多媒體網路安全實驗室 Robust authentication and key agreement scheme preserving Date:2011/11/05 報告人：向峻霈出處 : Ren-Chiun Wang Wen-Shenq Juang Chin-Laung Lei Computer.

Slides:

Advertisements

Similar presentations

Cryptanalysis of a Communication-Efficient Three-Party Password Authenticated Key Exchange Protocol Source: Information Sciences in review Presenter: Tsuei-Hung.

Advertisements

多媒體網路安全實驗室 An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards 作者 :JongHyup LEE 出處.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

Further improvement on the modified authenticated key agreement scheme Authors: N.Y. Lee and M.F. Lee Source: Applied Mathematics and Computation, Vol.157,

多媒體網路安全實驗室 Improved Secure Anonymous Authentication Scheme for Roaming Service in Global Mobility Networks Date ： Reporter : Hong Ji Wei Authors.

CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.

A Secure Remote User Authentication Scheme with Smart Cards Manoj Kumar 報告者 : 許睿中日期 :

Computer and Information Security 期末報告學號姓名莊玉麟.

A simple remote user authentication scheme 1. M. S. Hwang, C. C. Lee and Y. L. Tang, “A simple remote user authentication.

A Server-aided Signature Scheme Based on Secret Sharing for Mobile Commerce Source: Journal of Computers, Vol.19, No.1, April 2008 Author: Chin-Ling Chen,

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

電子商務與數位生活研討會 1 Further Security Enhancement for Optimal Strong-Password Authentication Protocol Tzung-Her Chen, Gwoboa Horng, Wei-Bin Lee,Kuang-Long Lin.

A password authentication scheme with secure password updating SEC 期末報告學號：姓名：翁玉芬.

Improvement of Password Authenticated Key Exchange Based on RSA for Imbalanced Wireless Networks IEICE Transactions on Communications, Vol. E86-B, No.

CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.

1 Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment Authors ： Han-Cheng Hsiang and Wei-Kuan Shih.

Efficient Multi-server Password Authenticated Key Agreement Using Smart Cards Computer and Information Security Ming-Hong Shih.

孫國偉 Efficient Password authenticated key agreement using smart cards Author : Wen-Shenq Juang* Date : in Computers & Security.

1 電子商務代理人與無線射頻系統上安全設計之研究 The Study of Secure Schemes on Agent-based Electronic Commerce Transaction and RFID system 指導教授 : 詹進科教授 (Prof. Jinn-Ke Jan) 陳育毅.

An Improved Smart Card Based Password Authentication Scheme with Provable Security Source:Computer Standards & Interfaces, Vol. 31, No. 4, pp ,

A more efficient and secure dynamic ID- based remote user authentication scheme Yan-yan Wang, Jia-yong Liu, Feng-xia Xiao, Jing Dan in Computer Communications.

Improvement of Hwang-Lo-Lin scheme based on an ID-based cryptosystem No author given (Korea information security Agency) Presented by J.Liu.

Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.

多媒體網路安全實驗室 A Strong User Authentication Framework for Cloud Computing Date ： Reporter : Hong Ji Wei Authors : Amlan Jyoti Choudhury, Mangal.

多媒體網路安全實驗室 A Security Framework of Group Location-Based Mobile Applications in Cloud Computing Date ： Reporter : Hong Ji Wei Authors : Yu-Jia.

多媒體網路安全實驗室 A novel user identification scheme with key distribution preserving user anonymity for distributed computer networks Date:2011/10/05 報告人：向峻霈.

Cryptanalysis of Two Dynamic ID-based Authentication

1 Anonymous Roaming Authentication Protocol with ID-based Signatures Lih-Chyau Wuu Chi-Hsiang Hung Department of Electronic Engineering National Yunlin.

Guomin Yang et al. IEEE Transactions on Wireless Communication Vol. 6 No. 9 September

多媒體網路安全實驗室 An Efficient RFID Authentication Protocol for Low-cost Tags Date ： Reporter : Hong Ji Wei Authors : Yanfei Liu From : 2008 IEEE/IFIP.

1 Authentication and Digital Signature Schemes and Their Applications to E-commerce ( 身份認證與數位簽章技術及其在電子商務上的應用 ) Advisor: Chin-Chen Chang 1, 2 Student: Ya-Fen.

多媒體網路安全實驗室 A novel user authentication and privacy preserving scheme with smartcards for wireless communications 作者 :Chun-Ta Li,Cgeng-Chi Lee 出處 :Mathematical.

Efficient remote mutual authentication and key agreement Improvement of Chien et al. ’ s remote user authentication scheme using smart cards An efficient.

Secure Authentication Scheme with Anonymity for Wireless Communications Speaker : Hong-Ji Wei Date :

多媒體網路安全實驗室 Protecting the Privacy of Users in e-Commerce Environment Date： Reporter:Chien-Wen Huang Author: Chun-Hua Chen and Gwoboa Horng 出處:

Yu-Li Lin and Chien-Lung Hsu Department of Information Management, Chang-Gung University Information Science(SCI) Reporter: Tzer-Long Chen.

A Secure Identification and Key Agreement Protocol with User Anonymity (SIKA) Authors: Kumar Mangipudi and Rajendra Katti Source: Computers & Security,

1 Robust and Efficient Password-Authenticated Key Agreement Using Smart Cards 使用在 smart cards 的強韌及高效率密碼驗證金鑰協定 IEEE Transactions on Industrial Electronics,

Enhanced secure anonymous authentication scheme for roaming service in global mobility networks Hyeran Mun, Kyusuk Han, Yan Sun Lee, Chan Yeob Yeun, Hyo.

1 一個新的代理簽章法 A New Proxy Signature Scheme 作者 : 洪國寶, 許琪慧, 郭淑娟與邱文怡報告者 : 郭淑娟.

多媒體網路安全實驗室 Certificateless multi-proxy signature Date:2011/04/08 報告人：向峻霈出處 : Zhengping Jin, Qiaoyan Wen: Computer Communications, pp ,2011.

Department of Computer Engineering, Kyungpook National University Author : Eun-Jun Yoon, Wan-Soo Lee, Kee-Young Yoo Speaker : Wan-Soo Lee

Secure Communication between Set-top Box and Smart Card in DTV Broadcasting Authors: T. Jiang, Y. Hou and S. Zheng Source: IEEE Transactions on Consumer.

SPEAKER: HONG-JI WEI DATE: Secure Anonymous Authentication Scheme with Roaming for Mobile Networks.

多媒體網路安全實驗室 Mobility Assisted Secret Key Generation Using Wireless Link Signatures Date： Reporter : Hong Ji Wei Auther : Junxing Zhang Kasera,

多媒體網路安全實驗室 Anonymous ID Signature Scheme with Provable Identity Date： Reporter :Chien-Wen Huang 出處： 2008 Second International Conference on Future.

Password-only Authenticated Key Agreement Protocols Based on Self-certified Approach Tzong-Chen Wu and Yen-Ching Lin Department of Information Management.

多媒體網路安全實驗室 Routing Through the Mist: Privacy Preserving Communication in Ubiquitous Computing Environments Date:2011/05/05 報告人：向峻霈出處 : Jalal Al-Muhtadi,

A flexible biometrics remote user authentication scheme Authors: Chu-Hsing Lin and Yi-Yi Lai Sources: Computer Standards & Interfaces, 27(1), pp.19-23,

User authentication schemes with pseudonymity for ubiquitous sensor network in NGN Authors: Binod Vaidya, Joel J. Rodrigues and Jong Hyuk Park Source:

多媒體網路安全實驗室 Practical Searching Over Encrypted Data By Private Information Retrieval Date： Reporter: Chien-Wen Huang 出處: GLOBECOM 2010, 2010 IEEE.

Robust and Efficient Password- Authenticated Key Agreement Using Smart Cards Authors: Wen-Shenq Juang, Sian-Teng Chen and Horng-Twu Liaw Src: IEEE Transaction.

多媒體網路安全實驗室 Anonymous Authentication Systems Based on Private Information Retrieval Date： Reporter: Chien-Wen Huang 出處: Networked Digital Technologies,

RSA-based password authenticated key exchange protocol Presenter: Jung-wen Lo( 駱榮問 )

SPEAKER: HONG-JI WEI DATE: Efficient and Secure Anonymous Authentication Scheme with Roaming Used in Mobile Networks.

Threshold password authentication against guessing attacks in Ad hoc networks ► Chai, Zhenchuan; Cao, Zhenfu; Lu, Rongxing ► Ad Hoc Networks Volume: 5,

多媒體網路安全實驗室 An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards 作者 : Xiong Li, Yongping.

多媒體網路安全實驗室 Private Information Retrieval Scheme Combined with E- Payment in Querying Valuable Information Date： Reporter: Chien-Wen Huang 出處:

多媒體網路安全實驗室 An ID-based client authentication with key agreement protocol for mobile client–server environment on ECC with provable security Date:2012/02/16.

Threshold password authentication against guessing attacks in Ad hoc networks Authors: Zhenchuan Chai, Zhenfu Cao, Rongxing Lu Sources: Ad Hoc Networks,

A Secure Authentication Scheme with Anonymity for Wireless Communications IEEE COMMUNICATIONS LETTERS, VOL. 12, NO. 10, OCTOBER 2008 Chia-Chun Wu, Wei-Bin.

多媒體網路安全實驗室 A novel user identification scheme with key distribution preserving user anonymity for distributed computer networks Date:2011/10/12 報告人：向峻霈.

A Dynamic ID-Based Generic Framework for Anonymous Authentication Scheme for Roaming Service in Global Mobility Networks Source: Wireless Personal Communications,

網路環境中通訊安全技術之研究 Secure Communication Schemes in Network Environments

Efficient password authenticated key agreement using smart cards

An efficient biometric based remote user authentication scheme for secure internet of things environment Source: Journal of Intelligent & Fuzzy Systems.

Date:2011/09/28 報告人：向峻霈出處: Ren-Chiun Wang Wen-Shenq Juang

Authors: Yuh-Min TSENG, Tsu-Yang WU, Jui-DiWU

Source: Computer Networks Volume 149, 11 February 2019, Pages 29-42

Presentation transcript:

多媒體網路安全實驗室 Robust authentication and key agreement scheme preserving Date:2011/11/05 報告人：向峻霈出處 : Ren-Chiun Wang Wen-Shenq Juang Chin-Laung Lei Computer Communications pp ,2011

多媒體網路安全實驗室 Outline Introduction 1 Proposed scheme 2 Security analysis 33 Functionality comparison 44 Conclusion 35 2

多媒體網路安全實驗室 Introduction 3 server file verification user password maintain  In ubiquitous computing environments thin devices low computation and communication verification table password guessing attack is still a key issue

多媒體網路安全實驗室 Related work  Wang et al.’s scheme  prevent the smart card loss problem  prevent users from inputting incorrect passwords 4

多媒體網路安全實驗室 Registration phase 5 ClientServer h(b ⊕ pw i ),id i writes ( R, V, h(), h P () ) b p=h(id i ⊕ x) R =p ⊕ h(b ⊕ pw i ) V = h p (h(b ⊕ pw i )) secure channel smart card (R,V,h(),h P (),b) h(b ⊕ pw i ) issues the smart card to the client i

多媒體網路安全實驗室 Login phase 6 Server Id i,c 1,c 2,T u records a timestamp T s Check id i or T u ==T s Verifie if(T u -T s ) p =h(id i ⊕ x) Verifie h p (c’ 1 ⊕ T u ) ==c 2 c’ 1 =p ⊕ c 1 =h(r ⊕ b) c 3 =h p (c’ 1 ⊕ T s ) smart card p=R ⊕ h(b ⊕ pw i ) verifies V == h p ( h(b ⊕ pw i )) c 1 = p ⊕ h(r ⊕ b)=h(id i ⊕ x) ⊕ h(r ⊕ b) c 2 = h p (h(r ⊕ b) ⊕ T u ) c 3,T s Verifie T s is invalid or T s =T u c’ 3 =h p (h(r ⊕ b) ⊕ T s ) Check c’ 3 ==c 3 session key c’ 1 =h(r ⊕ b) Session key c’ 1 =h(r ⊕ b)

多媒體網路安全實驗室 Smart card loss problem 7 Server Id i,c 1,c 2,T u records a timestamp T s Check id i or T u ==T s Verifie if(T u -T s ) p =h(id i ⊕ x) Verifie h p (c’ 1 ⊕ T u ) ==c 2 c’ 1 =p ⊕ c 1 =h(r ⊕ b) c 3 =h p (c’ 1 ⊕ T s ) smart card p=R ⊕ h(b ⊕ pw’ i ) verifies V == h p ( h(b ⊕ pw’ i )) c 1 = p ⊕ h(r ⊕ b)=h(id i ⊕ x) ⊕ h(r ⊕ b) c 2 = h p (h(r ⊕ b) ⊕ T u ) c 3,T s Verifie T s is invalid or T s =T u c’ 3 =h p (h(r ⊕ b) ⊕ T s ) Check c’ 3 ==c 3 session key c’ 1 =h(r ⊕ b) Session key c’ 1 =h(r ⊕ b)

多媒體網路安全實驗室 Proposed scheme  Registration phase  The precomputation phase  Authentication and key agreement phase  Password changing phase  Revoking smart card phase  User eviction phase  User anonymity phase 8

多媒體網路安全實驗室 Registration phase  server sets up the system parameters  Chooses a large prime number p(p>2 160 )  Ep :y 2 = x 3 +ax+b mod p a,b ∈ p  4a 3 +27b 2 mod p ≠ 0,  G is a generator point of a large order n(n>2 160 ) 9

多媒體網路安全實驗室 Registration phase 10 ClientServer id i writes ( id i,B i,G,E P ) pw i id i cid i B i =h(x || id i || cid i ) * G secure channel smart card B i ‘= B i ⊕ h(pw i ) ( id i,B i ’,G,E P ) Precomputation Phase T 1 = R * G //as a point over E p

多媒體網路安全實驗室 Authentication and key agreement phase 11 Server T 1,T 2 (id i, T 1, T 2 )-> validity client’s identity h(x || id i || cid i ) T 2 ‘= T1* h(x || id i || cid i ) =R* h(x || id i || cid i )*G K = h(W * T 1 ) V 1 =h(T 2 ’ || K) Send (T 3 = W * G,V 1 ) smart card T 1 = R * G B i = B i ’ ⊕ h(pw i ) = h(x || id i || cid i )*G T 2 = h(R * B i ) = h(R* h(x || id i || cid i )*G) V 1,T 3 K’ = h(R * T 3 ) V 1 ’ = h(R * B i || K’) check V 1 ’=V 1 Relay V 2 = h(R * B i || K’+1) V2V2 Check h(T 2 ’ || K+1) session key K

多媒體網路安全實驗室 User eviction phase  Server  Delete table id i  Delete table cid i 12

多媒體網路安全實驗室 Password changing phase 13 ClientServer idi writes ( id i,B i,G,E P ) pw i id i cid i B i =h(x || id i || cid i ) * G secure channel smart card B i ‘’= B i ⊕ h(new pwi ) ( id i,B i ’’,G,E P ) Precomputation Phase T 1 = R * G

多媒體網路安全實驗室 User anonymity phase(1/2) 14 ClientServer registered information writes (IND i,B i,G,E P ) pw i IND i cid i B i =h(x || IND i || cid i ) * G secure channel smart card B i ‘= B i ⊕ h(pw i ) ( id i,B i ’,G,E P ) Precomputation Phase T 1 = R * G //as a point over E p

多媒體網路安全實驗室 User anonymity phase(2/2) 15 Server IND i,T 1,T 2 (IND i, T 1, T 2 )-> validity client’s identity h(x || IND i || cid i ) T 2 ‘= T 1 * h(x || IND i || cid i ) =R* h(x || IND i || cid i )*G K 1 = h(W * T 1 ) V 1 =E K1 (h(T 2 ’ + 1)|| IND inew || B inew ) Send (T 3 = W * G,V 1 ) smart card T 1 = R * G B i = B i ’ ⊕ h(pw i ) = h(x || IND i || cid i )*G T 2 = h(R * B i ) = h(R* h(x || IND i || cid i )*G) V 1,T 3 K 1 ’ = h(R * T 3 ) V 1 ’ = h(R * B i || K’) check V 1 ’=V 1 Relay V 2 = h(R * B i +2) V2V2 Check V’ 2 B inew =h(x || IND inew || cid i ) * G In stored in the registration table session key K

多媒體網路安全實驗室 Security considerations  Adversary want simulation valid user  Adversary can generate two valid messages  (T 3,V 1,h 1,h 2 ) and (T 3,V’ 1,h’ 1,h’ 2 )  h’ 1 =T’ 1 *h(x||id i ||cid i )||h’ 2  h’ 2 =W*T’ 1 =W*R*G  Solve  x and ECCDHP 16

多媒體網路安全實驗室 Security considerations  Adversary want simulation valid user  (T 1,T 3,) and (T 1,B i )  Probability  hashquery / 2 l-1 17 Send Reveal Hash Test

多媒體網路安全實驗室 Security considerations  Against the forgery attack by an active Adversary  T 1 =R*G  h(x||id i ||cid i )  h’ 1 =R*G*h(x||id i ||cid i )  Probability  hashquery / 2 18 Hash

多媒體網路安全實驗室 Security considerations  when only the server’s master key x is known.  Session key k = h(W*T 1 )  Adversary can’t work out (W old *T old )or (R old *T 3 )  Probability 19 Solve ECCDHP Problem

多媒體網路安全實驗室 Security considerations  If ECCDHP is hard,k is known  Adversary learn k new  Must select R new,T 1new,find R new *G*h(x||id i ||cid i )  Adversary can’t work out (W old *T old )or (R old *T 3 )  Probability 20 V2V2

多媒體網路安全實驗室 Security considerations  If session key is known in card  Adversary must hold (id,Bi,G,E p )  (B i *R) ->T 2  Off-line attack from q se  the password guessing attack is 21

多媒體網路安全實驗室 Equivalent key sizes in bits 22 Symmetric ECCRSA Years to attack in MIPS Security lifetime Until Until Beyond 2031 The length of the identity is 64 bits Length of a random number is 128 bits length of the master key in the server side is 256 bits

多媒體網路安全實驗室 Computation comparison 23 The performance of a client in our scheme and the related schemes.

多媒體網路安全實驗室 Computation comparison 24 The performance of an application server in our scheme and the related schemes

多媒體網路安全實驗室 Computation cost Our protocol 160 * * = 832 bits Fan et al.’s scheme = 2272 bits Liao et al.’s scheme 64 * = 320 bits Wang et al.’s scheme * = 416 bits 25

多媒體網路安全實驗室 Functionality comparison  C1 : server does not need to maintain a security-sensitive verification table  C2 : clients can choose and change their passwords freely  C3 : passwords of the clients cannot be derived by the privileged administrator of the server  C4 : no one can impersonate a valid client to access the resources of the server  C5 : is not prone to the problems of clock synchronization and time-delay  C6 : can withstand  replay, password guessing  stolen-verifier  known-key attacks  if one of the previous session key  communicated messages is known by an adversary, the adversary still cannot impersonate this victim client 26

多媒體網路安全實驗室 Functionality comparison  C7 : the client and the server can securely establish a common session key to protect their future communications  C8 : the scheme is practical and efficient. The scheme can easily be implemented and the computation and communication cost is low  C9 : the client can revoke the smart card without changing the identity  C10 : the scheme is secure against the smart card loss problem  C11: an evicted client cannot use the overdue smart card to access the resource of the server 27

多媒體網路安全實驗室 Functionality comparison Our protocol Fan et al.’s scheme Liao et al.’s scheme Wang et al.’s scheme C1Yes C2No YesNo C3YesNo Yes C4Yes No C5Yes No C6YesNot supportedNo C7YesNot supportedYesNo C8YesPartially a Yes C9Yes Not supported C10YesNo b No c No C11Yes Not supported 28 a.The computation cost of the server is high in the scheme, b.Rhee et al. have shown that the scheme is insecure against the smart card loss problem. c.Xiang et al. and Yang et al. have shown that the scheme is insecure against the smart card loss problem and is vulnerable to the impersonation, the password guessing, the re-play, and the denial of service attacks

多媒體網路安全實驗室 29

多媒體網路安全實驗室 Conclusion  extended the scheme to provide the privacy of the client  solves several hard security threats that are difficult to be solved in the previous scholarship 30

多媒體網路安全實驗室

32 Computation cost MD5 王小云王小云 2 月 2 39 SHA 月王小云可在 2 40 的計算複雜度內就找到碰撞 SHA 月王小云只需少於 2 69 計算複雜度 ( 生日攻擊法 2 80 ) 月王小云 2 63