Research On Secure Authentication Protocols For Multi-environments

As the basis of information security system, authentication is the first threshold to ensure the security of information system, where authentication protocols are one of the important measures to ensure information exchange security between communication entities over unreliable networks. According to the characteristics and requirements of different application environments, this paper researches on various authentication protocols based on different security factors, different security attributes, and different public key authentication methods in the context of single-server, multi-server and wireless sensor network environments. The main results are as follows:1. Authentication protocols for single-server environment are proposed.This paper researches on the existing single server authentication protocols and finds out serveral security shortcomings. Especially, many protococls fail to provide user anonymity which leads to a series of security drawbacks. To solve these security problems, this paper puts forward several solutions as follows:(1) An ElGamal cryptosystem based secure authentication scheme for mobile networks is putforward. The mutual authentication between the user and the access network can be realized by BAN logic.The scheme can eliminate tracking attack by an unauthorized entity in mobile networks.(2) Two robust and efficient authenticated key agreement protocols for SIP using ECC are proposed: the two protocols can achieve interactive handshake without exposure of any information about the calculation of the session key in the open channel. Especially, the smart card based SIP authentication protocol can achieve user anonymity even if the private key of server has been compromised, which is different from other smard card based SIP authentication schemes.(3) After secutity analysis of Xie Q's three-party authentication scheme based on chaotic maps, we found that the user identity exposure in the open channel in their schme which leads to an adversary not only can guess the user's password by off-line mode but also can retrieve the session key effortlessly. All these security vulnerabilities lead to their scheme is not able to apply in practical environment. Thus, in this paper,a three-party mutual authentication and session key agreement protocol for wireless communications is proposed using enhanced Chebyshev semi-group properties. Through security analysis and simulation results using a secure verification tool, the scheme could withstand various types attacks including active and passive attacks. Therefore, the proposed scheme satisfies the security requirements of wireless environment.2. Authentication protocols for multi-server environment are proposed.This paper researches on the existing multi-server authentication protocols. We show that many two-factor authentication protocols is susceptible to insider attack and impersonation attack, many three-factor authentication protocols only achieve partial secutrity attributes. In order to eliminate these security problems, this paper puts forward several countermeasures as follows:(1) Two authenticated key exchange protocols with registration centers are proposed. The first scheme is based on dynamic identity lightweight protocol using nonce mechanism. According to security analysis and performance analysis, the results show that the proposed scheme can protect against the common attacks such as masquerade attack, replay attack, internal privilege attack at the cost of low computational complexity.In addition, through security analysis of Tasi J L and Lo N's chaotic maps based multi server authentication protocol,we found that an adversary can not only invade into the system, but also can derive the session key if the registration center's long-term secret key is compromised in their scheme. Therefore, biometrics is introduced to solve the known security loopholes in this paper. Performance comparison with other related schemes shows that the proposed scheme only consumes the minimal computational complexity increments for high security features and functional properties.(2) Two authenticated key agreement schemes without registration center are designed. The first scheme is based on public-key user anonymous protocol. Through security analysis, the proposed scheme is resistance to the user impersonation attack, server spoofing attack, insider attack and other attacks while protecting the user identity and password.The second scheme is based on three-factor and hash function. Security analysis shows that the scheme can protect user identity informtion while owning a lower computation compared with other similar schemes.3. An authentication protocol is proposed for wireless sensor network environmentThis paper researches on the existing smart-card and hash function based authentication protocols for wireless sensor networks. We find that these protocols exist a fatal security defect, that is, the leakage of the short term secret information of the session makes the leakage of the user credentials easily. With the purpose of repairing the security pitfalls, a low-complexity symmetric cryptography based authentication protocol in WSN is proposed. The description of the protocol is as follows:In the proposed protocol, the hashed of the random user name and secret is considered as a symmetric key, by introducing the timestamps and the random nonce mechanism, the proposed scheme provides mutual authentication and negotiates a secure secret session with the help of the gateway node using time stamps and nonce. The proposed scheme can resist known session-specific temporary information attack, user masquerading attack and node capture attack. Also, it can guarantee anonymity of sensor nodes, user untraceability and other security attributes. Through provable security analysis and AVISPA simulation experiments, it is proved that the proposed scheme is robust against both active and passive attacks. Although the computational complexity of our scheme is relatively slightly higher than other schemes because of using sysmetric cryptography, our scheme is more secure compared with the related authentication schemes for WSN regarding security attributes and communication costs.