多种环境下认证密钥协商协议的设计与分析

发布时间：2018-01-20 12:56

  本文关键词： 安全协议 认证 密钥协商 多服务器环境 无线传感网 椭圆曲线密码机制 BAN类逻辑　出处：《解放军信息工程大学》2014年硕士论文　论文类型：学位论文

【摘要】：随着互联网技术的快速发展与应用,网络信息系统的安全保障问题倍受人们的关注和重视。而作为信息安全保障最有效的手段之一,认证密钥协商协议能通过一系列的信息交互,实现网络中各实体间的相互认证,同时经会话密钥协商建立起一个安全通道,进而实现传输数据的各种安全需求。但随着网络信息化高速发展和应用场景的不断扩展,不同的应用背景必须配置不同的认证密钥协商协议。因此,如何针对不同的应用环境设计相应的认证密钥协商协议具有重要的理论价值和应用意义。本文针对不同应用环境下的认证密钥协商协议进行研究,取得以下成果:1.研究了单服务器认证密钥协商协议。当前,大多数基于智能卡口令的单服务器认证协议都存在一定安全缺陷,为克服这些缺陷,本文设计了一个具有高安全特性的单服务器认证协议,同时具有较高的效率,更适用于实际环境;分析了一个适用于云计算的单服务器认证协议,指出其存在的不足,为克服这些不足,引入椭圆曲线公钥密码技术,给出一个新协议,并进行安全和效率分析,分析结果表明,新协议在安全性上高于其他协议,并保持了相对较高的效率。最后用SPALL方法证明了协议的安全性。2.研究了多服务器认证密钥协商协议。基于ECDHP难题和ECDLP难题,引入对称加密算法、电子票据和生物特征码(Biometrics)匹配,设计了一个基于动态ID的多服务器认证密钥协商协议。安全和效率分析表明,本协议在提高安全性的同时,保持了较高的效率,更适用于安全需求较高的资源受限环境。最后,用SPALL方法证明了协议的强认证性、密钥协商正确性和密钥的机密性、新鲜性。3.研究了无线传感网认证密钥协商协议。分析了Yuan提出的加强的双因子认证协议,指出其不能抵抗离线口令猜测攻击、匹配泄露攻击和网关节点冒充攻击,且未能实现会话密钥协商等。为克服以上缺陷,设计了一个新协议,并进行安全和效率分析。结果显示,新协议弥补了原协议的不足,且保持了较高的效率,更适用于实际环境。最后,用SPALL方法证明了新协议满足密钥协商正确性、密钥机密性、外部用户与网关节点的相互认证及传感器节点与网关节点的相互认证。
[Abstract]:With the rapid development and application of Internet technology, people pay more attention to the security of network information system, and as one of the most effective means of information security. The authentication key agreement protocol can realize the mutual authentication of the entities in the network through a series of information exchange, and at the same time, establish a secure channel through the session key agreement. But with the rapid development of network information and the continuous expansion of application scenarios, different application backgrounds must be configured with different authentication key agreement protocol. How to design the corresponding authentication key agreement protocol for different application environment has important theoretical value and application significance. This paper studies the authentication key agreement protocol under different application environment. The following results are obtained: 1. Single server authentication key agreement protocol is studied. At present, most of the single server authentication protocols based on smart card password have some security defects to overcome these shortcomings. In this paper, a single server authentication protocol with high security characteristics is designed, which has high efficiency and is more suitable for practical environment. This paper analyzes a single server authentication protocol for cloud computing, and points out its shortcomings. In order to overcome these shortcomings, elliptic curve public key cryptography technology is introduced, a new protocol is proposed, and the security and efficiency are analyzed. The results show that the new protocol is more secure than other protocols. Finally, the security of the protocol is proved by the SPALL method. 2. The multi-server authentication key agreement protocol based on the ECDHP problem and the ECDLP problem is studied. A multi-server authentication key agreement protocol based on dynamic ID is designed by introducing symmetric encryption algorithm, electronic note and biometrics matching. The security and efficiency analysis show that. This protocol not only improves security, but also maintains high efficiency, which is more suitable for resource-constrained environment with high security requirements. Finally, the strong authentication of the protocol is proved by SPALL method. The correctness of key agreement and the confidentiality of key. 3. The authentication key agreement protocol of wireless sensor network is studied, and the enhanced two-factor authentication protocol proposed by Yuan is analyzed. It is pointed out that it can not resist off-line password guessing attack matching leak attack and gateway node impersonation attack and fails to implement session key agreement. In order to overcome the above defects a new protocol is designed. The results of security and efficiency analysis show that the new protocol makes up for the shortcomings of the original protocol, and maintains a higher efficiency, which is more suitable for the actual environment. Finally. The SPALL method is used to prove the correctness of the new protocol, the confidentiality of the key, the mutual authentication between the external user and the gateway node, and the mutual authentication between the sensor node and the gateway node.
【学位授予单位】：解放军信息工程大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TN918.4

【相似文献】

相关期刊论文 前10条

1 金茂顺;一种可认证密钥分配方案[J];计算机工程与设计;2002年03期

2 祁明，张凌，唐韶华，肖国镇;可认证密钥交换方案[J];计算机工程与应用;1998年03期

3 董小燕,许勇,吴国新,翟明玉;基于用户口令的认证密钥交换技术[J];数据通信;2001年03期

4 夏露;郑灿灿;肖必光;;电子商务身份认证密钥原理与应用研究[J];当代经理人;2005年04期

5 路守克;史国川;;身份基认证密钥协商协议[J];计算机技术与发展;2011年12期

6 李建兵;用IC卡实现登录控制[J];计算机安全;2004年10期

7 刘锋;高冬梅;程学翰;;基于可公开认证密钥共享的电子现金系统[J];兰州大学学报(自然科学版);2007年06期

8 刘文刚;李哠;何明星;;基于签密的高效可认证密钥协商协议[J];计算机工程;2011年02期

9 路守克;史国川;;对一个认证密钥协商协议的分析与改进[J];计算机工程与科学;2011年11期

10 李胜金;张昌宏;周大伟;;一种基于ECDH的可认证密钥协商协议[J];信息安全与通信保密;2011年07期

相关会议论文 前1条

1 刘翠卿;平西建;张涛;王云鹤;;基于GF(2~6)上RS码的信息隐藏应用研究[A];第七届全国信息隐藏暨多媒体信息安全学术大会论文集[C];2007年

相关博士学位论文 前2条

1 金海e，

本文编号：1448265