Research On Secure Authentication Protocols In Various Application Environments

ABSTRACT:In the virtual network, how to achieve the real application and protect the authenticity of identity and information content have become the most pressing needs. The cryptography based authentication technology is a valid method to solve the problem well. It has become an important guarantee and core technology of information security, its correctness and security play crucial role in the entire network environment. Currently, the design and analysis of secure authentication protocol is the most active research of network and information security. This dissertation concentrates on how to construct secure and effective authentication protocol and proposes corresponding methods. According to the different application environment, research on the two-party and multi-party authentication protocols, including smart based password authentication protocols, RFID authentication protocols and multi-party key agreement protocols for group communication. The work of this dissertation is supported by the National High Technology and Development Program of China (863Program)(No.2011AA010104-2), the National Natural Science Foundation of China (No.61071076,61201159), the Fundamental Research Funds for the Central Universities (No.2012YJS023), and the Specialized Research Fund for the Doctoral Program of Higher Education of China (No.20100009110002). The main contributions are summarized as follows:1. Study Chen et al.’s remote user authentication protocol using smart cards. It is demonstrated that serious vulnerabilities still threaten their protocol by mounting known-key attack and off-line guessing attack. To solve the aforementioned weaknesses, we propose a smart card based protocol for remote login and verification, and utilize BAN logic to verify the correctness of its authentication procedures. Meanwhile, the new protocol can prevent various attacks, including known-key attack and off-line guessing attack, and achieves forward secrecy. To compare with related protocols, the new protocol has better computation efficiency.2. An advanced password authentication protocol using smart cards is proposed by Song. We point out that his protocol is still vulnerable to off-line password guessing attack, and it is lack of system reparability. To fill the gaps, the improved protocol is proposed. The new protocol utilizes one-way hash function and timestamp mechanism to achieve system reparability, and optimizes the computation efficiency. According to BAN logic proof and security analysis, the new protocol has correct authentication procedures, withstands various attacks and achieves forward secrecy.3. Study several RFID authentication protocols. It is found that all these protocols have same design problem which the tag key cannot be updated. This means that once the fixed key is leaked, the communication and interaction between RF components would be no longer secure. Based on these findings, we utilize challenge-response mechanism and indefinite index strategy to propose an advanced constantly updated RFID authentication protocol. This protocol allows the tag and the back-end database server to update their respective keys synchronously in same session. It achieves secure authentication and access control between RF components, it can protect the tag’s location privacy and forward secrecy of system. Combine with the aforementioned key updated mechanism, an authenticated RFID protocol based on chaotic maps is proposed, which is more suitable for the limited-power RFID system with better computation efficiency.4. Analyze Guo and Zhang’s Chaos based group key agreement protocol. It is shown that their protocol cannot achieve dynamic setting and multi-key agreement, and it cannot withstand off-line password guessing attack. To solve the above problem, based on chaotic maps theory and binary tree structure, we propose a dynamic chaos based group key agreement protocol. It satisfies the contributory property of multi-key agreement and group key independence, it provides dynamic setting for group members. According to security analysis, the new protocol can resist various attacks, including off-line password guessing attack.5. Analyze Zhao et al.’s fault-tolerant group key agreement protocol. It is presented that their protocol has fault-tolerance weakness without dynamic setting. Based on RSA algorithm and restricted secret number, a dynamic fault-tolerant group key agreement protocol is proposed. The new protocol has good fault-tolerant ability, and it needs only one round to exclude all malicious participants and helps honest members complete group key agreement. Meanwhile, the new protocol utilizes a binary tree structure to achieve dynamic setting, and it satisfies group key independence with instant key refreshment. Due to the security and performance analysis, the new protocol can withstand various attacks, it has lower computation and communication cost than Zhan et al.’s protocol.