Research On Remote User Authentication Scheme

With the development of computer technology and network technology, information security has become the focus of concern gradually for people. Authentication is an important aspect in the theory and technology of information security. It is used to verify the user's identity and limit illegal users to access system resources. Ideniity authentication is the first line of defense in information security system, and is the most important defense line.This article first introduces authentication technology and cryptography, and focused on several common authentication technology and elliptic curve cryptography. More further studies on authentication protocol are as fallows:1. Analysing several typical password-based authentication protocol. The security of an efficient nonce-based remote user authentication scheme using smart cards is emphatically analyzed. However, this scheme still has many secure faults. By improving this scheme, an improved, based on random number and function of hash authentication and key agreement scheme is proposed: PUAKS scheme. In order to avoid the risk of message replay attack, the scheme uses nonce random instead of using time stamps. PUAKS has many merits: it lets users freely choose and change password at their own will; it provides mutual authentication between two entities; it has lower computational costs; it resists man-in-the-middle attack; in addition, it has wrong password sensitivity; and it has password nontransparency to system and strong security reparability. Furthermore, the session key has freshness, confidentiality, Known-Key security and forward security.2. The theory of OTP(One Time Password) is diseussed. Several typical OTP authentication schemes are analysed, which have some secure faults. Then an ECC(Elliptic curve cryptography) based one time password and key agreement scheme is designed: EAKAS scheme. This scheme uses ECC signature algorithm with message recovery and without inversion to reduce the burden of system. And it uses ECC signature chains as one time password to provide mutual authentication between two entities. In order to ensure the security of communications after the certification, it uses authenticated key agreement protocol based on password and elliptic curve cryptography to generate session key.3. Completing the sofeware architecture design, database design and the modules partition. Using VC++ and MIRACL(Multiprecision Integer and Rational Arithmetic C/C++ library), EAKAS is implemented.