Two Authentication Protocols And Their Security Analysis On The Networked Manufacturing Platform

With the development of information technology and computer networktechnology, especially the popularization of Internet technology, the worldeconomy becomes the world's next growth engine. Traditional model is notgood enough for current changes. Networked manufacturing model is basedon market requirements, combined with network technology implementinginformation and resource sharing and setting up quick responding mechanism.The networked manufacturing platform is the implementation of networkedmanufacturing model. This platform was composed of manufacturingresources that are multiple, hetero-structure and distributed, and areconnected with each other with the help of computer network. The platformis open, multi-platform, cooperated and can made quick response to the users'requirement.After some years' research, the technology about networkedmanufacturing model is well-rounded now. In the process of theimplementation of networked manufacturing model, security problem withinthe model, especially the security concerned with data transmission, wasgradually emerged and should be dealt without any hesitation. Data frommanufacturing enterprises should be stored, transmitted, forwarded, received,concatenated and regenerated within the networked manufacturing platform.As a result, the need of data integrity and confidentiality must be met. At thesame time, the authentication of the partner identity should be taken intoconsideration. The common solution is using asymmetric algorithm toguarantee identity authentication and integrity, using symmetric algorithm togenerate the secure channel for confidentiality. This paper digged into theproblem emerged from symmetric key algorithm that is how to exchange thekeys between the two sides on which the secure channel was been built. Italso dealt with how to devise and implement an authentication protocol inorder to exchange keys between two sides and authenticate the partner'sidentity.A good authentication protocol not only can accomplish the aim ofdesign, exchanging communication key and authenticating each others'identity, but also can defend all kinds of attacks from potential attackers. Butactually, it is very difficult to devise a good authentication protocol thatfulfilled all the requirements even when only two or three participants areinvolved and only three or five messages are been exchanged. The reasonmainly comes from two sides. First, authentication protocol itself. Such as,the subtlety of security objects itself, the complexity of environment underwhich the protocol runs, and high concurrency of authentication protocols.The second reason comes from the complexity of the attack model used byattackers. The knowledge and ability of the attackers should not beunder-estimated. Attackers may control the whole network. That is to saythey have the abilities of wiretapping, breaking, modifying and fabricatingthe messages. Besides, it is reasonable to assume that attackers may familiarwith all kinds of algorithms in the domain of cryptogram and grasp theknowledge and abilities of cryptogram analysis and use all sorts of attacktechnologies fluently. For example: replay attack and man-in-the-middleattack. Therefore, well-known design methods and analysis methods areneeded in order to produce a good authentication protocol that can meet thedemands of applications.The design methods used in this paper are the combination of devisingand analyzing which also can be called the process of design—analysis—redesign—reanalysis etc. This method really have an effect on not only thedesign of authentication protocol but also the design of others securityprotocols. The "analysis" is generally achieved by using formalized analysismethod. There are four methods that are frequently used in the process ofauthentication protocol analysis. These methods include the research methodbased on Communicating State Machine Models, the model logic based onknowledge and belief, the algebra methods based on knowledge speculationand the Communicating Sequential Processes based on sequentialcommunication processes.It is difficult to devise a good authentication protocol in real applications,because security and other factors may restrict each other. Practical systembased on the different security demands may fulfill part of securitycharacteristics owned by a good authentication protocols. Parts of securitycharacteristics commonly included are exchanging communication key andidentity authentication with each other. The design and implementation oftwo kinds of practical authentication protocols, P2PSAP (Point to PointSimple Authentication Protocol) and TTPSAP (Trusted Third Party SimpleAuthentication Protocol), were presented in this paper based on thecharacteristics of the networked manufacturing platform. The secure channelprovided for point-to-point communications was realized through threecommunication processes: handshaking, public key exchanging and sessionkey exchanging. P2PSAP is flexible and simple. Because the protocol doesnot include the third party, it is liable to be attacked by the men-in-middle. Anewly devised TTPSAP protocol was then introduced in reply to the shortageof P2PSAP protocol. TTPSAP protocol is based on the P2PSAP protocol witha trusted server which aims at setting up a secure channel for key exchangingbetween entity A and B with the purpose of strengthening the power ofstopping the user from the men-in-middle attack. Besides, the power ofidentity authentication will be strengthened based on the credibility of trustedserver.This paper used SVO logic to analyze two new authentication protocols.Main SVO logic analyzing steps were summarized and listed bellow in ourpaper.1. Describing authentication protocol using SVO syntax.2. Creating initialization assumption set ?.3. Describing likelihood aim set or should accomplish aim set.4. Proving whether the subject set is right or not through a serious ofdeduction of axioms with initialization set.This paper gave a formalized analysis to P2PSAP and TTPSAPaccording to the steps listed above, and get some conclusions: both P2PSAPand TTPSAP protocols achieved the purpose of key-oriented aim, keyaffirmation and the purpose of trusting the key of its peer and vice versa.Finally, two types of authentication protocols were realized based on thealgorithm library of OpenSSL.