Research On Authentication Protocol In Various Application Environments

The popularization of network information technology makes the application of network information technology from the military,political,economic and other areas of national security into people's daily life.As more and more reliable information is transmitted over the open network,its becoming more and more important to prevent unauthorized users from accessing the information.The authentication protocol is an effective means to ensure the security of the network information,through which we can confirm the identity of the user,prevent the invader from logging in to the server,maliciously tampering with the data in the system through illegal ways or obtaining the private information stored in the server.To meet the needs of practical applications,identity authentication protocols are used in a wide range of information systems and other fields,such as Voice over internet protocol,Internet of Things,Wireless Sensor Networks and other applications.The purpose of the authentication protocol is to achieve the secure communication of the participants in an open network environment.However,due to the unreliability of the open network,there are various attacks in the authentication protocol,resulting in the analysis and design of identity authentication protocol becomes more complex.This paper focus on the security vulnerabilities existing in identity authentication protocols,and analysis the authentication protocol for SIP(session initiation protocol)and the three-factor authentication protocol based on biometrics respectively.The following results are obtained:1.analysis the SIP authentication key agreement protocol proposed by Lu et al.and indicate that their protocol suffers from server spoofing attacks and failed to provide mutual authentication as they claimed.Further,we presented an improved authen-tication protocol for SIP and proved its security using BAN logic.Through the security and performance analysis,we illustrate that the proposed scheme is more secure and flexible,thus it is suitable for practical use in a distributed environment.2.analysis the three-factor authentication protocol based on biometrics proposed by Chaturvedi et al.and point that their protocol is vulnerable to man-in-the-middle attack and can not provide mutual authentication.Then,we propose a novel re-mote user authentication protocol based on biometrics,its security is based on the fact that the preimage problem of the Hash function is computationally infeasi-ble to solve and that the elliptic curve computational Diffie-Hellman problem is intractable.Through the security analysis,we demonstrated that the new proto-col can resist various attacks including man-in-the-middle attack,smart card loss attack,off-line password guessing attack and impersonation attack.