Research On Multi-server Architecture Authentication Key Agreement Protocol

With the rapid development of communication technology,more and more people enjoy the convenience brought by the Internet.While enjoying these conveniences,there are also various security threats on the Internet.Because of these various security threats,our privacy is under attack,and the secure authentication protocol establishes a secure bridge for end-to-end connections in an open network environment.The authentication key agreement protocol was originally proposed for single-server architecture,and while the early single-server architecture authentication key agreement protocol solved the problems of authentication and encrypted transmission very well,however,the user registration was extremely clumsy.Each user needs to register on different servers,which is not only a waste of resources but also creates security risks for the user's account.With the large-scale application of multi-server architecture,the single-server architecture authentication key agreement protocol cannot meet the new challenges brought by multi-server architecture,so the single-server authentication key agreement protocol gradually fades out from the view of researchers,and more researchers join the research of multi-server architecture authentication key agreement protocol.Because of the openness of networks in multi-server architecture,adversaries can easily control communication channels and can carry out various types of attacks between multiple participants,such as interception,modification,replay and delayed message arrival.To defend these attacks,researchers have proposed a large number of authentication key agreement protocols for multi-server architecture.Currently,there are two types of multi-server authentication key agreement protocols,the first type is the authentication key agreement protocol that requires the registration center to participate in the authentication phase and the second type is the authentication key agreement protocol that does not require the registration center to participate in the authentication phase.The second authentication protocol is also a current research hotspot because it does not require the participation of the registration center in the authentication phase which saves a lot of communication resources compared to the first type authentication key agreement protocol.In the first authentication key agreement protocol,a service provider can check a user's authentication rights by communicating with the registration center,but in the second authentication key negotiation protocol the registration center is not able to check user's authentication rights,because it is not involved in the authentication phase,so users can successfully authenticate with all service providers registered which already registered at the registration center.In this case,it is difficult for service providers to restrict users' authentication and access rights.To solve the above problems,this paper studies the hierarchical authentication problems in the authentication key agreement protocol in the multi-server architecture.The main research results are as follows:(1)We propose two new hierarchical multi-server architecture authentication protocol.The first protocol is a coarse-grained hierarchical authentication key agreement protocol.We embed the authentication level as a parameter in the user's private key that is issued by the registration center.Service providers verify the correctness of the user's private key during the authentication phase and verify the correctness of the authentication level parameters so that the service provider can know whether the user is legitimate or not.The second protocol that we proposed is a fined-grained hierarchical authentication key agreement protocol which uses the Merkel hash tree to store authentication level parameters.In the following sections,we prove the security of two multi-server authentication key agreement protocols proposed in this paper,and we use protocol security verification software ProVerif to simulate the process of the protocol to verify the security of the protocol.We create a performance simulation test on the protocol.First,we use the MIRACL cryptography library to build a computing cost test platform on the mobile platform and the pc platform,and we create a computing cost experiment on the algorithms that used in the proposed protocols.Next,we analyzed the computation,communication and storage costs of the proposed protocols.We compare the performance of the proposed protocols with the other two supreme protocols.The comparison results show that the computation,communication and storage costs in the proposed protocols are more reasonable and the proposed protocols are more suitable for multi-server architectures.(2)We make contributions not only to academic research but also research and simulate the GameSpy multi-server authentication protocol that is widely applied to the Internet.First,we analyzed the GameSpy SDK source code,studied the authentication protocol of the GameSpy platform,and wrote a cross-platform GameSpy simulator program that is based on Microsoft dot net core.The GameSpy simulator simulates GameSpy authentication protocol that makes the client login successfully,and the research pave the way for simulating all services that GameSpy provides.