| With the rapid growth of information and network technologies, information network has wide applications in modern society. However, information networks face great challenge in security. As the building block of network security, cryptography protocols can be used not only to provide information confidentiality, but also to resolve most of the security problems in information networks. Therefore, the correctness and security of these kinds of protocols are very important. Key exchange protocols are the basis of realizing the secure communication between entities. Through the key exchange protocol, the entities can establish the high-entropy session key and this session will be used in the subsequent secure communication. With the deep research, the researchers have received some good results, but there still are many problems needed to be solved, for example, the efficiency of the protocols and the security of the protocols. In addition, the traditional"heuristic"security proof method has so many drawbacks that the key exchange protocols with the formal security proof become popular issues. This work makes a comparatively deep research for the provably secure authentication and key exchange, which includes: the study of provably secure certificate-based two-party authenticated key agreement protocol and theories for authenticated key exchange based on ID under the PKI environment. The main results are as following:1, We introduce some common attacks to secure key agreement protocols, the concepts and the security properties of secure protocol. We also point out the basic design principles of secure agreement protocols, which include: using the random value but not the time stamps; resisting the attacks available; having the low computational cost and short message sizes as possible as we can; designing the protocols easy to be extended and the least security assumptions.2, We present a new authenticated key exchange (AKE) protocol named AKE-1. Our proposal is efficient and proven in newly enhanced Canetti-Krawczyk (eCK07) model under the random oracle assumption (ROM) and the computational Diffie-Hellman (CDH) assumption. We use a new technique named trapdoor test, recently proposed by Cash, Kiltz and Shoup, leaving out the help of the decision Diffie-Hellman oracle. In addition, we present a one-pass variant (for only one entity on line) and three-pass variant (providing key confirmation) of AKE-1 for different applications.3, SAKA protocol has a relative security and executing efficiency. However, we found that SAKA cannot resist to the key leakage. To solve this problem, we propose a new secure protocol and give a rough security proof.4, A ID-based authenticated key agreement protocol under PKI environment is proposed and we analyze the security and efficiency. The analysis shows that our protocol has good security properties and low computational cost.The focus research of agreement protocol in future is the constant big group key agreement of ID-based. The protocol must have authentication in the security, flexibility in the change of entity, and minimize the cost of the daily key management and the timely update. |
PDF Full Text Request