Research On Multi-factor Authentication Protocol Based On Elliptic Curve Cryptography

With the rapid development of network technology,mobile communication has penetrated into all fields of life,network communication not only brings convenience to people,but also brings many security risks.In order to protect the property and privacy of users and ensure the authenticity and validity of the identity information of both parties in communication,secure identity authentication protocol has become one of the focuses of network security research.This paper mainly studies the multi-factor identity authentication protocol based on elliptic curve.According to the number of security factors,the research body of this paper is divided into two parts: two-factor identity authentication protocol and three-factor identity authentication protocol.This paper first briefly reviews the existing multi-factor authentication protocols,and analyzes the security vulnerabilities of the existing schemes.Based on elliptic curve cryptography,two two-factor authentication protocols and one three-factor authentication protocol are designed,and the security of the proposed protocol is analyzed.The main research contents of this paper are as follows:1.Aiming at the problems that the existing two-factor identity authentication protocols in single-server environment cannot resist smart card loss attack,tracking attack and have no anonymity,this paper proposed a two-factor anonymous identity authentication and key agreement protocol that could be completed completely in the public channel.The protocol uses the elliptic curve cryptography discrete logarithm problem to encrypt the password and user identity in the user registration application,effectively resist various attacks launched by insiders,and realize the registration phase in the public channel.Security analysis shows that the protocol can resist man-in-the-middle attack and other common attacks in the process of identity authentication,and has the characteristics of two-factor security.2.Aiming at the problem that the existing two-factor authentication protocols in multi-server environment cannot resist impersonation attacks and are not untraceable,this paper proposed a two-factor anonymous authentication and key agreement protocol based on elliptic curve cryptography.The protocol does not multiplication between the user’s private information and the server’s public key,so that the server can authenticate the user’s identity but cannot calculate the private information,so as to achieve the purpose of resisting the user impersonation attack launched by insiders.Security analysis shows that the protocol can resist common attacks such as insider privilege attack in the process of identity authentication,and has the characteristics of two-factor security.3.Aiming at the problems that the existing three-factor authentication protocols cannot resist insider privilege attack,smart card loss attack and do not have anonymity,this paper proposed a secure and efficient three-factor anonymous authentication and key agreement protocol based on elliptic curve cryptography discrete logarithm problem.The protocol encrypts the password and biometrics in the user’s application during the user registration phase,which can effectively resist the insider privilege attack,and enhance the uniqueness of the user’s private authentication information,which can resist the impersonation attack launched by malicious users.Security analysis shows that the protocol can resist common attacks such as smart card loss attack,and has three-factor security characteristics.