Research And Design Of Secure Protocols And Schemes

With the rapid development of the information industry, much technical progress takes place in scope, content and means of information communication. While taking advantage of network, more and more people wake up to the importance of network and information security during information communication. The secure protocols using cryptography is the foundation stone for constructing secure network environment. The correctness and security of secure protocols is very important to network security.This dissertation makes researches on secure protocols and its application schemes. Main achievements in this paper are summarized as follows:1. Remote User Authentication Scheme Using Smart CardsUser authentication is very important for the security of distributed systems. Remote user authentication schemes allow a valid user to login a remote sever and to access the services provided by the remote server over an insecure channel. Due to the convenience and secure computation property of the smart cards, many smart card-based remote authentication schemes have been proposed. In 2002, Chien at al. proposed an efficient password based remote user authentication scheme using smart cards. However, Hsu showed that Chien et al.'s scheme is vulnerable to the parallel session attack. Thus, in 2005, Liu et al. proposed an improvement to Chien et al.'s remote user authentication scheme using smart cards to prevent parallel session attack. This paper, however, will demonstrate that Liu et al.'s scheme is vulnerable to masquerading server attack and has the system's secret key forward secrecy problem. Therefore, an improved scheme with better security strength is proposed. The proposed scheme does not only achieve their scheme's advantages but also enhance its security by withstanding the weaknesses just mentioned.2. Remote Authentication Scheme Preserving User AnonymityMost of remote authentication schemes proposed didn't protect the users' identities while authenticating the users, even though user anonymity is an important issue in many e-commerce applications. In 2004, Das et al. proposed a remote authentication scheme to authenticate users while preserving the users' anonymity. Their scheme adopted dynamic identification to achieve this function. Then in 2005, Chien and Chen pointed out Das et al.'s scheme fails to protect the user's anonymity and proposed a new remote authentication scheme preserving user anonymity. This paper, however, will demonstrate that Chien and Chen's scheme has also some problems: it cannot resist strong masquerading server/user attack, insider attack, denial of service attack and restricted replay attack; it also has the problem of slow wrong password detection. Therefore, an improved remote user authentication scheme preserving user anonymity is proposed to conquer these problems.3. Multi-server Password Authenticated Key Agreement SchemePassword authentication is one of the simplest and the most convenient authentication mechanisms that allow a legal user to login the remote systems to use the remote resources. In conventional password authentication schemes, a remote user uses one password to login one server. With the scale of the networks larger and larger, the password authentication schemes which only support the single server circumstance are not suffice for users' need. Thus some password authentication schemes for multi-server architectures are proposed. Authenticated key agreement protocol is a good solution to provide authentication and confidentiality services since the client and server can not only authenticate each other but also generate a secret session key used to protect the following confidential transmitted data. This paper proposes an efficient password authenticated key agreement scheme for multi-server architecture. The proposed scheme allows user to access multi-servers securely by keeping one weak password and a smart card only. The user and server will authenticate each other and agree a secret common session key for each access request in the ending of the proposed scheme. Our proposed scheme can significantly improve the efficiency of the multi-server password authentication protocol with more user-friendly properties such that it can be applied in the real world.4. Secure Proxy Signature Scheme Based on Elliptic CurveProxy signatures are signature schemes that an original signer delegates her signing capability to a proxy signer, and then the proxy signer creates a proxy sign- ature on behalf of the original signer. When a receiver verifies a proxy signature, he can verify both the signature itself and original signer's agreement together. The proxy digital signature scheme based on elliptic curves cryptosystem (ECC) can gain a wider application in computer and wireless communication network, because the proxy signature scheme based on elliptic curve discrete logarithm problem (ECDLP) has shorter key length and shorter signature length than the scheme based on discrete logarithm problem (DLP) and has the same security.In order to design a new proxy signature scheme with higher security and practicability, the MUO proxy signature scheme and elliptic curve digital signature algorithm (ECDSA) are introduced firstly. Then, on the basis of the proxy signature scheme based on elliptic curve proposed by Wu and Li, we propose an improved proxy signature scheme, which resolves secure problems in the former scheme and has six properties needed by strong proxy signature scheme, that is, verifiability, strong distinguishability, strong unforgeability, strong identifiability, strong undeniability and controllability. Furthermore, the new scheme has the advantage of no need for the secure channel for delivery the warrant. In a word, the new scheme with its briefness, high efficiency, and considerable improvement on system overheads regarding software and hardware application, is more secure and practicable. 5. Mobile Agent-based Security Scheme of Electronic TransactionsMobile agents are autonomous software entities that are able to migrate across different execution environments through network and realize the special functions. It is believed that the mobile agent technology is going to play an important role in future electronic commerce due to the characteristics of mobility and autonomy of the agents, which make it ideal for electronic commerce applications in open network environment. However, a couple of security issues need to be tackled before we can employ mobile agents in real life commercial environment. One of the solutions of the secure mobile agent is using non-designated proxy signature, which the original signer doesn't delegate the proxy when the proxy key is issued, and anyone can become the proxy for the original accorded with the original's warrant. Using the scheme, mobile agent can complete the secure transactions in hostile environment.In this paper, we summarized the security requirements for mobile agent-based electronic commerce transactions and proposed an improved scheme based upon the strong non-designated proxy signature scheme. The new scheme adds new feature for customer privacy protection and effectively addresses security requirements when mobile agent moves between multiple optional hosts; it also can ensure the unforgeability of customer and shop's identity, prevent reply attack, moreover, keeps secret one shop's identity and transaction information against others. The security analysis of the proposed scheme show that it meets all security requirements we summarized, it is more practicable.