Research On Authentication - Key Negotiation Protocol Based On

With the rapid development of the network technology, online business is thriving, such as e-banking, Taobao, and ticket booking, etc. Our work, study and life are made more and more convenient. However, people are facing with a variety of security problems because of the open nature of network. How to ensure the legitimacy of users and the security of information have become people’s urgent needs. One of the best methods to solve the problems is using encryption and authentication technology to complete the entities authentication. Due to the Elliptic Curve Cryptography(ECC) was considered as one of the most effective methods among many encryption mechanisms. The ECC has a lot of advantages such as high security, short key size and fewer resources. It is used as the core technology in the field of information security. Therefore, the design and analysis of ECC-based authenticated key agreement protocol has greatly important theory significance and practice value.The comparative deep researches for authenticated key agreement protocols with remote users, multi-server environment and mobile roaming environment are made in this paper. The main contributions in the paper are described below:(1) An enhanced ECC-based remote user authentication scheme is proposed in this paper. Islam et al.’s remote user authentication protocol is briefly reviewed. We point out that Islam et al.’s protocol suffered from insider attack, stolen-verifier attack and forgery attack, and cannot preserve user anonymity. A new ECC-based remote user authentication scheme is given to remove the vulnerabilities. Security is also analyzed in the new scheme. The security of session key relied on the difficulty of solving the elliptic curve computational Diffie-Hellman problem. At last, the security and performance of the proposed scheme are compared with original scheme.(2) A novel ECC-based authenticated key agreement protocol for multi-server environment is presented. The ECC is applied to the multi-server communications environment, and a new protocol is proposed. In the proposed scheme, an identity and a password are submitted to the registration center. Then, a smart card is issued by the registration center to finish the registration. There is no such information stored at the registration center. So the security can be improved in the protocol. The security of the new scheme is also analyzed. At last, the security and performance of the new protocol are compared with related protocols.(3) A new ECC-based authenticated key agreement protocol for mobile roaming environment is presented. Currently, the computational efficiency and safety are not unified among many mobile roaming authentication schemes, and user’s anonymity is not achieved in them. Therefore, the ECC is applied to the mobile roaming communications environment, and a novel protocol is proposed to ensure the security and roaming of the mobile network. Then, the secure properties are analyzed in the new scheme. It is showed that our scheme can overcome replay attack, insider attack, forgery attack and off-line password guessing attack. Moreover, user’s anonymity, perfect forward secrecy and mutual authentication are provided in it. At last, the security and performance of the new protocol are compared with related protocols.