Research And Design Of Password-based Mutual Authentication Key Agreement Scheme With Smart Card

In the computer communication network or the distributed system, cryptography andprimary algorithm provide basis for key protocol which is the safeguard of achieving securenetwork communication. A key protocol includes the parties and a serious of message exchangerules between the parties in order to offer various secure services. The main purpose of keyprotocol based on the basic lower-layer-communication protocol is achieving authentication,key exchange and information secrecy. In particular, with the research and development of theauthentication key agreement protocol, the user can achieve secure communication efficiently byremembering low entropy password. This kind of protocol is widely used in net meeting,multi-user game, shared service and so on.This thesis firstly introduces the research background of key exchange protocol and themeaning of the research and then concludes the model, design process and attack classificationof key exchange protocols. Then mainly improve and design the authentication key exchangeprotocol based on password in the viewpoint of the number of the participant involved in theprotocol. The main researches in the paper are as follows:(1) A new transformation of the offline guess attack named stealing card and eavesdroppingof-line guessing attack, SEG attack for short, is proposed. Review and analyze the protocols ofShen et al (2013)and Jiang et al (2014)which is not secure under the new attack. In order toremedy the deficiency, the author improves a two-party password authentication key agreementprotocol based on the elliptic curve cryptography using random number instead of timestamp forsynchronization. Security analysis shows that the new protocol can resist various attacksincluding SEG attack. Furthermore, several main operations are stimulated in the performanceanalysis phase. The running time of our proposed protocol is acceptable with the comparison ofthe related works.(2) Review, analyze and improve Xie et al.’s (2013) three-party authentication keyagreement protocol based on chaotic maps. The improved protocol can provide privacypreserving and previous security properties with descending the communication cost andcomputation cost under the analysis and comparison.(3) Design a new authentication key exchange protocol based on symmetric cryptographyused in multi client-server model. Under the security and performance analysis, it can resistwell-known attacks with privacy preserving, achieve session key depending on the requirement and efficient dynamic case for updating the session key.