Security Analysis And Improvement Of Asymmetric Multi-factor Authenticated Key Exchange Protocol

With the development of information globalization,it is the primary approach for people to obtain information and communication from the computer network.Various systems and applications have become a part of human life and work.However,due to the open and insecure characteristics of the communication channel,the transmitted data faces a risk of leakage.To protect the security of transmitted information and prevent unauthorized data access,the server and user need to authenticate each other before communication.The authenticated key exchange protocol allows both parties to achieve mutual authentication and establish a shared session key on the insecure public channel.This protocol ensures the security of data between users and servers.Therefore,the research on the authenticated key exchange protocol has the important value of theory and application.This thesis reviews the research history of authenticated key exchange protocols and analyzes the pros and cons of authenticated key exchange protocols based on different authentication factors.Focus on the application goal in complex network scenarios,the research work of authenticated key exchange protocols based on multi-factor has become a research hotspot in the field of cryptographic protocols.However,there are still some problems in the research work of multi-factor authenticated key exchange security model and protocol construction.Some multi-factor authenticated key exchange schemes provide incorrect security analysis results,and the constructed protocol has security flaws.Aiming at the problems of security analysis and protocol construction in existing schemes,the main research results of this thesis are as follows:1)This thesis reviews two multi-factor authenticated key exchange schemes(ZXSM protocol and GLGCW protocol)proposed by Zhang et al.in TDSC 2019 and Guo et al.in NaNA 2020.Both of them claimed that the proposed protocol could provide the main security properties of authenticated key exchange protocols.The security of ZXSM protocol has not been formally proven,and the GLGCW protocol has given the incorrect security analysis results.After analysis in this thesis,their protocols have security flaws and can not be applied to the environment.Aiming at the security flaws of protocols,this thesis designes some detailed attack schemes to break the security of protocols.For ZXSM protocol,this thesis describes a man-in-the-middle attack and a key compromise impersonation attack.For GLGCW protocol,this thesis provides a key compromise impersonation attack.2)By analyzing security flaws of two multi-factor authenticated key exchange protocols,this thesis improves the login authentication and key exchange phase of the ZXSM protocol,and proposes a new asymmetric multi-factor authenticated key exchange protocol.This thesis first describes the three phases of the new protocol in detail;secondly,the provable security analysis result is provided in the security model,which proves that it can provide entity authentication and session key indistinguishability between users and servers;then this thesis analyzes ten security properties provided by the new scheme from the perspective of attackers;finally,this thesis compares the new protocol with five multifactor authenticated key exchange protocols in similar application scenarios,and shows that the new protocol is more practical from the perspective of security properties and protocol performance.