多媒體網路安全實驗室 A novel user authentication and privacy preserving scheme with smartcards for wireless communications 作者 :Chun-Ta Li,Cgeng-Chi Lee 出處 :Mathematical.

Slides:

Advertisements

Similar presentations

E W H A W U New Nominative Proxy Signature Scheme for Mobile Communication April Seo, Seung-Hyun Dept. of Computer Science and.

Advertisements

1 東南技術學院九十二學年度第二學期資工系第一次論文發表會 Analysis of an Improved Version of S/KEY One-Time Password Authentication Scheme Speaker: Maw-Jinn Tsaur

Cryptanalysis of a Communication-Efficient Three-Party Password Authenticated Key Exchange Protocol Source: Information Sciences in review Presenter: Tsuei-Hung.

多媒體網路安全實驗室 An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards 作者 :JongHyup LEE 出處.

Further improvement on the modified authenticated key agreement scheme Authors: N.Y. Lee and M.F. Lee Source: Applied Mathematics and Computation, Vol.157,

多媒體網路安全實驗室 Improved Secure Anonymous Authentication Scheme for Roaming Service in Global Mobility Networks Date ： Reporter : Hong Ji Wei Authors.

多媒體網路安全實驗室 Towards Secure and Effective Utilization over Encrypted Cloud Data 報告人 : 葉瑞群日期 :2012/05/09 出處 :IEEE Transactions on Knowledge and Data Engineering.

A Secure Remote User Authentication Scheme with Smart Cards Manoj Kumar 報告者 : 許睿中日期 :

Computer and Information Security 期末報告學號姓名莊玉麟.

1 Authenticated key agreement without using one-way hash functions Harn, L.; Lin, H.-Y. Electronics Letters, Volume: 37 Issue: 10, 10 May 2001 Presented.

1 Security analysis of an enhanced authentication key exchange protocol Authors ： H.Y. Liu, G.B. Horng, F.Y. Hung Presented by F.Y. Hung Date ： 2005/5/20.

A simple remote user authentication scheme 1. M. S. Hwang, C. C. Lee and Y. L. Tang, “A simple remote user authentication.

電子商務與數位生活研討會 1 Further Security Enhancement for Optimal Strong-Password Authentication Protocol Tzung-Her Chen, Gwoboa Horng, Wei-Bin Lee,Kuang-Long Lin.

1 Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment Authors ： Han-Cheng Hsiang and Wei-Kuan Shih.

Efficient Multi-server Password Authenticated Key Agreement Using Smart Cards Computer and Information Security Ming-Hong Shih.

孫國偉 Efficient Password authenticated key agreement using smart cards Author : Wen-Shenq Juang* Date : in Computers & Security.

An Improved Smart Card Based Password Authentication Scheme with Provable Security Source:Computer Standards & Interfaces, Vol. 31, No. 4, pp ,

A more efficient and secure dynamic ID- based remote user authentication scheme Yan-yan Wang, Jia-yong Liu, Feng-xia Xiao, Jing Dan in Computer Communications.

Improvement of Hwang-Lo-Lin scheme based on an ID-based cryptosystem No author given (Korea information security Agency) Presented by J.Liu.

An Enhanced Two-factor User Authentication Scheme in Wireless Sensor Networks DAOJING HE, YI GAO, SAMMY CHAN, CHUN CHEN, JIAJUN BU Ad Hoc & Sensor Wireless.

多媒體網路安全實驗室 A Strong User Authentication Framework for Cloud Computing Date ： Reporter : Hong Ji Wei Authors : Amlan Jyoti Choudhury, Mangal.

多媒體網路安全實驗室 A Security Framework of Group Location-Based Mobile Applications in Cloud Computing Date ： Reporter : Hong Ji Wei Authors : Yu-Jia.

多媒體網路安全實驗室 A novel user identification scheme with key distribution preserving user anonymity for distributed computer networks Date:2011/10/05 報告人：向峻霈.

Cryptanalysis of Two Dynamic ID-based Authentication

1 Anonymous Roaming Authentication Protocol with ID-based Signatures Lih-Chyau Wuu Chi-Hsiang Hung Department of Electronic Engineering National Yunlin.

Guomin Yang et al. IEEE Transactions on Wireless Communication Vol. 6 No. 9 September

多媒體網路安全實驗室 An Efficient RFID Authentication Protocol for Low-cost Tags Date ： Reporter : Hong Ji Wei Authors : Yanfei Liu From : 2008 IEEE/IFIP.

1 Authentication and Digital Signature Schemes and Their Applications to E-commerce ( 身份認證與數位簽章技術及其在電子商務上的應用 ) Advisor: Chin-Chen Chang 1, 2 Student: Ya-Fen.

Efficient remote mutual authentication and key agreement Improvement of Chien et al. ’ s remote user authentication scheme using smart cards An efficient.

Secure Authentication Scheme with Anonymity for Wireless Communications Speaker : Hong-Ji Wei Date :

多媒體網路安全實驗室 Protecting the Privacy of Users in e-Commerce Environment Date： Reporter:Chien-Wen Huang Author: Chun-Hua Chen and Gwoboa Horng 出處:

Cryptanalysis and Improvement of an Access Control in User Hierarchy Based on Elliptic Curve Cryptosystem Reporter : Tzer-Long Chen Information Sciences.

A Secure Identification and Key Agreement Protocol with User Anonymity (SIKA) Authors: Kumar Mangipudi and Rajendra Katti Source: Computers & Security,

1 Robust and Efficient Password-Authenticated Key Agreement Using Smart Cards 使用在 smart cards 的強韌及高效率密碼驗證金鑰協定 IEEE Transactions on Industrial Electronics,

Enhanced secure anonymous authentication scheme for roaming service in global mobility networks Hyeran Mun, Kyusuk Han, Yan Sun Lee, Chan Yeob Yeun, Hyo.

Authentication of Signaling in VoIP Applications Authors: Srinivasan et al. (MIT Campus of Anna University, India) Source: IJNS review paper Reporter:

多媒體網路安全實驗室 Certificateless multi-proxy signature Date:2011/04/08 報告人：向峻霈出處 : Zhengping Jin, Qiaoyan Wen: Computer Communications, pp ,2011.

Department of Computer Engineering, Kyungpook National University Author : Eun-Jun Yoon, Wan-Soo Lee, Kee-Young Yoo Speaker : Wan-Soo Lee

多媒體網路安全實驗室 Robust authentication and key agreement scheme preserving Date:2011/11/05 報告人：向峻霈出處 : Ren-Chiun Wang Wen-Shenq Juang Chin-Laung Lei Computer.

Secure Communication between Set-top Box and Smart Card in DTV Broadcasting Authors: T. Jiang, Y. Hou and S. Zheng Source: IEEE Transactions on Consumer.

SPEAKER: HONG-JI WEI DATE: Secure Anonymous Authentication Scheme with Roaming for Mobile Networks.

多媒體網路安全實驗室 Mobility Assisted Secret Key Generation Using Wireless Link Signatures Date： Reporter : Hong Ji Wei Auther : Junxing Zhang Kasera,

多媒體網路安全實驗室 Anonymous ID Signature Scheme with Provable Identity Date： Reporter :Chien-Wen Huang 出處： 2008 Second International Conference on Future.

Password-only Authenticated Key Agreement Protocols Based on Self-certified Approach Tzong-Chen Wu and Yen-Ching Lin Department of Information Management.

多媒體網路安全實驗室 Routing Through the Mist: Privacy Preserving Communication in Ubiquitous Computing Environments Date:2011/05/05 報告人：向峻霈出處 : Jalal Al-Muhtadi,

A flexible biometrics remote user authentication scheme Authors: Chu-Hsing Lin and Yi-Yi Lai Sources: Computer Standards & Interfaces, 27(1), pp.19-23,

A new provably secure certificateless short signature scheme Authors: K.Y. Choi, J.H. Park, D.H. Lee Source: Comput. Math. Appl. (IF:1.472) Vol. 61, 2011,

User authentication schemes with pseudonymity for ubiquitous sensor network in NGN Authors: Binod Vaidya, Joel J. Rodrigues and Jong Hyuk Park Source:

多媒體網路安全實驗室 Practical Searching Over Encrypted Data By Private Information Retrieval Date： Reporter: Chien-Wen Huang 出處: GLOBECOM 2010, 2010 IEEE.

Secure Messenger Protocol using AES (Rijndael) Sang won, Lee

Robust and Efficient Password- Authenticated Key Agreement Using Smart Cards Authors: Wen-Shenq Juang, Sian-Teng Chen and Horng-Twu Liaw Src: IEEE Transaction.

多媒體網路安全實驗室 Anonymous Authentication Systems Based on Private Information Retrieval Date： Reporter: Chien-Wen Huang 出處: Networked Digital Technologies,

RSA-based password authenticated key exchange protocol Presenter: Jung-wen Lo( 駱榮問 )

SPEAKER: HONG-JI WEI DATE: Efficient and Secure Anonymous Authentication Scheme with Roaming Used in Mobile Networks.

多媒體網路安全實驗室 Source: IEICE Trans. Fundamentals, Vol. E90-A, No. 4, April 2007, pp Authors:Hong Lin Jin, Masaaki Fujiyoshi, Hitoshi Kiya Speaker:Cheng.

Threshold password authentication against guessing attacks in Ad hoc networks ► Chai, Zhenchuan; Cao, Zhenfu; Lu, Rongxing ► Ad Hoc Networks Volume: 5,

多媒體網路安全實驗室 An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards 作者 : Xiong Li, Yongping.

多媒體網路安全實驗室 Private Information Retrieval Scheme Combined with E- Payment in Querying Valuable Information Date： Reporter: Chien-Wen Huang 出處:

多媒體網路安全實驗室 An ID-based client authentication with key agreement protocol for mobile client–server environment on ECC with provable security Date:2012/02/16.

Threshold password authentication against guessing attacks in Ad hoc networks Authors: Zhenchuan Chai, Zhenfu Cao, Rongxing Lu Sources: Ad Hoc Networks,

A Secure Authentication Scheme with Anonymity for Wireless Communications IEEE COMMUNICATIONS LETTERS, VOL. 12, NO. 10, OCTOBER 2008 Chia-Chun Wu, Wei-Bin.

多媒體網路安全實驗室 A novel user identification scheme with key distribution preserving user anonymity for distributed computer networks Date:2011/10/12 報告人：向峻霈.

Smart Card Based Authenticated Key Agreement Schemes

A Dynamic ID-Based Generic Framework for Anonymous Authentication Scheme for Roaming Service in Global Mobility Networks Source: Wireless Personal Communications,

網路環境中通訊安全技術之研究 Secure Communication Schemes in Network Environments

Efficient password authenticated key agreement using smart cards

A Secure Anonymity Preserving Authentication Scheme for Roaming Service in Global Mobility Networks Source: Wireless Personal Communications, ahead of.

An efficient biometric based remote user authentication scheme for secure internet of things environment Source: Journal of Intelligent & Fuzzy Systems.

Date:2011/09/28 報告人：向峻霈出處: Ren-Chiun Wang Wen-Shenq Juang

Privacy Protection for E-Health Systems by

Presentation transcript:

多媒體網路安全實驗室 A novel user authentication and privacy preserving scheme with smartcards for wireless communications 作者 :Chun-Ta Li,Cgeng-Chi Lee 出處 :Mathematical and Computer Modelling,2012 報告人 : 葉瑞群日期 :2012/09/07

多媒體網路安全實驗室 Outline Introduction 1 Review of He et al.’s scheme 2 Three weaknesses in He et al.’s scheme 33 The proposed scheme 44 Security analusis of the proposed scheme 35 Functionality features and performance analysis of the proposed scheme 46 Conclusions 37 2

多媒體網路安全實驗室 1.Introduction(1/3)  Generally speaking, mobile users (MU) can access the services provided by the home agent of the MU (HA) in a visited foreign agent of the MU (FA). 3

多媒體網路安全實驗室 1.Introduction(2/3)  Recently, He et al. [5] showed that Wu et al.’s scheme is vulnerable to several weaknesses and then proposed a strong user authentication scheme with smart cards for wireless communications. 4

多媒體網路安全實驗室 1.Introduction(3/3) In this paper we will show that He et al.’s scheme has three weaknesses as follows.  1. Lack of user friendliness.  2. Unfairness in key agreement.  3. Attacks against the user anonymity. 5

多媒體網路安全實驗室 2.Review of He et al.’s scheme(1/7) TABLE 1 (I) MUThe mobile user PW MU The password of MU ID MU The identity of MU HAThe home agent of Ui ID HA The identity of HA FAThe foreign agent of MU roamed ID FA The identity of FA NThe master secret key stored in HA TXTX A timestamp generated by an entity X SKThe common session key ⊕ The bitwise XOR operation H(.)A collision free one-way hash function 6

多媒體網路安全實驗室 2.Review of He et al.’s scheme(2/7) TABLE 1 (II) ||String concatenation E k [.]/D k [.]The symmetric encryption/decryption function with key K E k {.}/D k [{.}The asymmetric encryption/decryption function with key K ⇒ A secure channel →A common channel 7

多媒體網路安全實驗室 2.Review of He et al.’s scheme (3/7) – Registration phase [1] MU HA ID MU,H(PW MU ⊕ d) TK MU = H(ID MU ||X HA ) SK MU = H(N||ID MU ) r = TK MU ⊕ ID HA ⊕ E N [(ID MU ||m)] {TK MU,SK MU,H(.),r} SK * MU = H(ID MU ||H(PW MU )) ⊕ SK MU V MU = TK MU ⊕ H(ID MU ||H(PW MU ⊕ d)) H MU = H(TK MU ) {V MU,H MU,SK * MU,H(.),d,r} 8

多媒體網路安全實驗室 2.Review of He et al.’s scheme (4/7) – Login phase [2] MU FA Smart card TK * MU = V MU ⊕ H(ID MU ||H(PW MU ⊕ d)) H * MU = H(TK * MU ) check H * MU = H MU SK MU = H(ID MU ||H(PW MU )) ⊕ SK * MU L = H(T MU ⊕ SK MU ) F = E L [H(T MU )||ID FA ||x 0 ||x] n = r ⊕ TK MU = ID HA ⊕ E N [(ID MU ||m)] m1{n,F,ID HA,T MU } 9

多媒體網路安全實驗室 2.Review of He et al.’s scheme (5/7) – Authentication phase [3] - I 10

多媒體網路安全實驗室 2.Review of He et al.’s scheme (6/7) – Authentication phase [3] - II 11

多媒體網路安全實驗室 2.Review of He et al.’s scheme (7/7) – Password change phase [4] Smart card TK * MU = V MU ⊕ H(ID MU ||H(PW MU || ⊕ d)) H * MU = H(TK * MU ),Check H * MU = H MU MU Input PW NEW MU Smart card SK’ MU = H(ID MU ||H(PW NEW MU )) ⊕ SK MU = H(ID MU ||H(PW NEW MU )) ⊕ H(ID MU ||H(PW MU )) ⊕ SK * MU, Replaces SK’ MU →SK * MU V’ MU = TK MU ⊕ H(ID MU ||H(PW NEW MU ⊕ d NEW )),Replaces V’ MU →V MU {V’ MU,H MU,SK’ MU,H(.),d NEW,r},PW NEW MU 12

多媒體網路安全實驗室 3. Three weaknesses in He et al.’s scheme(1/3) 1.Lack of user friendliness  Authors assumed that the bit length of MU’s ID MU is 128 bit and MU has to bear in mind such a 128 bit identity (usually in the form of as many as 32 hexadecimal ASCII characters). 13

多媒體網路安全實驗室 3. Three weaknesses in He et al.’s scheme(2/3) 2.Unfairness in key agreement  The MU can always choose x 0 and x, where x 0 and x are two 256 bits random number generated by the MU alone, such that in Step V7,the common session key computed by the FA according to SK = H(H(H(N ‖ ID MU )) ‖ x ‖ x 0 ) is always the MU’s pre-determined x 0 and x. 14

多媒體網路安全實驗室 3. Three weaknesses in He et al.’s scheme(3/3) 3. Attacks against the user’s anonymity  Consider that a mobile user MU roams into the foreign network and sends the login message m1 = {n,F,ID HA,T MU } to the FA to access service, the contents of n and ID HA are for the mobile user MU’s exclusive use and these two values always unchanging in Step L 4 of the login phase. 15

多媒體網路安全實驗室 4.The proposed scheme(1/7) Notations p,qpublic large prime numbers S HA = cHA selects a private key P HA =g c mod pHA computes its public key S FA = eFA selects a private key P FA = g e mod pFA computes its public key 16

多媒體網路安全實驗室 4.The proposed scheme(2/7) Registration phase [1] MU HA ID MU,H(ID MU ⊕ PW MU ⊕ d) TK MU = H(N||ID MU ) ⊕ H(ID MU ⊕ PW MU ⊕ d) r = ID HA ⊕ E N [(ID MU ||m)] TK MU,H(.),r TK MU,H(.),r,d 17

多媒體網路安全實驗室 4.The proposed scheme(3/7) Login phase [2] MU FA Smart card TK * MU = TK MU ⊕ H(ID MU ⊕ PW MU ⊕ d) = H(N||ID MU ) A = g a mod p L = H(T MU ⊕ TK * MU ), F = E L [T MU ||ID FA ||A] DH = P HA a mod p = g ac mod p, M=E DH [r] MU DH’ = P FA a mod p = g ea mod p m 1 = {A,T MU,U=E DH’ [M,F,ID HA,T MU ]} 18

多媒體網路安全實驗室 4.The proposed scheme(4/7) Authentication phase [3] I 19

多媒體網路安全實驗室 4.The proposed scheme(5/7) Authentication phase [3] II 20

多媒體網路安全實驗室 4.The proposed scheme(6/7) Authentication phase [3] III MU FA HA SK = B a mod p = g ba mod p D SK [Z] = TCert MU,H(H(N||ID MU )||D),A,B,D 21

多媒體網路安全實驗室 4.The proposed scheme(7/7) Password change phase [4] MU 、 Smart card TK * MU = TK MU ⊕ H(ID MU ⊕ PW MU ⊕ d)=H(N||ID MU ) H(ID MU ⊕ PW NEW MU ⊕ d’) TK NEW MU = TK * MU ⊕ H(ID MU ⊕ PW NEW MU ⊕ d’) Replaces TK NEW MU,d’ 22

多媒體網路安全實驗室 5.Security analusis of the proposed scheme(1/3)  The proposed scheme is able to provide user anonymity.  m 1 = {A,T MU,U=E DH’ [M,F,ID HA,T MU ]}  Step1 DH’ = A e mod p =g ae mod p  Step2 D DH’ [U] = M,F,ID HA,T MU 23

多媒體網路安全實驗室 5.Security analusis of the proposed scheme(2/3) MU FA HA DH’ DH’’ DH SK 24

多媒體網路安全實驗室 5.Security analusis of the proposed scheme(3/3)  The proposed scheme meets the security requirement for perfect forward secrecy. (Diffie-Hellman)  Attacker cannot launch any attack to obtain the MU’s real identity ID MU and password PW MU. TK ∗ MU = H(N ‖ ID MU ) 25

多媒體網路安全實驗室 6.Functionality features and performance analysis of the proposed scheme(1/1) 26

多媒體網路安全實驗室  More recently, He et al. showed that Wu et al.,’s smart card based authentication scheme with user anonymity is vulnerable to several weaknesses and then proposed a secure and light-weight user authentication scheme. 27

多媒體網路安全實驗室