Research And Design On Identity Authentication Protocol For Multi-environments

Identity authentication protocol is an important means to ensure that the participants to implement secure communication in open networks. It is the first barrier for security, of various application systems, and it plays a decisive role in network and information system security. Through the deployment of identity authentication protocol, it can prevent illegal access to application systems, and prevent illegal staffs to obtain illegitimate profits through the illegal operation, or access to controlled information, or malicious destruction of the integrity of system data, etc.At present, the identity authentication technology has been widely used in the protection of data security in the network and information security, bank network management and network trust management research field, etc. Nevertheless, with the expanding of the application scenarios, a specific identity authentication protocol cannot applicable for all different application scenarios, and we need to design the appropriate authentication protocol for different applications. Meanwhile, the purpose of identity authentication protocol is to ensure security for different communication parties in unreliable communication environment. Due to the unreliability of the network environment, there are a variety of malicious attacks for the open channel, and it determines that the analysis and design of appropriate identity authentication protocol is a complex matter. This dissertation analyses the research background and development status of identity authentication protocol, and indicates the basic design principles for identity authentication protocol. Furhtermore, we pointed out the security and function requirements for design the appropriate identity authentication protocol. The whole research around the issues which related to the identity authentication protocol, this dissertation studies the identity authentication protocol for single server environment, the identity authentication protocol for multi-server environment, three-factor remote identity authentication scheme, and authentication protocol in wireless and mobile environment. We get the following meaningful results.1. At current, most of ElGamal cryptosystem based single-server identity authentication protocols are not user-friendly, such as the user cannot freely choose and change their own password. At the same time, these protocols cannot protect the anonymity of the user’s identity, and don’t support the session key agreement. In view of the existing problems in ElGamal based single-server identity authentication protocol, comprehensive considered the security and functional requirements of the identity authentication protocol, we design a single-server authentication protocol based on smart cards and the ElGamal cryptosystem with high-security features, while making it has a relatively low computational complexity.2. Analyse Lee et al.’s dynamic identity based remote user authentication protocol for multi-server environment, where the registration center responsible for select the system parameters, registration of the users and the service providing server, and does not directly involved in the user authentication process. We find that Lee et al.’s protocol cannot provide proper authentication, and cannot resist forgery attacks and server spoofing attacks. Futhermore, there must exist a security channel between the users and the registration center to update the user’s password. In order to overcome the security flaws of Lee et al.’s protocol, we propose a new dynamic identity based authentication protocol for multi-sever environment, and the new protocol meets the actual functional and security requirements of the identity authentication protocol in a multi-server environment.3. Point out the security flaws of Sood et al.’s dynamic identity based authentication protocol for multi-server environment, where the registration center responsible for registration and authentication of the users and the service providing server. We find that Sood et al.’s protocol is vulnerable to leak-of-verifier attack, stolen smart card attack and impersonation attack. Besides, since there is no way for the registration center to know the real identity of the user, the authentication and session key agreement phase of Sood et al.’s protocol is incorrect. On this basis, we propose an enhanced dynamic identity based authentication protocol for multi-server environment, where the registration center directly involved in the authentication process. This protocol elimilate the security problems of Sood et al.’s protocol, and only use small increase of the computation cost to achieve higher level of security and more functionality features.4. Study three-factor remote user identity authentication protocol. Analyse the security weaknesses of Li and Hwang’s three-factor authentication protocol. We find that Li-Hwang protocol cannot provide the proper authentication, and cannot resist the man-in-the-middle attack. Hereafter, proposes an improved biometric-based remote user authentication scheme that removes the aforementioned weaknesses and supports session key agreement.5. Study the anonymous identity authentication protocol for mobile roaming network. In order to ensure the security in wireless network communication environments, we propose a novel user authentication protocol with user anonymity based on elliptic curve discrete logarithm problem (ECDLP) and elliptic curve computational Diffie-Hellman problem (ECDHP). Analysis shows that our proposed protocol is effective in protection user anonymity and achieves fairness of the session key agreement. At the same time, our proposed protocol is still efficient in computation cost for seamless accessing and roaming over wireless networks.6. Study the RFID mutual authentication protocol. Based on electronic fingerprint detection method for RFID tags presented by Periaswamy et al., we propose a RFID mutual authentication protocol conforming to EPC Class1Generation2standards. The protocol can resist replay attack, illegal reader access the tag’s information, DoS attacks and other malicious attacks. Besides, this protocol can detect the cloned tags using electronic fingerprint method.