Research On Multi-server Security Protocols For Wireless Network

With the rapid development of Internet and information technology,various kinds of applications based on the Internet technologies are becoming an essential part of our daily life.People’s routine works,business models and entertainment life have changed from the traditional ”face-to-face” to ”online business”.These online applications,such as online shopping,online entertainment,online medical,online education have brought significant changes to human life.To prevent the malicious adversary from accessing the service provider,it is indispensable to achieve mutual authentications between users and service providers.In general,users need to enter their username and authentication factor,such as a password,to log in a remote server.With the rapid growth of Internet application services,users have to remember many different usernames and passwords.Obviously,these traditional single-server authentication schemes cannot be directly applied to many application environments.The reason is that these schemes require the user to log in each service provider with different identities and passwords.Thus,the user is needed to manage various identities and passwords.To reduce password fatigue from different identities and passwords,multi-server authentication technology has been introduced into application environments.The schemes based on multi-server authentication only need the user to register once at a trusted third registration center.Then the user can access all registered servers.Nowadays,multi-server authentication technology has been applied to a variety of Internet application environments,such as wireless sensor networks(WSNs),cloud computing(CC),mobile cloud computing(MCC).However,the same authentication scheme is not suitable for all application environments due to different security requirements and the threat of application environments.Therefore,multi-server authentication schemes have been a hot research topic in recent years,which are designed based on the characteristics of various kinds of Internet application environments.This dissertation studies the advantages and characteristics of multi-server authentication schemes,the design and analysis technology of multi-server authenticated key agreement protocol in WSNs and MCC environment.We get some meaningful results as follows.1.The lightweight authenticated scheme is even more admired in WSNs environment owing to the limited computation and communication resources,capability,the bandwidth of sensor nodes.Many anonymous authentication schemes using lightweight cryptograph-ic primitive have been proposed for WSNs in the past several years.However,as far as we know,most of them cannot achieve the real user anonymity.Besides,since the sensor node is unattended,the long-term key of the sensor node may be compromised by an adversary.In this case,the previous session keys will be in danger.To address it,perfect forward secrecy should be considered.In this dissertation,we design a lightweight authentication scheme for WSNs,which can achieve user anonymity,perfect forward secrecy,and resistance to desynchronization attack at the same time.2.Recently,the authors(Lu et al.and Jung et al.)presented two authentication schemes based on symmetric encryption/decryption and hash functions that attempt to provide user anonymity and to resist various known attacks.Unfortunately,in this dissertation we shall show that user anonymity of the two schemes is achieved at the price of impractical search operation-the gateway node may search for every possible value.Besides this defect,they are also prone to smart card loss attack and no provision for perfect forward secrecy.In order to solve these problems,we design a new anonymous authenticated key agreement protocol based on encryption/decryption and hash functions,which can meet the actual security requirements and functions of anonymous authentication protocols in a multi-server environment.3.Very recently,Gope and Hwang proposed a realistic lightweight anonymous authentication protocol and tried to resolve this issue,which employed a set of unlinkable shadow-IDs and emergency keys to prevent de-synchronization attack in the communication between the user and the gateway node.Unfortunately,after careful analysis,we find that it is still vulnerable to de-synchronization attack in the communication between the gateway node and the sensor node.Besides this defect,it also suffers from smart card loss attack,known sessionspecific temporary information attack,and known transaction sequence number attack.To overcome these weaknesses,in this dissertation,we construct a new way to deal with the desynchronization attack and design an efficient anonymous authentication scheme for WSNs using the pseudonym identity method and one-time hash chain technique.Comparing with Gope and Hwang’s scheme,the proposed scheme only needs to store a random pseudonym identity into the smart card and is avoided to use up shadow-IDs and emergency keys,which make it more suitable for the resource-constrained smart card.Formal security analysis and simulations are also taken by ProVerif to demonstrate that our scheme is secure against active and passive attacks.4.User authentication and privacy are significant issues in MCC environment.Recently,Tsaiand Lo proposed a privacy-aware authentication scheme for distributed MCC services,which claimed to support mutual authentication and user anonymity.However,Irshad et.al.pointed out this scheme cannot achieve desired security goals and improved it.Unfortunately,this paper shall show that security features of Irshad et.al.’s scheme are achieved at the price of multiple time-consuming operations,such as three bilinear pairing operations,one map-to-point hash function operation,etc.Besides,it still suffers from two minor design flaws,including incapability of achieving three-factor security and no user revocation and re-registration.To address these issues,an enhanced and provably secure authentication scheme for distributed MCC services will be designed in this dissertation.The proposed scheme can meet all desirable security requirements and is able to resist against various kinds of attacks.Moreover,compared with previously proposed schemes,the proposed scheme provides more security features while achieving lower computation and communication costs.5.The mobile users can access various kinds of Internet services(e.g.Mobile payment services,mobile social,mobile healthcare)from anywhere at anytime.However,limited resources(e.g.Computational ability,memory,battery capacity)and communications(e.g.Low bandwidth and security)have impeded the qualities of mobile services.However,to the best of our knowledge,most of the authentication schemes in MCC environment use heavy bilinear pairings and map-to-point hash operations,which are two very time-consuming operations in modern public key cryptography.In this dissertation,we construct an efficient privacy-aware authentication scheme for MCC services using elliptic curve cryptography,which can achieve authentication without the help of the online trusted third party.As a result,due to the fact that no biliner pairings and map-to-point hash operations are involved in the execution,the proposed scheme has much better computation and communication efficiencies than existing related schemes.Besides,the security analysis shows that our scheme is provably secure in the random oracle model.