Research On Password-Based Authentication And Key Exchange Protocol For Low Power Devices

Communication has always been the foundation of human development. Nowadays, the Internet exists in all aspects of people's lives. Based on a variety of wired and wireless networks on the development of the exchanges are hot. With the development of network, more and more and more people rely on the network to do all kinds of things, from online consumption to Telemedicine. It leads to group communication, anonymous communications, e-commerce which is emerging and fully explained that people solve some of these work or life questions through the network.Through Internet, a person communicates with other communication parties in a virtual identity. It produces a confidence-building requirement. In the network the two sides can not see each other real ones, so they require a method of identity authentication to identify each other. The most common certification is that let the other part know that "who am I?" or "what do I have?" or "what do I know something about?" These methods proved to the user identity will be directly under the applicant's unique physical characteristics, digital Certificate, or directly request the user to enter their password to prove the user's identity. Entering the password for user identity authentication is the simplest one of the most direct one. Users provide their own user name and password word to the server. And then In order to confirm the user identity, server-side looks up the value stored and picks the password to compare. Then the server gets prepared for the next phase of the conversation between them.The server has confirmed the user identity. The two sides begin to obtain their required information from the conversation between them. DH key exchange protocol is a classical method, and ensures the key exchange and mutual security to send and receive information. At present, a lot of key exchange methods are based on the solution of difficult discrete logarithm problem of the math. It ensures the safety of both communications through parameters can not be understood and the complexity of calculating is in seting up the course of transmission. The computing power of current server and desktop are more and more powerful. The complexity of the modular exponentiation calculation with large prime numbers is high. It ensures safety but also there are much more computing time which is expensed.Today, there are a variety of handheld mobile terminals, such as laptop, smart phone, PDA and so on. They are all used as network endpoints in today's society. Because of the inherent property of these devices, they can not compare with desktops or servers. So, when we log in to the network or get the Internet authentication through these equipments, machine execution time will be so long as the complex computing. How to find a balance between the security with large volume of calculation and the efficient implementation on the low power computing devices, get efficient use of server-side computing power, is one direction that researchers are continuing to explore currently. Recently, more and more concerns are put on the security issues for wireless communication networks, and a lot of fresh new security theories and related technologies are put forward and developed. These research results have covered all kinds of network environment. However, authentication and key exchange have always been the most essential, which the thesis will focus on.In this paper, we proposed a password-based authentication and key exchange protocol to this portable equipment. We have do some research on the core problem of security methods and technologies which the protocol designs, security analysis, implementation and testing in specific areas. The main job has following aspects:First, starting with the existing password authentication key exchange protocol, we study the background and the status quo of authentication protocol, and analyze the security situation of existing password authentication protocol. Then we descript some existing password mechanism, and organize a number of possible security risks for authentication methods, such as leakage, stealing, guessing, infiltration and other means of attack. Second, based on classic password authentication and key exchange protocol, combined with the current network equipment usage, we pointed out the need to study the new security theory, security methods and security technology which is fit in the portable computing communications equipment. Through the some existing typical attacks to password authentication protocol, we analyze the proposed security protocol and prove that the protocols can resistance to existing methods of typical attack and with good security features.Third, we pointed out that the random oracle model fits in this article with password authentication environment after analyzing the existing security model. In this study, Formal analysis of the protocol is based on the random oracle model. In the random oracle model, we assume that all communication is completely under the control of the attacker. Attacker can read, delete or modify protocol to send the message, and then he can forge its own message. It even allows any party to initiate or accept the conversation. It has a very strong capacity. So it is beneficial to the performance analysis in security of password authentication environment.Last, we build a structure of the system test environment and test the protocol and its performance. And then we analyzed the test results, verify the correctness of the protocol and performance, as well as the safety of the initial design goal. At the same time, with typical password authentication protocol at other properties were compared and analyzed. After analysis and testing, the results show that, authentication protocol with the current network environment required by the complexity of many features. At ensuring the safety and correctness, it ensures the requirements that calculation of the volume of non-symmetric to a weak computing power equipment as well as client side and server-side. This paper presents the design of the authentication protocol for communication which provide password authentication and confirmation of the session key between the two sides. And it is also able to resist some kinds of possible security threats. Protocol at the server side, the exchange of password through one-way function is calculated for storage and against offline dictionary attack resistance. The computation of interchangeable one-way function is based on the obstacle of discrete logarithm properties. And it makes that when protocol is processing the interaction of information can not be understood. Client random number generation and interaction with the server side verifies the user password, as well as against replay attack resistance. Since each generated session key is different, thus ensuring the freshness of session key at the same time. The protocol provides session key confirmation in two-way. These allow client and server believe that session key is appropriate to their communication to confirm the two sides shared fresh session key.