370 likes | 375 Vues
網路環境中通訊安全技術之研究 Secure Communication Schemes in Network Environments. 博士論文. 指導教授: 張真誠 博士 (Dr. Chin-Chen Chang) 研究生: 李佳穎 ( Chia-Yin Lee ). Outline. Introduction A Mutual Authenticated Key Agreement Scheme A Dynamic ID-based User Authentication Scheme Using Smart Cards
E N D
網路環境中通訊安全技術之研究Secure Communication Schemes in Network Environments 博士論文 指導教授:張真誠 博士 (Dr. Chin-Chen Chang) 研究生:李佳穎 (Chia-Yin Lee) Department of Computer Science and Information Engineering National Chung Cheng University, Chia-Yi, Taiwan
Outline • Introduction • A Mutual Authenticated Key Agreement Scheme • A Dynamic ID-based User Authentication Scheme Using Smart Cards • A Secure Single Sign-on Mechanism for Distributed Computer Networks • An Enhanced Authentication Scheme with Anonymity for Roaming Service in GLOMONET • A Secure E-mail Protocol for Mobile Devices • Conclusions and Future Works
Introduction (1/2) • Property of network environments • convenient • efficient • cannot communicate face to face • insecure • Secure communications • user authentication • data confidentiality
Introduction (2/2) • Authentication • user authentication protocols • mutual authentication protocols • Confidentiality • encryption • session key establishment protocols
Mutual Authenticated Key Agreement (1/6) • Login into the server over insecure networks:
Mutual Authenticated Key Agreement (2/6) • Drawbacks of conventional user authentication schemes • suffer from possible attacks, (e.g., forgery attacks) • require high computational costs to provide high security(e.g., modular exponentiation) • extra time-synchronized mechanisms are needed(using timestamp) • do not establish a one-time session key
Mutual Authenticated Key Agreement (3/6) • A secure authenticated key agreement protocol: • direct authentication • no timestamps • perfect forward secrecy
Mutual Authenticated Key Agreement (4/6) • Initialization phase: Ui Server (Secure Channel)
Mutual Authenticated Key Agreement (5/6) • Authentication phase:
Mutual Authenticated Key Agreement (6/6) • Comparison:
A Dynamic ID-based User Authentication Scheme Using Smart Cards (1/5) • Conventional authentication schemes • the log-in identity (ID) is never change • the adversary can trace the source of the sender • Existing dynamic ID-based user authentication schemes • suffer from possible attacks • must maintain a registration table
A Dynamic ID-based User Authentication Scheme Using Smart Cards (2/5) • The characteristic of our method • no registration table • without using timestamps • ensure the privacy of the users • achieve perfect forward secrecy
A Dynamic ID-based User Authentication Scheme Using Smart Cards (3/5) • Registration phase:
A Dynamic ID-based User Authentication Scheme Using Smart Cards (5/5) • Comparison of security properties:
A Secure Single Sign-on Mechanism for Distributed Computer Networks (1/6) • Conventional authentication schemes • register with each service provider • keep different identity/password pairs • Existing user identification schemes for distributed networks • suffer from possible attacks • require time-synchronized mechanisms
A Secure Single Sign-on Mechanism for Distributed Computer Networks (2/6) • The characteristic of our method • withstand possible attacks (e.g., impersonation attacks) • without time-synchronized mechanisms • more efficient
A Secure Single Sign-on Mechanism for Distributed Computer Networks (3/6) • Registration phase:
A Secure Single Sign-on Mechanism for Distributed Computer Networks (5/6) • Computation cost comparison:
A Secure Single Sign-on Mechanism for Distributed Computer Networks (6/6) • Communication cost comparison:
Enhanced Authentication Scheme with Anonymity for Roaming Service in GLOMONET (1/6) • Existing schemes • adopt asymmetric and symmetric cryptosystems • use timestamps • suffer from possible attacks • do not provide the property of anonymity
Enhanced Authentication Scheme with Anonymity for Roaming Service in GLOMONET (2/6) • The characteristic of proposed scheme • use low cost functions • without time-synchronized mechanisms • provide anonymity for mobile users • the session key selected by the mobile user
Enhanced Authentication Scheme with Anonymity for Roaming Service in GLOMONET (3/6) • Registration phase:
Enhanced Authentication Scheme with Anonymity for Roaming Service in GLOMONET(5/6) • Performance comparisons:
Enhanced Authentication Scheme with Anonymity for Roaming Service in GLOMONET (6/6) • Functionality comparisons:
A Secure E-mail Protocol for Mobile Devices (1/8) • E-mail systems • a popular medium for data transmission • transmit pure text and multimedia • Internet is public and insecure • data might be eavesdropped • If long-term secret key is compromised • all previous mails might be exposed
A Secure E-mail Protocol for Mobile Devices (2/8) • Objectives of our research • reduce the computation cost • achieve Perfect Forward Secrecy (PFS) • work in the inter-domain
A Secure E-mail Protocol for Mobile Devices (3/8) • Registration phase:
A Secure E-mail Protocol for Mobile Devices (4/8) • Login phase:
A Secure E-mail Protocol for Mobile Devices (5/8) • The first sub-phase of the sending phase:
A Secure E-mail Protocol for Mobile Devices (7/8) • The receiving phase:
Conclusions and Future Works (1/2) • We have proposed solutions as follows • mutual authenticated key agreement protocol • dynamic ID-based user authentication scheme • secure single sign-on mechanism for distributed computer networks • authentication scheme with anonymity for roaming service • secure e-mail protocol for mobile devices
Conclusions and Future Works (2/2) • In the future, we will extend the result of this study • decrease the overhead of message transmission • design authentication schemes that can provide 1-out-of-∞ deniability • design secure authentication protocols in the RFID systems