改进的可证安全的相互认证及密钥协商方法

提出一种新的用于移动通信的相互认证和密钥协商方法——NMAKAP。NMAKAP采用基于阿贝尔群的模幂运算和散列函数进行身份认证，取代了传统公钥密码算法和数字签名方案，降低了协议的计算开销和实现成本。在SVO逻辑系统证明下，NMAKAP协议是安全的。SVO逻辑是安全协议形式化分析的一种重要方法，文章扩展了SVO逻辑分析散列函数的逻辑语法。SVO逻辑方法的认证目标被发现存在中间人攻击，为此提出了新的认证目标，并分析了新目标的安全性。分析了一种可用于移动通信的认证协议——MAKEP。MAKEP协议通过预计算，大大降低了移动设备的计算量，但被认为存在Hijacking攻击。分析表明针对原MAKEP协议的Hijacking攻击并不成立，但该协议被发现存在未知共享密钥攻击，为此提出了改进意见。

On attacking and improving unknown key-share of authentication protocol

The paper puts forward a new mutual authentication key agreement protocol （NMAKAP）,which can be applied in mobile communication.The traditional public key cryptography and digital signature algorithm are substituted by the modular exponentiation based on Abel-group and hash function in NMAKAP to authenticate the identity to reduce the costs of the calculation and implementation,The security of NMAKAP is proved by SVO logic.One of the important methods of formal analysis of security protocol is based on SVO logic.The paper expands the syntax of SVO logic.In addition, authentication goals of SVO logic risked for man-in-middle attack.Thus,the paper proposes a new authentication goal and analyzes the security of the new goal.A mutual authentication key exchange protocol （MAKEP） is also analyzed in the paper.MAKEP reduces the computational complexity of mobile devices largely by precomputing.However, some scholars thought the MAKEP might conceal the Hijacking attack.By analyzing deeply,the Hijacking in MAKEP dose not exist,and the opinions of the unknown key-share attacking and improving in MAKEP are pointed out.