Researches On Identity Authentication Technology For Mobile Social Network Applications

Due to the close relationship with people's daily life and the indispensability of our state's development and national security,information security has been paid more and more attention than ever before under the circumstance of fast growing computer network.Even though,what we can't ignore is the subsequent security loopholes exist in online payment,which the attackers may take advantage of and launching attacks to commit financial fraud and information stolen.All these security issues are vastly lagging our society from transferring into “Internet Plus” by endangering people's privacy.As the most basic security service in the computer network,identity authentications are different from each other in different scenarios.The password authentication based on smart card has been proved as the most commonly used identity authentication mechanism by its performances on information protection and efficiency.Currently,it is widely applied in E-Bank,E-Commerce,employee attendance system and other different types of authentication system.The research on the combination of smart card and other mobile devices such as cellphone has become the focus of researchers who are dedicated to optimizing the authentication systems.But what we found is that there still existed gaps between most of the authentication systems based on smart card to one degree or another.In order to solve the above-mentioned problems,the thesis firstly introducing the background and meaning of researching on the identity authentication based on password and smart card.By summarizing others authentication mechanism,the following part analyzed their design patterns for different certificate systems.Then,the results are as follows:1)Propose a password based authenticated key exchange protocol based on smart card.The authentication system applied XOR algorithm,discrete logarithm and Diffie-Hellman algorithm,to achieve the protection of users' information with mutual authentication,and to allow users to change the password.2)Propose a password attack by name analysis(password guessing attack based on identity,PGA).As the deformation of password guessing attack,it can greatly increasing the chance of password cracking.By analyzing the authentication system proposed by Xu(2009),Sood(2010)and Chen(2014),this dissertation simulates the main attack patterns through security analysis,and points out that the above documents can't meet the new security challenges.Then,the thesis put forward an authentication algorithm using the intractability of the discrete logarithm and XOR algorithm that can overcome the above-mentioned security flaws.3)Put authentication algorithm into to practice by designing and developing the simulation of landing and information interaction process using JAVA virtual machine and JAVA server.