Research And Implementation Of Key Agreement Authentication Protocol

Trusted verification is an important part of the network security strategy framework,which is of great significance to achieve the network security strategy goal of hierarchical protection 2.0.In order to achieve trusted authentication,key agreement and identity authentication are essential.Identity authentication is the first line of defense to ensure the security of information system.How to authenticate the user's identity is the key problem to ensure the secure communication in open environment;Key agreement scheme is to let two or more parties negotiate to generate a session key,which is used to ensure the data confidentiality and integrity in the process of communication.This paper analyzes and studies the design of dynamic password authentication and key agreement scheme:(1)To solve the problem that the two party certificateless key agreement scheme can not resist the temporary key leakage attack,this paper proposes a certificateless two party key agreement scheme based on Eck model on the basis of reference [31].In this scheme,the parameters generated by the long-term private key of both parties are added when calculating the negotiation key,so that the security of the session key can be guaranteed when both parties disclose the temporary key at the same time.At the same time,because this scheme only adds two point multiplication operations,the efficiency of key agreement process is equivalent to that of reference [31].(2)Aiming at the low efficiency of the dynamic password authentication scheme proposed in reference [17],this paper proposes a dynamic password authentication scheme based on RSA problem.This scheme makes use of the characteristics of RSA problem,reduces the number of encryptions and decryptions that users need to perform in the login process,and improves the efficiency of authentication.At the same time,the new scheme provides two-way authentication between the client and the server,so that the scheme can resist pseudo server attacks.(3)Based on the scheme proposed in work 2,a dynamic password scheme system is implemented.The system adopts b/s mode,which reduces the burden of the client.The whole system includes registration module,login module and user information management module.The system is written in Python language,and web bootstrap framework and Django network framework are used.The database of users and background access queries uses relational database mysql.