Research On Identity Authentication Protocol In Multi-server Environment

Benefit from the rapid development of Internet technology,great changes have taken place in human life.Through the Internet,people can handle all kinds of online business,obtain various information and experience abundant entertainment anytime and anywhere.Internet has become an indispensable part of human life.However,due to the openness of the Internet,people enjoy all kinds of network services with certain security risks.Authentication and key agreement protocol is an effective security mechanism to protect the secure communications of participants in an open network environment.Different from the traditional single server-network architecture,multiserver architecture is more suitable for the current practical applications.In addition,the authentication protocol in multi-server environment allows users to access different service providers in the system with only one set of authentication factors,which has higher security and practicability.Therefore,authentication and key agreement protocol in the multi-server environment has become a research hotspot in academia.Different multi-server network environments have different characteristics,including different performance of service providers and different security threats.Therefore,an authentication protocol is not suitable for different multi-server environment.In this paper,two representative authentication protocols in multi-server environment are studied,that is,authentication protocol in mobile cloud computing and authentication protocols in wireless sensor network.The main work and contributions of this paper include:(1)This paper summarizes two kinds of authentication models in multi-server environment,that is,two parties authentication model and three parties authentication model.And we analyzes the differences between the two authentication models,and discusses the applicable network environment of different models.(2)Authentication protocol for mobile cloud computing is an effective security mechanism to ensure that only legitimate mobile users can access mobile cloud services.As an efficient and secure public-key cryptography primitive,extended chaotic mapping is applied to the design of authentication protocol for mobile cloud computing.In 2018,Chatterjee et al.proposed an authentication and key agreement protocol for mobile cloud computing using extended Chebyshev chaotic mapping.However,there are some defects in their protocol.Their protocol cannot provide untraceability,N-factor security,and is unable to resist user impersonation attacks launched by malicious users.After summarizing and analyzing the security and performance defects of similar protocols,this paper designs a new anonymous authentication and key agreement protocol based on extended chaotic mapping.At the same time,formal security analysis and performance comparison show that the new protocol has higher security and practicability.(3)Mobile cloud computing enables mobile devices with limited resources to communicate with remote cloud servers through open wireless networks,access cloud-based resources cloud and obtain various types of cloud services,so as to achieve the "improvement" of mobile device performance.However,mobile devices do not have high computing performance and communication performance.Therefore,authentication protocol for mobile cloud computing should avoid the high complexity of computing in the side of mobile client.After analyzing the design defects of the protocol proposed by He et al,a new anonymous authentication and key agreement protocol for mobile cloud computing is designed based on bilinear mapping.The new protocol can effectively resist the denial of service attacks that similar protocols are vulnerable to,and can provide robust security.At the same time,the new protocol avoids the map-to-point operation of mobile clients,which makes the performance of the protocol have obvious advantages over other similar protocols.In addition,the new protocol also has good communication performance.(4)The computing power,storage space and power energy of sensor nodes are extremely limited,which also determines that lightweight cryptography primitives,such as hash function and symmetric encryption algorithm,should be used in the design of authentication protocol in wireless sensor networks.On the other hand,sensor nodes are often deployed in unattended or hostile areas,attackers can easily capture sensor nodes and get secret information stored in sensor nodes.Therefore,authentication protocol for wireless sensor networks should provide forward security.When the private key of sensor nodes is captured by the attacker,the session key generated before the user and the sensor node is still secure.Based on the above two aspects,using lightweight cryptography primitives to achieve forward security has become a difficulty in the design of wireless sensor network identity authentication protocol.In order to solve this problem,this paper proposes an authentication protocol based on hash function,which is suitable for wireless sensor networks.Proverif security verification and BAN logic verification are carried out for the protocol.The results show that the new protocol achieves all the security targets and can resist all known security attacks.(5)By setting the synchronization information in each communication party and updating the information after each session,we can realize untraceability and forward secrecy of the protocol on the premise of using lightweight cryptography primitives.This method is very suitable for wireless sensor networks.However,the attacker can block interaction information between participants,causing the information of both sides to lose synchronization,thus affecting the authentication of the next session between the two sides.This kind of attack is called desynchronization attack.In order to effectively resist the desynchronization attack,this paper designs an authentication protocol based on symmetric encryption algorithm,which is suitable for wireless sensor networks.By setting the related information identifiers of different communication parties,the desynchronization attack is effectively resisted.At the same time,through the security analysis and performance comparison analysis of the protocol,it is found that the new protocol also achieves all the security objectives,and has good practicability.