| Network is faced with various security threats, and it is important to effectively protect crucial data and to improve the security of computer networks. Therefore, this thesis aims at several key authentication techniques based on cipher technique in great detail, including identity authentication technique, group signature technique, electronic evidence and nonrepudiation mechanism. Besides, a secure communication scheme among multiusers is investigated and discussed particularly.First of all, the security of SAS ( Simple and Secure Password Authentication Protocol ) scheme is analyzed and a new identity authentication scheme SEAP is proposed. Comparing with other related schemes, the integrative performance of SEAP is improved greatly. The characteristics of SEAP are as follows: It supports short password, do not use encrypted algorithm between user and server to reduce computation overhead, and can resist dictionary, replay, and denial of service attacks. In addition, a remote identity authentication scheme using smart card based on discrete logarithm and EIGamal public key mechanism is presented. The scheme allows legal user to freely choose password in registration, proceeds communication once between user and server, does not ask server to store user's password table, can resist replay attack using time stamp, and can overcome security weakness such as forgery attack in Hwang-Li scheme.Secondly, the security flaw in Ao-Chen-Bai group signature scheme is pointed out, namely, an attacker can construct a legal signature and implement a forgery attack to system, and similar attack is fit for Tseng-Jan II scheme. This thesis presents an improved group signature scheme based on Tseng method , which can resist forgery attack and be unlinkable, and overcomes the shortcomings of Ao-Chen-Bai group signature scheme and Tseng-Jan II scheme.In order to ensure the confidentiality, integrality, fairness, validity of data over network, a transmission-oriented electronic evidence andnon-repudiation protocol TEENP (transmission-oriented electronic evidence and non-repudiation protocol) is proposed. The thesis analyses the virtues and shortcomings of existed Electronic evidence and non-repudiation protocols FNP (Fair non-repudiation protocol) and CMP(Certified Electronic Mail Protocol), compares the performances between TEENP scheme and CMP scheme, extends the semantics and reasoning rulers of BAN logic. Furthermore, the non-repudiation of TEENP scheme is proved using BAN logic. Comparing with other correlative protocols, the security of TEENP is increased and the computation, communication overhead is reduced significantly.Finally, a key agreement scheme GDH.2 suitable for multi-user is analyzed thoroughly, the corresponding security shortcoming in GDH.2 is found, resulting an improved method M-GDH.2. Compared with GDH.2, the security of the proposed M-GDH.2 is greatly increased at a slight cost in implementation complexity, namely, the system satisfies "forward security" requirement, and can resist Denning-Sacco attack and replay attack. Subsequently, the dynamic change of communication entities is discussed. In addition, a secure communication system demo for three users is designed based on M-GDH.2 protocol, which allows users freely agree conversation key and use it to communicate with each other secretly.
|
PDF Full Text Request