Author:YongBin Zhou, ZhenFeng Zhang, and DengGuo Feng Presenter:戴士桀 Cryptanalysis of the End-to-End Security Protocol for Mobile Communications with End-User Identification/Authentication Author:YongBin Zhou, ZhenFeng Zhang, and DengGuo Feng Presenter:戴士桀
Outline INTRODUCTION REVIEW OF CHANG et al.’S PROTOCOL CRYPTANALYSIS OF CHANG et al.’S PROTOCOL MODIFYING THE BP PROTOCOL CONCLUSION
INTRODUCTION MUTUALLY authenticated key agreement protocol Chang et al. proposed an end-to-end security protocol for mobile communications with end-user authentication.
REVIEW OF CHANG et al.’S PROTOCOL
REVIEW OF CHANG et al.’S PROTOCOL Subscriber Identity Module (SIM) card The subscriber account information and the personal certificate of the mobile user are stored in the SIM The SIM card is stolen, the conspirator may impersonate the register to communicate with anyone. Password is involved to construct the end-to-end security authentication protocol
REVIEW OF CHANG et al.’S PROTOCOL Previous study Messages between the MS and the BS are in encrypted form Messages between the two BSs are usually in clear form. Security breach Messages should be encrypted by a secret session key known only by the two MSs.
REVIEW OF CHANG et al.’S PROTOCOL Park’s protocol
REVIEW OF CHANG et al.’S PROTOCOL Park’s protocol g be a generator of the multiplicative group , where p is a prime Private key of MS is ∈ ,andthe public key is = mod p the private and public keys of BS are ∈ and = mod p
REVIEW OF CHANG et al.’S PROTOCOL Impersonation attack against Park’s Protocol.
REVIEW OF CHANG et al.’S PROTOCOL Impersonation attack against Park’s Protocol R = ( + )−( + ) = ( − ) E can easily recover the current session key by computing
REVIEW OF CHANG et al.’S PROTOCOL certificate-based authentication and session key agreement protocol session agreement protocol is based on the Diffie-Hellman key exchange protocol
REVIEW OF CHANG et al.’S PROTOCOL The basic authentication protocol
REVIEW OF CHANG et al.’S PROTOCOL
REVIEW OF CHANG et al.’S PROTOCOL The end-to-end security protocol.
REVIEW OF CHANG et al.’S PROTOCOL EBP to support end-user authentication.
CRYPTANALYSIS OF CHANG et al.’S PROTOCOL Impersonation attack against BP Protocol.
MODIFYING THE BP PROTOCOL
Conclusion In this letter shown that the end-to-end security protocol for mobile communications with end-user authentication due to Chang et al. is insecure against impersonation attack. Proposing a modified protocol can preserves the claimed security.