Design And Analysis Of Provably Secure Authentication And Key Exchange Protocols

With the rapid growth of information and network technologies, information network have seen a wide application in morden society. However, information networks face great challenge in security. As the building block of network security, cryptography protocols can be used not only to provide information confidentiality, but also to resolve most of the security problems in information networks. So the correctness and security of these kinds of protocols are very important. This work makes a comparative deep research for the provably secure authentication and key exchange, which includes: the study of provably secure theories for authentication and key exchange, the analysis and design of two-party authentication protocols in Internet, the analysis and design of authentication protocols for access, fast handoff and roaming in WLAN and the analysis and design of multi-party authentication and key exchange protocols. The main results are as following:1. According to the characteristics of the authentication in wireless networks, we extend the Canetti-Krawczyk (CK) model by introducing a trusted third party and additional adversarial capabilities. Then the relationship between the security definition of Bresson-Chevassut-Pointcheval (BCP) model and the security properties of group key exchange (GKE) protocols are analyzed and new security definitions are proposed. Finally, a method of designing constant round GKE protocols in Universally Composable Security (UC Security) framework is presented.2. The security of the new Internet key exchange protocol IKEv2 is analyzed. Then the improvement of IKEv2 for the problems of authentication failure and the initiator's active identity protection is presented.3. The study of security standards of WLAN. First, based on the analysis of WAPI-XG1, its vulnerabilities are identified and improvement is presented. The improved one not only solves the security problems in WAPI-XG1, but also provides the fast handoff for mobile terminals. WLAN mesh is a new networking technologies, but the handoff and roaming of mesh points (MPs) can not be supported by the current standard of WLAN mesh. So a complete secuirity solution of WLAN mesh is proposed, which consists of a three-party authentication protocol for the access of a MP to the wireless network, an authentication protocol for the fast handoff of a MP and a three-party authentication protocol for the roaming of a MP. Additionally, the protection of mobile users'identities is realized.4. The study of the GKE protocols. First, some famous GKE protocols are analyzed, and the results show that these protocols can not provide the consistency. Then a new identity-based and a UC secure GKE protocol are presented respectively.