| With the rapid development of e-commerce,network service providers usually provide users with a wide range of services which run on different servers.Thus,mobile client-server environment and multi-server environment have been widely used.On the other hand,more and more people start to quickly access network services through their mobile phones or other mobile devices which bring convenience to our lives.However,the openness of the mobile Internet and the sensitivity of the mobile applications make their security issues such as user authentication and key agreement more serious.In addition,in mobile client multi-server environment,the mobile users need to keep their privacy when they are being authenticated in this environment.Furthermore,the existing user authentication protocols,which have been introduced for the mobile client-server environment,are suitable only when the client and the server belong to the same cryptosystem.Therefore,it is necessary to design an efficient user authenticated key agreement protocol for the mobile client-server environment and multi-server environment.Mobile devices have lower performance compared to personal computers.Indeed,it is not easy to design a protocol which combines security and efficiency as well.In order to solve these problems,we studied the user authentication with key agreement protocol for the mobile client-server model and mobile client-multi-server model in this thesis.The main work of our thesis includes:1.We proposed a certificateless user authentication key agreement protocol which was suitable for the mobile client-server model using the bilinear pairing.We proved that it could provide mutual authentication and key agreement in the random oracle model.To overcome the weakness of the existing identity-based user authentication protocols,the above protocol was proposed based on certificateless cryptography to avoid the inherent key escrow problem in identity-based cryptography.We also compared the proposed protocol with other protocols and analyzed them from three aspects: security,communication cost,and computing cost.Our protocol was proved to be secured against both adversaries type I and II in random oracle model,hence was implemented using Java Pairing-Based Cryptography(JPBC).2.We proposed an efficient identity-based user authentication with key agreement protocol for mobile multi-server model with unconditional anonymity.This protocol,just like the former also was proved to provide a secured two-way authentication and key agreement under the random oracle model.Even,this protocol was compared and analyzed regarding security,computational and communication costs with other existing protocols.We implemented the proposed protocol using the JPBC library and demonstrated the practicality of this protocol.3.Considering the existing user authentication protocols,we realized they are suitable only when the client and the server belong to the same cryptosystem.Therefore,using the bilinear pairing as a tool,an efficient user authenticated key agreement protocol was proposed for the heterogeneous mobile client-server environment.Using the random oracle model,it was proved that the proposed protocol could provide secure two-way authentication and key agreement in both clientserver and multi-server environments.In regards to security,computational and communication costs,we compared the proposed protocol with other protocols.Finally,we implemented the proposed protocol too using the JPBC library for both client and server sides and demonstrated the practicality of this protocol.This thesis has some value and significance regarding design user authentication and key agreement protocols for the mobile client-server environment and multi-server environment.The proposed solutions in this thesis well fit for mobile phone applications such as e-commerce,e-banking,e-government,and the Io T applications. |
PDF Full Text Request