Improved Identity Authentication Protocol Based On Elliptic Curve Cryptography In Multi-server Environment

Based on the user's name and password model,most of the traditional identity authentication protocols are derived from the mathematical difficult problems.They often rely on the complexity of the password,performance of the random generator and large computational cost to ensure the security of the communication,thus they lack of high efficiency and practicality.In order to further enhance the security of the protocol,considering the biometrics' characteristics of high entropy value and hard forgery,a three-factor authentication protocol based on smart card + password +biometrics' value has been put forward continuously.It's noted that both two-factor and three-factor identity authentication protocols have the same flaw,which is in deficiency of systematic evaluation criteria when making security analysis of themselves.They tend to assert their overwhelming superiority owing to having advantages over others in some respects,while not knowing that the evaluations are not established on the recognized evaluation criteria.Therefore,it has no objection and rigor.The three-factor authentication protocol on the basis of elliptic curve cryptography which proposed by Xia is a representation.Moreover,the security of which is at the expense of huge computing,that means there is no practicability in currently extremely common distributed system environment..In order to avoid above problems successfully,this paper regards Xia's thesis as module.Aiming at these imperfections,a refined two-factor identity authentication protocol based on smart card + biometrics has been proposed,which is on the basis of complete evaluation criteria and adversarial model.Compared with traditional identity authentication protocol with smart card + password two-factor,it subtly omit the password modification phase and circumvent offline dictionary attack in the meanwhile due to substituting biometrics for password of low entropy.What's more,this paper differs from Xia's of directly adding and point multiplying on the elliptic curve cryptosystem in calculation,while employing lightweight symmetric key technology instead.As the result of it gains double benefits from improving computational efficiency and subtly leaving the difficult mathematical problems for attackers.In addition,this paper even achieve others' regret that can't be successfully applied to multi-severs environment when optimizing computational efficiency and improving security.Afterwards,we verified key authentication formally via Burrows-Abadi-Needham(short for BAN)on both sides.Followly carried out security analysis in specified evaluation criteria and compared with others' property of performances.Lastly it proves that the proposed paper is more secure and practical,as a consequence,it will be more suitable to apply in distributed systems.