| As web service is used in anywhere and environment of network become more and more complicated, that cause people to focus on how to use intemet securely. Especially, we need to secure the communication between client and server. So we use authentication protocol to protect user account and the secure communication between client and server. User authentication is very important over insecure networks environment, along with confidentiality and integrity, ensures that illegal users can not obtain system's resources by illegal means.Authentication protocol have a lots of styles, there authentication protocols have their own properties, and environments. According to style of authentication, we can divide authentication protocols into several groups, just like biological information authentication, password-based authentication etc.Firstly, password-based authentication protocol can divide into asymmetric key-based authentication, symmetric key-based authentication and hash function and XOR-based authentication. Because we thought that client is a computer which communicate with server, the protocol adopt asymmetric key algorithm to implement. But we cannot think like that anymore, we need to consider the client is a compatible client. For example, client is a personal digital assistant.Secondly, according to some details, authentication can be divided into nonce-based and timestamp-based etc. because the timestamp-based authentication needs to synchronize time between client and server, so we don't use it recently. We adopt nonce-based method, but if the client is a device which has weak computational power, it is difficult to it to generate efficient random number. So we are going to find a way to solve it.In this thesis, we introduced authentication protocol development, analyze some popular protocols. We proposed a new protocol which is based on nonce, it adopt token-update method to ensure freshness of data. Compare with some protocol, we analyze the security of our protocol. We analyze protocol's efficiency, prove it is more efficient than others.We have done some work as follows:1) we got more efficient model. The login and authentication phase of protocol is based on hash function and XOR operation. Because of their efficiency, so we got more efficient model for authentication protocol.2) We improve Lee's protocol, by comparing with Lee's protocol, we have improve that Lee's protocol cannot avoid replay attack and impersonate attack.3) We analyze security by attack model, in the analyzed chapter, we use attack model to analyze the security of our protocol logically, we got conclusion that our protocol is secure.4) Client does not need to generate random number. Because we adopt nonce-based method, we must consider random number generation problem, we use token-update method to ensure freshness of data, and server generate random number and update it every round, so we can avoid client's generating random number.Among numerous methods for user authentication, the password scheme is the most convenient and widely has adopted. Since transmitted data may be exposed to unauthorized access, we strengthen the password-based scheme by nonce and token-update. We do not depend on the operating system, server's address, physical secure of server, we assume that the data can be read, insert, modify. Our protocol can provide mutual authentication in this environmentIn this thesis, an efficient token-update scheme based on nonce is proposed. This scheme provides an enhancement, resolving some problems with regard to Lee's scheme, which cannot defend against replay and impersonation attacks. Accordingly, an analysis and comparison with Lee's and other schemes, demonstrate that the current paper avoids replay and impersonation attacks, providing mutual authentication, and also results in a lower computation cost than the original scheme. |
PDF Full Text Request