Analysis And Design Of Password (Smart Card) Based Authenticated Key Agreement Schemes

Authenticated key agreement is the first line of defense to realize the network informationsecurity. It combines the authentication and key agreement to implement security networkcommunication. Authenticated key agreement technology can not only ensure the system to identifythe user’s identity, but also establish a common session key for the two communication sides, whichis convenient to communicate in public channel. Design a secure and efficient authenticated keyagreement scheme is the key point of this paper. The authentication may lead to reveal user’sidentity. The study of anonymous authentication scheme is another important issue of this paper.This paper mainly focuses on password or smart card based authenticated key agreementscheme, and the research of the anonymity and untraceability of authenticatsion scheme. The mainresearch results are as follows:the research of authenticated key agreement scheme based on password and smart card. Li–Niu’s scheme is analyzed and it can’t resist to stolen smart card attack and offline passwordguessing attack. This paper puts forward an improved authenticated key agreement scheme basedon password and smart card. The security of the new scheme is based on the one-wayness of hashfunction and the difficulty of discrete logarithm problems. The new scheme can not only resistvarious attacks, but also satisfy the small amount of calculation and operation of high efficiency.the research of the anonymous authentication scheme. Toan-Thinh Truong’s andHuang-Liu’s scheme are explored, and it shows they both cannot meet untraceability. Ananonymous authentication scheme based on smart card is proposed which can meet untraceability.The CDH problem in elliptic curve and one-way hash function can prevent the scheme fromimpersonation attack and password guessing attacks, etc.the research of the authenticated key agreement scheme based on password. This paperdesign a password based authenticated key agreement scheme which can resist offline passwordguessing attacks and stolen verification attack. The scheme using CDH difficult problem andone-way hash function ensure the security of the system. Additionally, the registration andauthentication phase’s part function of the scheme is preliminarily realized.