Research On Authentication Protocol And Development Of Digital Certificate Authority System Evaluation Tools

Authentication between the users and the server is essential to prevent unauthorized security threats over the insecure networks. Password-based user authentication is one of the simplest and most convenient authentication protocols. They can be classified into three classes: the password-only authentication protocols, the memory deviced-aided password authentication protocols and the dedicated device-aided password authentication protocol. The first class protocols have a low security and a big cost in maintenance. The remaining two are the hot issue of research. In addition, since the implementation of the “People's Republic of China Law on Electronic Signatures”, the identity of digital certificate-based authentication methods are becoming an important way to protect the Web applications, such as e-commerce, e-government and e-health etc.. With the release of the “Public Key Algorithm SM2 Based on Elliptic Curves ” and the “Digital Certificate Format Based on SM2 Algorithm”, the research and evaluation on the digital certificate authority system based on SM2 algorithm is an important aspect of the research of the authentication technology.The work of this thesis is based on the above situations and includes four aspects as follows:At first, this thesis introduces the related knowledge of the authentication protocol and the general design criteria, the structure and format of the digital certificate, SM2 signature algorithm, and digital certificate authority system.Second, the password-based user authentication protocol with the general storage device are studied in this thesis. We analysis Jiang et al.'s scheme in literature and point out the security issues in it. Then, we design an improved scheme which can withstand the Do S attack, insider attack, but also can achieve the users' anonymity.What is more, we research on the dedicated device-aided password authentication protocol. We summarize an attack model of the adversary in a smartcard-based user password authentication protocol. Then, we give a cryptanalysis of Chao et al.'s scheme in literature and ponit out the error and the potential attacks in it. On this basis, we propose an improved scheme to fix these security problems, and analyze the security of it.At last, studying on SM2 algorithm on the basis of SM2 algorithm, the format of the certificate, and the certificate authority system test specification, we researches on the evaluation of the digital certificate authority system. We develop the tools to evaluate the authority system in some test content, which can be realized in software. These tools can parse the digital certificate based on SM2 algorithm and analyze the validity of the certificate.In the end, the whole work is summarized and the ideas and plan of work next is also provided.