针对所提协议开展了安全性分析：采用随机预言机模型（random oracle model, ROM）与ProVerif仿真工具进行形式化验证，并通过示例演示与攻击场景讨论完成非形式化分析。同时，本文从计算开销与通信开销两个维度对协议的性能指标进行了评估。通过与现有相关研究对比，本文证明所提协议优于同类方案：其在计算开销上优化了73%，通信开销上优化了34%，具备良好的落地可行性。