Research Of Multi-factors Identity Authentication Protocol And Implementation Based On Smart Card

As a safe and effective carrier of personal identity certificate, the smart card has been generally accepted worldwide, and it is widely used in various information security fields such as telecom SIM cards, financial IC cards, credit cards, e-government and e-health insurance cards. With the development of computer network technology, people communicate in a non-secure network environment, which is more liable to cause information leakage and subjected to all kinds of attacks on communications. As a foundation of the whole information security system, identity authentication has drawn increasing attention. Nowadays, based on smart cards, passwords and biometrics, multiple-factor identity authentication technology is becoming a research hotspot. In particular, with the development of WiFi and3G/4Q the representatives of wireless communication networks technology, there is a need to high security, lightweight authentication protocols and smart card chip technology applied in them. The paper conducts extensive research and in-depth research on information security issues of smart cards in identity authentication protocols. On this basis, the paper mainly researches two aspects:proposing three-factor authentication protocols to enhance anti-attack capability of authentication protocols; achieving hardware implementation by using smart card. The main results are as follows:1. For defects in previous similar two-factor authentication protocols based on smart card and password, the paper proposes two improvements:encrypting critical values of user’s information in registration phase to enhance the ability to resist offline password guessing attack; making user’s identity information more confidential in login phase to enhance the ability to resist user anonymity attack and masquerade attack as a legitimate user. Its security is proved with formal proof based on BAN logic. The protocol not only reduces the amount of communication and computation, but also achieves more security goals. The protocol is suitable for online financial transactions, secret ballot and other systems requiring privacy protection.2. A three-factor registration and login method based on hiding biometrics information, smart card and password is proposed. The paper adopts hiding biometric information to prevent privacy from disclosure and plaintext attack. Matching feature points to solve the mismatch of the biometrics caused by hash function in the practical application. The proposed three-factor identity authentication protocol doesn’t need involvement of registration center in verification, and it can resist DoS attack by local authentication of user ID and password. Its security is proved with formal proof based on BAN logic. The protocol applies to corporate LAN and other systems of mutual trust between the registration center and the server.3. A three-factor identity authentication protocol with involvement of registration center in verification is presented. The server has a unique private key, which can effectively resist impersonation attack as a legitimate server. There is no verifier-table in server, which enhances the capability to resist stolen verifier-attack, masquerade attack as a legitimate user, eavesdropping attack and password guessing attack and so on. The proposed protocol also can achieve user’s anonymity and many other security goals through mutual authentication among user, server and registration center. Its security is proved with formal proof based on BAN logic. The protocol can be applied to systems with high security requirements, such as financial system and so on.4. As the applicant of service and resources, smart card is limited to computing power and storage space. And it is easy to become the target of attack because of the low-level security. This paper designs a chip optimization program based on open-source32-bit RISC processor, in order to meet the demand of speed, storage capacity and other performance requirements in the proposed three-factor authentication protocol with the involvement of registration center. This paper crops OR1200by removing mmu which aren’t necessary when computing in our protocol. In addition, we propose a hash-based random number generation method, and improve the nested unit structure of hash operation to enhance the reading efficiency. Program of implementing protocol written to ROM takes24976Byte.5. For the proposed three-factor authentication protocol with involvement of registration center and its hardware design, the paper has simulated authentication protocols in multi-server environment and built FPGA test platform. Firstly, the paper has verified the security and the operability of the protocol, and then tested the designed hardware solution. Speed of hash computation by hardware is2059times of that by software, and system speed boosts23times when hardware acceleration module is added. The results show that test platform verified the safety and the operability of the protocol.