Research On Identity Authentication And Key Agreement Protocol For Several Application Environments

In the virtual network environment, how to guarantee the authenticity of the communication participants identity is a basic security problem. Besides, in order to achieve secret communications, both sides of communication can online establish a session key has become one of security requirements in many applications. Identity authentication and key agreement protocol well solved the two problems, and has become one of security protocols that have been most widely applied in network communication. However, a specific identity authentication and session key agreement scheme may not apply to all of application scenarios since different application scenarios have different features and security requirements. This dissertation starts the study from analysis of the existing protocols and design of new directions. And it studies the identity authentication and session key agreement protocols that apply to single server environment, multi-server environment and wireless sensor network respectively. Several meaningful results are obtained as follows.1. Currently, many of the existing single server authentication and key agreement protocols attribute their security to the difficulties of solving discrete logarithms over finite field. However, the efficiency of implementing those schemes is very low since there are many modular exponentiations of big number in the problem of discrete logarithms. To solve this problem, we analyse in detail a scheme proposed recently by Li et al., and found that it not only have the defects of low efficiency but also not resist offline guessing password attack and impersonating legitimate user attack. Considering the security requirements and functional requirements of the identity authentication, we design a more secure single server authentication and key agreement protocol based password, smart card and elliptic Curve Cryptosystem. Through the theoretical analysis and experimental verification, we showed the proposed protocol has higher safety performance and relatively low computational complexity.2. Study a dynamic identity based multi-server identity authentication and session key agreement scheme proposed by Lee, Lin and Chang, analyse its disadvantages, and point out that Lee-Lin-Chang’s scheme is vulnerable to impersonating user attack, impersonating server attack and malicious server attack. And on this basis we propose a new dynamic identity based multi-server identity authentication and session key agreement scheme in which the register center participate in the authentication directly. The new scheme improves Lee-Lin-Chang’s scheme. And it effectively increases the operating efficiency over the smart card which is regarded as a weak link since the cost of login phase is significantly reduced. Besides, the total computation overhead of the new scheme is less one hash function than Lee-Lin-Chang’s scheme.3. Study a multi-server identity authentication and session key agreement scheme proposed recently by Tsaur et al. and found it has several drawbacks. Firstly, Tsaur et al.’s scheme cannot achieve user anonymity and un-traceability since it is not based on dynamic identity. Secondly, there is no password change phase in this scheme, and so user cannot update his/her current password. Thirdly, this scheme cannot check validity of user’s identity and password timely. If the user accidentally input an error, the error is found until the server authentication. This wastes communication resources and reduces the implementation of the protocol efficiency and user friendliness. In addition, more serious is that it can’t resist offline password guessing attack, insider attack and malicious user attack. To solve these problems, we design a new dynamic identity based multi-server authentication and key agreement protocol. Through comparative analysis with related protocols, the proposed protocol has higher security. Although the new scheme need two more hash function, but this is very worthwhile.4. Analyse a dynamic identity based multi-server authentication and key agreement protocol proposed by Lee, Lai and Li, and found that this scheme cannot resist offline dictionary attack, and must establish a secure communication channel between the user and the server to complete the change of user password. This led to some defects such as low implementation efficiency and poor user friendly. To solve these problems, we propose a new dynamic identity based multi-server authentication and key agreement protocol. As mentioned in the third part, the new scheme is also in two hash function computational complexity increment for better security and more features.5. Analyse an authentication and key agreement protocol in WSN proposed by Kumar et al., and point out it cannot resist known session key attack, impersonating user attack, node capture attack, and cannot achieve user un-traceability and forward security. On this basis, we propose an identity authentication and key agreement protocol with user un-traceability. Based on the security and*performance analysis, we found that the proposed protocol makes up the defects of the Kumar et al.’s protocol, and keeps other security features. Although the new scheme needs one more symmetric cipher algorithm encryption/decryption process, it shares the process between user and gateway node which have strong compute ability. So, there won’t be much impact on the implementation efficiency. Additionally, same to Kumar’s scheme, the new scheme needs three information interactions, keeps lower level. Considering safety and performance features, the proposed protocol is more suitable for practical engineering applications.