Research And Design On Some Security Protocols

Security protocol plays a very important role in our society of information high speed development. They are the core of information security techniques and the theory basis of secure network environment. They can be widely used in E-commerce and E-government. For lack of time and space, the signcryption (authentication encryption) schemes, non-repudiation protocols and identification (identity authentication) protocols are studied in this thesis. The main results are as follows:(1) Firstly, some security vulnerabilities of the classic SCS signcryption scheme are pointed out. An improved N-SCS signcryption scheme is presented. N-SCS scheme can avoid disputes during the process of realizing non-repudiation. The exposure of signcryption key does not destroy the confidentiality of previously signed messages. And the N-SCS signcryption scheme reduces security threats to the least. The N-SCS scheme can provide both confidentiality and authentication simultaneously, or confidentiality and authentication separately, without any modifications and additional computations.(2) We first point out that H-C authentication encryption scheme and Yoon-Yoo authentication encryption scheme are susceptible to the known-plain-text attack and do not satisfy forward security and semantic security. According to these security flaws, two improved authentication encryption schemes, named N-AEP and M-AEP respectively, are proposed. Both schemes can provide an efficient and economical way for the transmission of large quantities of data.(3) Based on verifiably commitment signature schemes, two generic models of mutually optimistic non-repudiation protocol are presented. One is designed for the applications in which the conversation messages need not to be confidential, the other can provide confidentiality of conversation messages. It is convenient for people to flexibly choose different non-repudiation protocol according to the security characteristic of conversation messages. The computation and communication costs can be reduced to the greatest extent.(4) Using signcryption, multicast and group oriented encryption, a multiparty non-repudiation protocol for exchange of different messages was presented for merchants to deal with batch orders. Without online trusted third party, the proposed protocol allows that sender O freely chooses receivers and makes the trade deal flexible and practical. The proposed protocol can also satisfy the non-repudiation of the sender and the receivers, fairness, timeliness and confidentiality, which may find potential applications in E-commerce.(5) Based the hardness assumption of collusion attack algorithm with k traitors (k-CAA) in the Gap Diffie-Hellman group and related assumptions of the bilinear pairing, an efficient identification protocol is proposed. In the standard model, the proposed protocol is proven secure under concurrent reset attack and can resist impersonation attack.(6) An efficient ID-based identification protocol is presented. The protocol is proven secure in random oracle model. The private key generation (PKG) need not be completely trusted. Even the PKG produces erroneous part private-key, users can discover and request correction. Even the PKG leaks part private-key, the protocol is proven secure against concurrent reset attack and impersonation attack.(7) Based on hardness assumption of RSA problem, by sharing dynamically forward secure secrets between the prover P and the verifier V, an identification protocol against the man-in-the-middle attack is presented. It is easy to extend the proposed protocol to a mutual identification protocol.