340 likes | 450 Vues
Authentication and Key Agreement Schemes for Network Applications 在電腦網路應用環境中的身份認證與金鑰協議技術之研究. Advisor: Dr. Chin-Chen Chang Student: Hao-Chuan Tsai Date: 12.30.2010 Department of Computer Science and Information Engineering, National Chung Cheng University. Outline.
E N D
Authentication and Key Agreement Schemes for Network Applications在電腦網路應用環境中的身份認證與金鑰協議技術之研究 Advisor: Dr. Chin-Chen Chang Student: Hao-Chuan Tsai Date: 12.30.2010 Department of Computer Science and Information Engineering, National Chung Cheng University
Outline • Part I: Authentication Scheme with Key Agreement • three party authenticated key agreement • Part II: Anonymous Authentication Scheme for Wireless Networks
User Authentication • Goal: • Convince system of your identity before it can act on your behalf • Methods • Who you are • What you know • What you have
1.025cm 1.923cm 5.39cm 8.56cm User Authentication (cont.) • What you have • Verify identity based on possession of some object • Magnetic Card • Smart Card (IC Card)
User Authentication (cont.) • Who you are • verify identity based on your physical characteristics or involuntary response patterns known as biometrics • characteristics used include: • signature (usually dynamic) • fingerprint • hand geometry • face or body profile • speech • retina pattern • always have tradeoff between false rejection and false acceptance
User Authentication (cont.) • What you know • Birthday, School name, Blood type, or Salary ? • Meaningful Secrets ? • Meaningless Secrets (Passwords) ! • Traditional Password Mechanism • Procedure: • 1. Prompt user for a login name and password • 2. Verify identity by checking that password is correct • Passwords in the System: • May be stored in clear mode • May be stored in cipher mode: Encrypted or One-Way Hashed • Passwords should be selected with care to reduce risk of exhaustive search • One problem with traditional passwords is caused by eavesdropping their transfer over an insecure network
User Authentication (cont.) • Password Practice • Password Complexity Criteria • At least 7 characters long. • Does not contain your User Name, Real Name, or Company Name. • Does not contain a complete dictionary word. • Is significantly different from previous passwords. • Contains characters from each of the following groups: • uppercase letters • lowercase letters • numerals • symbols found on the keyboard.
Key Establishment • Create Session Keys • Key transport • A session key is selected by one communication party and is distributed to others in some way • Key agreement • A session key is established by the cooperating of all communication parties
Three-Party Authenticated Key Agreement (3PAKA) Drawbacks of 2PAKA • Given N parties • there are N(N-1)/2 (=nC2) secret keys that should be established • each party should securely store N-1 secret keys • Awkward for larger-scale networks • Inflexible (difficult to add, update, or delete a party) • Example • If N = 6, then there are 6(6-1)/2 = 15 secret keys should be established in advance.
Three-Party Authenticated Key Agreement (3PAKA) (cont.) • An authenticated key agreement protocol is an interactive method for two or more parties to determine session keys based on their secret keys or public/private keys. Trusted server Authentication Authentication Key agreement / key exchange SK Secure communication
Weaknesses of Typical 3PAKA • Impersonation attacks • Impersonate clients or the server • Man-in-the-middle attacks • On-line password guessing attacks • Off-line password guessing attacks • The most powerful attack
The Proposed 3PAKA (1/4) • The server needs to authenticate the communication clients explicitly • The established session key would not revealed to either the server or others • Round efficiency
The Proposed 3PAKA (2/4) • Initial phase • The server computes • And then the server computes • Server also finds a value rc to satisfy the equation and computes
The Proposed 3PAKA (3/4) 2. S 1. A B
compute compute The Proposed 3PAKA (4/4) S 3 retrieve derive 4 A B
Part I I : Anonymous Authentication Scheme for Wireless Networks
Roaming path Scenario
Architecture • Multiple regional domain • Each domain is operated under a different administration • HLR (Home Location Register) • HLR is used to denote the home domain, the home domain server, and the home location register, concurrently. • A subscriber has only one home as his administrative domain • One who desiring to contact MS must consult his HLR. • VLR (Visiting Location Register) • VLR is used to denote the visiting domain, the visiting domain server, and the visiting location register, concurrently. • When a subscriber roams into a visited domain, he should initially establish a residence within that domain.
VLR needs to ensure that MS is currently in good status. VLR HLR MS IMSI IMSI, VLR Computes: SRES1 = A3(Ki, RAND1), Kc1 = A8(Ki, RAND1) SRES2 = A3(Ki, RAND2), Kc2 = A8(Ki, RAND2) … SRESn = A3(Ki, RANDn), Kcn = A8(Ki, RANDn) IMSI, (RAND1, SRES1, Kc1), (RAND2, SRES2, Kc2), …, (RANDn , SRESn, Kcn). RAND1 (Unspecified Secure Channel) Multiple on-the-fly triplets should be on-line generated and transferred in batch to the VLR. Then, VLR can use them in successive authentication flows with the roaming MS. Computes: (inside SIM) SRES1 = A3(Ki, RAND1) Kc1 = A8(Ki, RAND1) SRES1 Computes: enc_with_ A5(Kc1, TMSI) enc_with_ A5(Kc1, TMSI) Decrypts: enc_with_ A5(Kc1, TMSI) MS establishes a temporary residence in the visited domain.
VLR MS TMSI RANDm Computes: (inside SIM) SRESm = A3(Ki, RANDm) Kcm = A8(Ki, RANDm) SRESm enc_with_A5(Kcm, messages) VLR MS TMSI, RANDm Computes: (inside SIM) SRESm= A3(Ki, RANDm) Kcm = A8(Ki, RANDm) SRESm enc_with_A5(Kcm, messages) When MS makes a call, the origination protocol is then invoked to authenticate himself to VLR and establish a session key.
Authentication in Wireless Mobile Networks (cont.) • The main problems we suffer • Impersonation Attack • Attackers can impersonate either MS or FA to obtain secret information • Personal Privacy Problem • The identity of MS can be revealed to others
Authentication in Wireless Mobile Networks (cont.) • The proposed scheme has the following characteristics • Provide mutual authentication • A mobile client and the communicating entities can be authentic • An established session key would not revealed to either the uninvolved servers or others • Diverting the most complicated operations to either the HLR or VLR • The risk of compromising the secret information stored on HLR is reduced • Ensure anonymity
Authentication in Wireless Mobile Networks (cont.) • Initial phase • Sh chooses a long-term private key xsh. ( YSh=xshG) • Sh generates a unique master secret for an MS, where • Sh also generates the self-verified items • Eventually, Sh computes as the master delegation key
Authentication in Wireless Mobile Networks (cont.) • It is worth noting that, if the secrets are generated by the home network for which the public key is YSh, an MS can verify the secrets successfully since
Future works • Cloud Computing