Presentation is loading. Please wait.

Presentation is loading. Please wait.

Enhanced secure anonymous authentication scheme for roaming service in global mobility networks Hyeran Mun, Kyusuk Han, Yan Sun Lee, Chan Yeob Yeun, Hyo.

Published byMartin Malone Modified over 8 years ago

Similar presentations

Presentation on theme: "Enhanced secure anonymous authentication scheme for roaming service in global mobility networks Hyeran Mun, Kyusuk Han, Yan Sun Lee, Chan Yeob Yeun, Hyo."— Presentation transcript:

1 Enhanced secure anonymous authentication scheme for roaming service in global mobility networks Hyeran Mun, Kyusuk Han, Yan Sun Lee, Chan Yeob Yeun, Hyo Hyun Choi Mathematical and Computer Modelling Volume 55, Issues 1–2, January 2012, Pages 214–222 Citation: 3 Presenter: 林致良 Date: 2012/11/26 1

2 Outline Introduction Wu–Lee–Tsaur’s scheme Weaknesses of Wu–Lee–Tsaur’s scheme New enhancement for anonymous authentication scheme Analysis Conclusion 2

3 Outline Introduction Wu–Lee–Tsaur’s scheme Weaknesses of Wu–Lee–Tsaur’s scheme New enhancement for anonymous authentication scheme Analysis Conclusion 3

4 Introduction The GLOMONET provides global roaming service that permits mobile users to use the services provided by the home agent in a foreign agent. Many security problems such as user’s privacy are brought into attention GLOMONET: Global mobility network 4

5 Introduction You will see : Security weaknesses in Wu–Lee–Tsaur’s scheme such as disclosing of the legitimate user and failing to achieve perfect forward secrecy. A new novel scheme that also achieves mutual authentication and resistance to a man-in-the-middle attack. 5

6 Outline Introduction Wu–Lee–Tsaur’s scheme Weaknesses of Wu–Lee–Tsaur’s scheme New enhancement for anonymous authentication scheme Analysis Conclusion 6

7 Wu–Lee–Tsaur’s scheme Wu–Lee–Tsaur’s authentication scheme consists of three phases: 1. Initial phase 2. first phase 3. second phase 7

8 Wu–Lee–Tsaur’s scheme Initial phase PW MU = h(N ǁ ID MU ) r MU = h(N ǁ ID HA ) ⊕ h(N ǁ ID MU ) ⊕ ID HA ⊕ ID MU where N is a secret random number that is kept by HA 8

9 Wu–Lee–Tsaur’s scheme First phase 9 1. n MU, (h(ID MU ) ǁ x 0 ǁ x) L, ID HA,T MU 2. b, n MU, (h(ID MU ) ǁ x 0 ǁ x) L, T MU, Cert FA,T FA E S FA (h(b, nMU, (h(ID MU ) ǁ x 0 ǁ x) L, T MU, Cert FA )) 3. c, Cert HA, T HA, E P FA (h(h(N ǁ ID MU ) ǁ x 0 ǁ x) E S HA (h(b, c, E P FA (h(h(N ǁ ID MU )) ǁx 0 ǁ x), Cert HA )) 4. (TCert MU ǁ h(x 0 ǁ x)) k n MU = r MU ⊕ PW MU L = h(T MU ⊕ PW MU ) HA computes ID MU = h(N ǁ ID HA ) ⊕ n MU ⊕ ID HA h’ = h(ID MU ) compare with (h(ID MU ) ǁ x 0 ǁ x) L MU can be authenticated session key k = h(h(h(N ǁ ID MU )) ǁx 0 ǁx) MU check h(x 0 ǁ x) is equal to original FA can be authenticated

10 Wu–Lee–Tsaur’s scheme Second phase (update session key) When MU accesses FA at ith session, MU requests FA to update the session key. Step 1: MU → FA : TCert MU, ( x i ǁ TCert MU ) ki New ith session key k i can be computed by using An unexpired previous secret random number x i−1 Fixed the secret random number x k i = h ( h ( h ( N ǁ ID MU ) ǁ x ǁ x i−1 ), ( i = 1, 2, 3,..., n ). 10

11 Outline Introduction Wu–Lee–Tsaur’s scheme Weaknesses of Wu–Lee–Tsaur’s scheme New enhancement for anonymous authentication scheme Analysis Conclusion 11

12 Weaknesses of Wu–Lee–Tsaur’s scheme 12 Weakness 1 : F ailing to achieve the anonymity Weakness 2: D isclosure password of legitimate user Weakness 3: Perfect forward secrecy Assume : A legitimate user and an attacker A register the same HA. A is able to intercept all messages between FA and MU. Because anyone can overhear all sent and received packets within range of a wireless devices in wireless environment

13 Weaknesses of Wu–Lee–Tsaur’s scheme 13 1.Failing to achieve the anonymity (Zeng et al.) Step 1: A requests registration of HA, and obtains h(.), ID HA, PW A = h(N ǁ ID A ) rA = h(NǁID HA ) ⊕ h(N ǁ ID A ) ⊕ ID HA ⊕ ID A. Step 2: A can compute h(Nǁ ID HA ) as follows: rA ⊕ h(NǁID A ) ⊕ ID HA ⊕ ID A = h(NǁID HA ) ⊕ h(Nǁ ID A ) ⊕ ID HA ⊕ ID A ⊕ h(Nǁ ID A ) ⊕ ID HA ⊕ ID A = h(Nǁ ID HA ). Step 3: A is able to intercept messages nMU, (h(ID MU ) ǁx 0 ǁx) L, ID HA, and T MU. Step 4: A can obtain ID MU by using nMU, ID HA, and h(NǁID HA ) nMU ⊕ h(Nǁ ID HA ) ⊕ ID HA = h(NǁID HA ) ⊕ h(NǁID MU ) ⊕ IDc HA ⊕ ID MU ⊕ h(NǁID MU ) ⊕ h(Nǁ ID HA ) ⊕ ID HA = ID MU. n MU = r MU ⊕ PW MU 利用 XOR 特性 A ⊕ B = C C ⊕ B = A A ⊕ A = 0

14 Weaknesses of Wu–Lee–Tsaur’s scheme 14 2. Disclosure password of legitimate user A can obtain legitimate user’s password PW MU. A can compute PW MU as follows: (1) A can guess composition of r MU by using r A. Composition of r A is h(N ǁ ID HA ) ⊕ h(N ǁ ID MU ) ⊕ ID HA ⊕ ID MU. ID MU is composition of r MU instead of ID A. (2)A can compute legitimate user MU’s password PW MU by using intercepted n MU and guessed r MU. n MU ⊕ r MU = h(N ǁ ID MU ) ⊕ h(N ǁ ID HA ) ⊕ ID HA ⊕ ID MU ⊕ h(N ǁ ID MU ) ⊕ h(N ǁ ID HA ) ⊕ h(N ǁ ID MU ) ⊕ ID HA ⊕ ID MU = h(N ǁ ID MU ) = PW MU r MU

15 Weaknesses of Wu–Lee–Tsaur’s scheme 15 2. Disclosure password of legitimate user

16 Weaknesses of Wu–Lee–Tsaur’s scheme 16 2. Disclosure password of legitimate user Question: How can A guess composition of r MU by using r A. r A = h(N ǁ ID HA ) ⊕ h(N ǁ ID A ) ⊕ ID HA ⊕ ID A r MU = h(N ǁ ID HA ) ⊕ h(N ǁ ID MU ) ⊕ ID HA ⊕ ID MU

17 Weaknesses of Wu–Lee–Tsaur’s scheme 17 3. Perfect forward secrecy

18 Outline Introduction Wu–Lee–Tsaur’s scheme Weaknesses of Wu–Lee–Tsaur’s scheme New enhancement for anonymous authentication scheme Analysis Conclusion 18

19 New enhancement for anonymous authentication scheme The proposed scheme consists of three phases: 1. registration 2. Authentication and establishment of session key 3.update session key 19

20 New enhancement for anonymous authentication scheme First phase: registration 20 1. N MU, ID MU 2. Generate N HA Compute PW MU = h(N MU ǁN HA ) Compute r MU = h(ID MU ǁPW MU ) ⊕ ID HA 3. r MU, ID HA, N HA, PW MU, h(.)

21 New enhancement for anonymous authentication scheme Second phase: Authentication and establishment of session key 21 1. ID HA,N HA, r MU 2.Generate N FA 4. Compare r MU with r’ MU = h(ID MU ǁPW MU ) ⊕ ID HA (Authenticate MU) Compute P HA = h(PW MU ǁN FA ) Compute S HA = h(ID FA ǁN FA ) ⊕ r MU ⊕ P HA 3. ID FA,N FA, r MU 5. S HA, P FA PW MU = h(N MU ǁN HA ) r MU = h(ID MU ǁPW MU ) ⊕ ID HA

22 New enhancement for anonymous authentication scheme 22 6. Verify S HA (i)Compute S’ HA = h(ID FA ǁN FA ) ⊕ r MU ⊕ P HA (ii)Compare S HA with S’ HA Compute S FA = h(S HA ǁ N FA ǁ N HA ) and aP 9. bP, S MF 7. S FA, aP, P FA = (S HA ǁID FA ǁN FA ) 8. Verify S FA (Authenticate HA andFA) 1. S’ HA = h(ID FA ǁN FA ) ⊕ r MU ⊕ h(PW MU ǁ N FA ) 2. Compare S FA with S’ FA = h(S HA ǁ N FA ǁ N HA ) 算 bP, K MF = h(abP), S MF = f K MF (N FA ǁ bP) 10. Computes K MF = h(abP) Verify S MF (Authenticate MU)

23 New enhancement for anonymous authentication scheme Third phase: update session key : K MF i (i = 1.2.3……n) 23 1. Select b i, compute b i P 1. b i P 2.Select a i, compute a i P New session key : h(a i b i P) S MF i = f K MF i (a i b i P ǁ a i−1 b i−1 P) 3. a i P, S MF i 4.Compute K MF i = h(abP) Compare S’ MF i = f K MF i (a i b i P ǁa i−1 b i−1 P) with S MF i

24 Outline Introduction Wu–Lee–Tsaur’s scheme Weaknesses of Wu–Lee–Tsaur’s scheme New enhancement for anonymous authentication scheme Analysis Conclusion 24

25 Security Analysis Achieve anonymity FA receives r MU = h(ID MU ǁ PW MU ) ⊕ ID HA instead of ID MU Thus, FA has no way of guessing ID MU without PW MU = h(N MU ǁ N HA ) and ID HA Provide perfect forward secrecy Prevent disclose of legitimate user’s password To obtain user’s password, an attacker should know two nonces N MU and N HA. r MU = h(ID MU ǁ PW MU ) ⊕ ID HA, P HA = h(PW MU ǁ N FA ) and S FA = h(S HA ǁN FA ǁN HA ) Prevent replay attack The scheme can resist a replay attack by using nonces. Provide mutual authentication between MU and HA Provide mutual authentication between MU and FA 25

26 Security Analysis 26

27 Performance analysis 27 No need for time synchronization: Previous scheme use timestamps for resisting a replay attack. Use Elliptic Curve Diffie–Hellman (ECDH): New scheme uses ECDH instead of using public key cryptosystem with certificates to reduce communication overhead.

28 Outline Introduction Wu–Lee–Tsaur’s scheme Weaknesses of Wu–Lee–Tsaur’s scheme New enhancement for anonymous authentication scheme Analysis Conclusion 28

29 Conclusion There are security weaknesses in Wu–Lee– Tsaur’s scheme such as failing to provide anonymity, disclosing of user’s password and perfect forward secrecy. This paper proposes a novel enhanced scheme that uses Elliptic Curve Diffie–Hellman (ECDH). This scheme is efficient, provides mutual authentication, and resists the man-in-the- middle attack. 29

Download ppt "Enhanced secure anonymous authentication scheme for roaming service in global mobility networks Hyeran Mun, Kyusuk Han, Yan Sun Lee, Chan Yeob Yeun, Hyo."

Similar presentations

1 東南技術學院九十二學年度第二學期 資工系第一次論文發表會 Analysis of an Improved Version of S/KEY One-Time Password Authentication Scheme Speaker: Maw-Jinn Tsaur 2004.05.12.

1 東南技術學院九十二學年度第二學期 資工系第一次論文發表會 Analysis of an Improved Version of S/KEY One-Time Password Authentication Scheme Speaker: Maw-Jinn Tsaur
Cryptanalysis of a Communication-Efficient Three-Party Password Authenticated Key Exchange Protocol Source: Information Sciences in review Presenter: Tsuei-Hung.

Cryptanalysis of a Communication-Efficient Three-Party Password Authenticated Key Exchange Protocol Source: Information Sciences in review Presenter: Tsuei-Hung.
A key agreement protocol using mutual Authentication for Ad-Hoc Networks IEEE 2005 Authors : Chichun Lo, Chunchieh Huang, Yongxin Huang Date : 2005_11_29.

A key agreement protocol using mutual Authentication for Ad-Hoc Networks IEEE 2005 Authors : Chichun Lo, Chunchieh Huang, Yongxin Huang Date : 2005_11_29.
多媒體網路安全實驗室 An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards 作者 :JongHyup LEE 出處.

多媒體網路安全實驗室 An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards 作者 :JongHyup LEE 出處.
An Improvement on Privacy and Authentication in GSM Young Jae Choi, Soon Ja Kim Computer Networks Lab. School of Electrical Engineering and Computer Science,

An Improvement on Privacy and Authentication in GSM Young Jae Choi, Soon Ja Kim Computer Networks Lab. School of Electrical Engineering and Computer Science,
Further improvement on the modified authenticated key agreement scheme Authors: N.Y. Lee and M.F. Lee Source: Applied Mathematics and Computation, Vol.157,

Further improvement on the modified authenticated key agreement scheme Authors: N.Y. Lee and M.F. Lee Source: Applied Mathematics and Computation, Vol.157,
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
1 Secure Credit Card Transactions on an Untrusted Channel Source: Information Sciences in review Presenter: Tsuei-Hung Sun ( 孫翠鴻 ) Date: 2010/9/24.

1 Secure Credit Card Transactions on an Untrusted Channel Source: Information Sciences in review Presenter: Tsuei-Hung Sun ( 孫翠鴻 ) Date: 2010/9/24.
多媒體網路安全實驗室 Improved Secure Anonymous Authentication Scheme for Roaming Service in Global Mobility Networks Date : 2012.10.24 Reporter : Hong Ji Wei Authors.

多媒體網路安全實驗室 Improved Secure Anonymous Authentication Scheme for Roaming Service in Global Mobility Networks Date : Reporter : Hong Ji Wei Authors.
An Improvement on Authenticated Key Agreement Scheme Authors: Chin-Chen Chang and Shih-Yi Lin Source: 2007 International Conference on Intelligent Pervasive.

An Improvement on Authenticated Key Agreement Scheme Authors: Chin-Chen Chang and Shih-Yi Lin Source: 2007 International Conference on Intelligent Pervasive.
CMSC 414 Computer (and Network) Security Lecture 21 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 21 Jonathan Katz.
Vault: A Secure Binding Service Guor-Huar Lu, Changho Choi, Zhi-Li Zhang University of Minnesota.

Vault: A Secure Binding Service Guor-Huar Lu, Changho Choi, Zhi-Li Zhang University of Minnesota.
Wireless Security In wireless networks. Security and Assurance - Goals Integrity Modified only in acceptable ways Modified only by authorized people Modified.

Wireless Security In wireless networks. Security and Assurance - Goals Integrity Modified only in acceptable ways Modified only by authorized people Modified.
1 Security analysis of an enhanced authentication key exchange protocol Authors : H.Y. Liu, G.B. Horng, F.Y. Hung Presented by F.Y. Hung Date : 2005/5/20.

1 Security analysis of an enhanced authentication key exchange protocol Authors : H.Y. Liu, G.B. Horng, F.Y. Hung Presented by F.Y. Hung Date : 2005/5/20.
An Authentication Scheme for Mobil Satellite Communication Systems Advisor: Prof. Jen-Chang Liu Graduate Student: Yi-Ching Chen( 陳怡靜 92321527) Date: 2004/05/26.

An Authentication Scheme for Mobil Satellite Communication Systems Advisor: Prof. Jen-Chang Liu Graduate Student: Yi-Ching Chen( 陳怡靜 ) Date: 2004/05/26.
A simple remote user authentication scheme 1. M. S. Hwang, C. C. Lee and Y. L. Tang, “A simple remote user authentication.

A simple remote user authentication scheme 1. M. S. Hwang, C. C. Lee and Y. L. Tang, “A simple remote user authentication.
CMSC 414 Computer and Network Security Lecture 17 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 17 Jonathan Katz.
電子商務與數位生活研討會 1 Further Security Enhancement for Optimal Strong-Password Authentication Protocol Tzung-Her Chen, Gwoboa Horng, Wei-Bin Lee,Kuang-Long Lin.

電子商務與數位生活研討會 1 Further Security Enhancement for Optimal Strong-Password Authentication Protocol Tzung-Her Chen, Gwoboa Horng, Wei-Bin Lee,Kuang-Long Lin.
CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.

Similar presentations

Ads by Google