The Design And Analysis Of Authentication And Key Agreement Protocols For Multi-environments

With the rapid development and applicication of Internet technology, the system security of network and information has become an important problem which is attracting more and more attention. As one of the most effective measures of ensuring information and network security, authenticated key agreement(AKA) protocol is an interactive procedure between two or multi-parties to authenticate each other and to establish shared session keys for later secure communications in the public network environment. Nevertheless, with the high development of the network informatization and the expanding of the application scenarios, a specific AKA protocol cannot be applicable to all different application scenarios. Therefore it is of great theoretical significance and practical value to design the appropriate AKA protocols that are feasible for the corresponding environments.This thesis aims at the studies on the design and analysis of AKA protocols for different application environments, and gets the following results:1. The AKA protocol for single-server environment is studied. At current, most of single-server password AKA protocols using smart cards are vulnerable to smart card loss attack, privileged insiders attack, password guessing attack and so on. To overcome these weaknesses, we design a single-server AKA protocol based on smart cards with high-security features, while making it has a relatively low computational complexity; By pointing out that the AKA protocol for cloud computing designed by Hao et al. in 2011 is vulnerable to offline password guessing attack and cannot achieve forward secrecy a nd user anonymity, we present a new protocol by introducing the elliptic curve public key cryptography. The results of security analysis and efficiency analysis show that our protocol eliminates the defects of Hao et al.’s protocol while keeping the relatively high performance, and thus is suitable for cloud computing. In addition, we utilize an improved BAN-like logic(Security Protocol Analysis Late nt Logic, denoted as SPALL) to verify the correctness of its authentication procedures.2. The AKA protocol for multi-server environment is studied. By introducing the symmetrical algorithm, tickets and the biometric template matching, we present a new multi-server AKA protocol based on elliptic curve computational Diffie-Hellman problem(ECDHP) and elliptic curve discrete logarithm problem(EC DLP). Security and performance analysis indicates that our protocol can effectively enhance the security while keeping the relatively high performance. Thus it is suitable for resource-constrained and security-concerned application scenarios. Besides, the security of our protocol is proved by using the formal analysis method of SPALL. The results show that our protocol can ensure the correctness of key agreement, key confidentiality and strong authentication.3. The AKA protocol for Wireless Sensor Networks(WSNs) is studied to ensure the security of the real-time communication between external users and sensor nodes. By analyzing the security of Yuan’s protocol, some security flaws of his protocol are pointed out, such as vulnerability to off- line password guessing attack, privileged insider attack and gateway node impersonation attack, lacking the protection of query response. To solve the aforementioned flaws, we propose a novel dynamic ID-based user authentication protocol for WSNs by introducing the elliptic curve public key cryptography. The analysis on security and efficiency shows that the improved protocol eliminates the defects of Yuan’s protocol while keeping the relatively high performance. Besides, according to SPALL proof and security analysis, the improved protocol has correctness of key agreement, key confidentiality and authentication.