The Research Of Authenticated Key Agreement Protocol For Mobile Network

With the wide use of smart phones,people prefer to use mobile network to communicate with others,shop online and finance,the problem of mobile network security attracts more attention,how to build a security protocol that suitable for mobile devices with low performance becomes a very important issue.The typical solutions to solve the secure issue on wireless networks are key agreement protocols.Communication parties can use key agreement protocols to authenticate each other and build a temporary session key,and use the session key to encrypt or decrypt the messages transmitted between them,so can ensure the security of the communications.Since the concept of key agreement was put forward,it has gained wide research and is developing all the time,there are different kinds of key agreement appeared.Among them,identity-based key agreement protocols can solve key management issues in traditional public key cryptosystem and ECC-based key agreement protocols have higher efficiency.Combining both of these advantages,Key agreement protocols based on identity and ECC is a good choice to solve the communication security on mobile networks.Farash et al proposed a identity and ECC based keyagreement protocol in 2014,their protocol can resist KCI attack and has perfect forward security.Shi et al pointed out that Farash et al's scheme suffers from server impersonation attack and proposed a new user registration protocol.However,we find Shi et al's protocol has the same weakness with Farash et al's scheme.In order to solve this problem,we add a random number in the server's authentication message and simplify user's private key.On this basis,we propose a new client-server two party authenticated key agreement protocol.After that,we build a random oracle model and use it to prove that our scheme can provide authentication between the client and server,and the session key has indistinguishability.We also give the analysis of security features of the new protocol.We show that the proposed scheme can provide known-key security,perfect forward secrecy,can resist key-compromise impersonation attack,unknown-key share attack and replay attack.In addition,we compare the security and performance of the proposed protocol with other five existing protocols.The result shows that our scheme not only improves the secuirty,but also has higher efficiency.In order to prove that our scheme is feasible in real environment,we also give the realization of the new protocol.We use Bouncy Castle and SHA-256 to realize the cryptographic algorithms.The result of the experiment shows that our protol is correct and has low computing cost,can be used on mobile devices.