| Information technology is developing rapidly nowadays. The Internet has profoundly changed people’s daily life and has brought great convenience to us. At the same time, how to effectively keep the security of the information which is transported in network has always been an important problem to be solved. Thus the secure authentication protocol based on cryptography emerged. As it provides many kinds of security attributes, including authentication, data integrity, anti-repudiation and so on, it becomes one of the key information security techniques and is also applied in Electric Business and Electric Government. However, in actual network communication, password-based authenticated key agreement protocol is a widely used authentication protocol. It allows two or more parties which hold low-entropy password to authenticate legitimacy of mutual identities and establish a session key securely in the presence of active adversary. The session key would ensure the subsequent communication among the parties. Therefore, password-based authenticated key agreement protocol is the foundation of constructing high-level protocols or systems, which demand complex and security.This paper is mainly about the research on password-based authenticated key agreement protocol for two-party and three-party. The specific work is as follows:(1) This section presents the security analysis of an efficient password-based authenticated key agreement protocol. Shim points out that it is vulnerable to stolen-verifier attack and off-line dictionary attack. To overcome the weaknesses, two improved protocols are introduced. As some security problems still exist in these improved protocols, a new efficient & secure password-based authenticated key agreement protocol for two-party is proposed. In this improved protocol, the client stores a plaintext version of the password, while the server stores a verifier in its database together with the corresponding identifier of the client. By taking advantage of one-way hash function, a secret key which was pre-shared between two entities is cleverly fitting into this protocol. The security analysis of this new protocol shows that the protocol provides several security properties, including forward secrecy, known session key security, resilience to dictionary attack, Denning-Sacco attack, and stolen-verifier attack, etc. In addition, it is proved that this new protocol is more secure & efficient in comparison with other three related protocols.(2) This section shows that an efficient verifier-based key agreement protocol for three parties without server’s public key easily suffers from the stolen-verifier attack. At the same time, an improved method to withstand the above attack is given by Wang and two improved protocols are introduced. As some security weaknesses are found in these improved protocols, a new efficient & secure password-based three-party authenticated key agreement protocol is proposed in this paper. In this improved protocol, each client stores a plaintext version of the password, while the server stores a verifier in its database together with the corresponding identifier of the client. By taking advantage of one-way hash function, a secret key which was pre-shared between two entities is cleverly fitting into this protocol. The security analysis of this new protocol shows that the protocol provides several security properties, including forward secrecy, known session key security, resilience to dictionary attack, Denning-Sacco attack, and stolen-verifier attack, etc. Compared with previous protocols, this new protocol has lower communication and computation, so it is more practical. |
PDF Full Text Request