| As one of the cryptographic primitives,key agreement is also named key exchange or key establishment,which can allow both or more parties to negotiate a mutual secret key over public network,so as to ensure the confidentiality and integrity of the channel.The problem that how to design a secure and efficient key agreement protocol is always a hotspot,just like encryprion algorithm or digital signature algorithm.Accoring to the various methods that the public key is authenticated by,authenticated key agreement protocol can be based on PKI?identity-based or certificateless cryptography which can't only avoid the complex certificate management in PKI,but also get rid of the limitation of key escrow in IBC,so that certificateless cryptography is more adaptive to limited network environment.In this thesis,focusing on analysis and designment of certificateless authenticated key agreement protocol(AKA),the following results are presented:1.Li Na et al.'s certificateless two-party AKA protocol cannot resist key compromised impersonation(KCI)attack from annual adversary;Wu et al.'s certificateless two-party AKA protocol cannot resist KCI attack from Type I adversary;meanwhile Li et al.' certificateless tripartite AKA protocol cannot refuse impersonation attack and Jia et al.'s certificateless tripartite AKA protocol cannot refuse passive attack,forward security attack and KCI attack from adversary.2.A novel certificateless two-party AKA protocol is proposed,which authenticates each other implicitly through a similar DH interaction and needs three passes.The message in channel includes one public key and some temporary data.Each party costs only five scalar multiplications,furthermore it has been proved secure under the mBR security model and random oracle,based on the computational Diffie-Hellman and divisible computational Diffie-Hellman assumptions.Compared with similar protocols,it is more efficient than more secure protocols,more secure than more efficient protocols,so this protocol achieved a better balance between efficiency and security.3.Further analyzing the above protocol,a more secure certificateless two-party AKA protocol is proposed through adding the number of shared secret values.The new protocol also has no paring operation,and has been proved secure under the eCK model and random oracle,based on the CDH and DCDH problem assumptions.Compared with the former protocol,the new protocol has consistant communication cost.Although it needs nine scalar multiplications,it will costs less computation because of precomputed public key and temporary data,meanwhile possesses more security.4.Tripartite protocol is a generalization of two-party protocol.Considering the fact that most three-party protocols are flawed,at first a novel certificateless tripartite protocol proved secure is proposed.The protocol can authenticate each other implicitly through DH interaction,needs only one round of interaction,and is reduced to GBDH problem assumptions.Because of three bilinear pairing operations,the protocol has heavy computation,further another certificateless tripartite protocol is proposed which is based on Schnorr signature technology which can be replaced by other secure signature algorithms.The second protocol needs only one pairing operation and two rounds of interaction,meanwhile has known key security,perfect forward security,KCI resistance,unknown key sharing resistance and ephemeral key leakage resistance by analyzed heuristically.By contrast with similar protocols,two protocols both have obviously more secure advantage.Comparison between the two,the first has more light communication overhead and is proved secure rigorously,the second has less computation cost and can resist insider attack. |
PDF Full Text Request