Sunday, December 20, 2015 ARCHITECTURE OF A SERVER- AIDED SIGNATURE SERVICE (SASS) FOR MOBILE NETWORKS Source: P. Lorenz and P. Dini (Eds.): ICN 2005,

Slides:

Advertisements

Similar presentations

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Advertisements

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.

1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

Digital Signatures and Hash Functions. Digital Signatures.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (4) Information Security.

WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.

1 ID-Based Proxy Signature Using Bilinear Pairings Author: Jing Xu, Zhenfeng Zhang, and Dengguo Feng Presenter: 林志鴻.

Self proxy signature scheme IJCSNS International Journal of Computer Science and Network Security,VOL.7 No.2,Februry 2007 Author:Young-seol Kim,Jik Hyun.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 29 Cryptography and Network.

FIT3105 Smart card based authentication and identity management Lecture 4.

Public-key Cryptography Montclair State University CMPT 109 J.W. Benham Spring, 1998.

Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

1 A new identity based proxy signature scheme Source: Lecture Notes In Computer Science Author: Chunxiang Gu and Yuefei Zhu Presenter: 林志鴻.

Cryptographic Techniques Instructor: Jerry Gao Ph.D. San Jose State University URL: May,

A Server-aided Signature Scheme Based on Secret Sharing for Mobile Commerce Source: Journal of Computers, Vol.19, No.1, April 2008 Author: Chin-Ling Chen,

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.

1 Identity-Based Proxy Signature from Pairings Source: Autonomic and Trusted Computing Author: Wei Wu, Yi Mu, Willy Susilo, Jennifer Seberry, and Xinyi.

Introduction to Signcryption November 22, /11/2004 Signcryption Public Key (PK) Cryptography Discovering Public Key (PK) cryptography has made.

1 Provably secure randomized blind signature scheme based on bilinear pairing Source: Computers and Mathematics with Applications Author: Chun-I Fan, Wei-Zhe.

A New Multi-Proxy Multi- Signature Scheme Source: National Computer Symposium, vol. F, Taiwan, pp , 2001 Author: Shin-Jia Hwang and Chiu-Chin Chen.

1 Foundations The problem of providing secret communication over insecure media is the most traditional and basic problem of cryptography.

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.

Chapter 3 Encryption Algorithms & Systems (Part C)

1 Introduction to Information Security , Spring 2015 Lecture 7: Applied cryptography: asymmetric Eran Tromer Slides credit: John Mitchell, Stanford.

C HAPTER 13 Asymmetric Key Cryptography Slides adapted from "Foundations of Security: What Every Programmer Needs To Know" by Neil Daswani, Christoph Kern,

Computer Science Public Key Management Lecture 5.

CN8816: Network Security1 Confidentiality, Integrity & Authentication Confidentiality - Symmetric Key Encryption Data Integrity – MD-5, SHA and HMAC Public/Private.

Introduction to Public Key Cryptography

©Brooks/Cole, 2003 Chapter 16 Security. ©Brooks/Cole, 2003 Define four aspects of security in a network: privacy, authentication, integrity, and nonrepudiation.

The RSA Algorithm Rocky K. C. Chang, March

Network Security. An Introduction to Cryptography The encryption model (for a symmetric-key cipher).

Lecture 19 Page 1 CS 111 Online Symmetric Cryptosystems C = E(K,P) P = D(K,C) E() and D() are not necessarily the same operations.

Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.

1 Authentication and Digital Signature Schemes and Their Applications to E-commerce ( 身份認證與數位簽章技術及其在電子商務上的應用 ) Advisor: Chin-Chen Chang 1, 2 Student: Ya-Fen.

Introduction to Secure Sockets Layer (SSL) Protocol Based on:

Networks Management and Security Lecture 3.

Midterm Review Cryptography & Network Security

Chapter 31 Cryptography And Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

11-Basic Cryptography Dr. John P. Abraham Professor UTPA.

Cryptography (2) University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.

Middleware for Secure Environments Presented by Kemal Altıntaş Hümeyra Topcu-Altıntaş Osman Şen.

Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED.

A Quick Tour of Cryptographic Primitives Anupam Datta CMU Fall A: Foundations of Security and Privacy.

1 Introduction The State of the Art in Electronic Payment Systems, IEEE Computer, September 1997.

1 Normal executable Infected executable Sequence of program instructions Entry Original program Entry Jump Replication and payload Viruses.

Chapter 3 – Public Key Cryptography and RSA (A). Private-Key Cryptography traditional private/secret/single-key cryptography uses one key shared by both.

A A E E D D C C B B # Symmetric Keys = n*(n-1)/2 F F

Public Key Algorithms Lesson Introduction ●Modular arithmetic ●RSA ●Diffie-Hellman.

1 Hello World and Welcome to The simple crypt Key=23 {txzr7c x7Cr 7d~zg{r 7tengc Private-key Cryptography.

By Sandeep Gadi 12/20/  Design choices for securing a system affect performance, scalability and usability. There is usually a tradeoff between.

Computer and Network Security - Message Digests, Kerberos, PKI –

Secure Messenger Protocol using AES (Rijndael) Sang won, Lee

ID-base Signature from Pairings on Elliptic Curve Kenneth G. Paterson From IACR Server 2002/004 Reference :Identity-Based Encryption from the Weil Pairing.

1 Introduction to Information Security , Spring 2016 Lecture 4: Applied cryptography: asymmetric Zvi Ostfeld Slides credit: Eran Tromer.

1 The RSA Algorithm Rocky K. C. Chang February 23, 2007.

Biometric Encryption Base RSA Algorithm Supervisor: Ass. Prof. Dr. Dang Tran Khanh Student: Dung Ngo Dinh.

Encryption and Security Tools for IA Management Nick Hornick COSC 481 Spring 2007.

Non-PKI Methods for Public Key Distribution

Computer Communication & Networks

Information Security message M one-way hash fingerprint f = H(M)

Information Security message M one-way hash fingerprint f = H(M)

Information Security message M one-way hash fingerprint f = H(M)

The Secure Sockets Layer (SSL) Protocol

Presentation transcript:

Sunday, December 20, 2015 ARCHITECTURE OF A SERVER- AIDED SIGNATURE SERVICE (SASS) FOR MOBILE NETWORKS Source: P. Lorenz and P. Dini (Eds.): ICN 2005, LNCS 3421, pp. 819 – 826, Author: Liang Cai, Xiaohu Yang, and Chun Chen Presenter: Li-Tzu Chang

Sunday, December 20, 2015 Outline Introduction Background Architecture of SASS Service Overall Architecture Key Interfaces of SASS Service Performance Analysis Conclusion

Sunday, December 20, 2015 Introduction Traditionally Asymmetric cryptographic techniques. Computationally expensive. Currently Limited computational capabilities. Equally limited power(batteries). The RSA cryptosystems is the most widely used PKI cryptosystem for key exchange and digital signatures.  SSL commonly uses RSA-based key exchange, most PKI products use RSA certificates. On PalmPilot  1024 bit RSA signature - 30 seconds.  1024 bit RSA key - 15 minutes.

Sunday, December 20, 2015 Introduction Instead of every mobile device performing computationally intensive cryptographic operations, we designed a Server-aided Signature Service (SASS) to offload work from clients in mobile networks. SASS The encryption. Key exchange capabilities of Modadugu's protocol. The digital signature generation capability of the S 3 protocol.

Sunday, December 20, 2015 Introduction Use of SASS benefits mobile clients Cryptographic hardware capable of performing single cryptographic operations faster than they can be performed by the client. Offloading cryptographic operations from the client CPU to these remote accelerators can free the client for other operations.

Sunday, December 20, 2015 Outline Introduction Background Architecture of SASS Service Overall Architecture Key Interfaces of SASS Service Performance Analysis Conclusion

Sunday, December 20, 2015 Background Typical message flow between mobile client and server.

Sunday, December 20, 2015 Background In order to reduce the computational load of the mobile clients, only the server side has the RSA key pair (public key & private key), thus can generate the non-repudiation digital signatures. The client side can only use the symmetric DES algorithm to achieve information privacy, but not non-repudiation.

Sunday, December 20, 2015 Outline Introduction Background Architecture of SASS Service Overall Architecture Key Interfaces of SASS Service Performance Analysis Conclusion

Sunday, December 20, 2015 Architecture of SASS Service

Sunday, December 20, 2015 Architecture of SASS Service Key interfaces ISASS_KeyGen( )  Help mobile client generate the key used for encryption and key exchange. ISASS_Cert( )  Help mobile client initialize the key used for generating the digital signature. ISASS_Sign( )  Help mobile client sign a message. 11

Sunday, December 20, 2015 Outline Introduction Background Architecture of SASS Service Overall Architecture Key Interfaces of SASS Service Performance Analysis Conclusion

Sunday, December 20, 2015 Overall Architecture The overall architecture is made up of three components: CA SASS service Client 13

Sunday, December 20, 2015 Overall Architecture Efficient generation of RSA keys on a low power mobile client with the help of SASS service works as follows. 1.The client must hide the modulus p and the exponent p-1. To hide the modulus p the client intends to multiply it by a random number R and send the resulting N = p ⋅ R to the servers. 14 p is a 512-bit prime R is a 4096-bit random number

Sunday, December 20, 2015 Overall Architecture Efficient generation of RSA keys on a low power mobile client with the help of SASS service works as follows. 2. The server will perform computations modulo N = p ⋅ R. 3. The client will run a probabilistic test to verify that p is prime. This is done to ensure that the servers returned correct values. 15

Sunday, December 20, 2015 Overall Architecture SASS based signature could be computed as follows: 16 使用者呼叫 API 1 API - 提供資料進行簽章 - 一次性的票券 2

Sunday, December 20, 2015 Overall Architecture SASS based signature could be computed as follows: 17 API 提供資料進行簽章一次性的票券要求 Policy 授權 Alice 操作 3 3 Policy 決定授權 A operation rights revocation status and billing status 3 如果決定授權就會計算資料的 half-signature 和其他參數，傳回給 Aliice 3

Sunday, December 20, 2015 Overall Architecture SASS based signature could be computed as follows: 18 API 提供資料進行簽章一次性的票券 A 驗證 own half-signature 和 SASS’s half-signature 。如果放在一起，兩者符合，驗證成功。產生 SASS 和 Alice 共有的憑證。 4

Sunday, December 20, 2015 Overall Architecture Verifying a SASS signature : Verifier obtains the signature and verifies the two halves using the accompanying certificates. 19

Sunday, December 20, 2015 Outline Introduction Background Architecture of SASS Service Overall Architecture Key Interfaces of SASS Service Performance Analysis Conclusion

Sunday, December 20, 2015 Key Interfaces of SASS Service ISASS_KeyGen(N, g, s) :X It helps mobile clients offload the expensive exponentiation to SASS Server. To do that, It calculates X = g s mod N, and returns X. 21

Sunday, December 20, 2015 Key Interfaces of SASS Service ISASS_Cert(O, n, PK o, S) : O choose a SASS server that shall be responsible for generating signatures on O's behalf. generates a random secret key K O. Constructs the hash chain K o n =SHA o (SHA o (···SHA o (K o ) ···)) O submits the root public key PK o = K o n to CA. CA return the certificate for O's root public key: (O,n, PK, S)SK CA. 22 Mobile client O SASS server S

Sunday, December 20, 2015 Key Interfaces of SASS Service ISASS_Sign(O, MD5(m), i, K o i ) : (O, MD5(m), i, K o i )SK S S verifies the received public key based on O's root public key. Checks SHA o n-i (K o i ) = Pk o S has to ensure that only one signature can be created for a given (O, i, K o i ). If a message on behalf of O containing K o i has not yet been signed, S signs (O, MD5(m), i, K o i ), records K o i as consumed, and sends the signature (O, MD5(m), i, K o i )SK S back to O. 23 K o i is O's current public key.

Sunday, December 20, 2015 Outline Introduction Background Architecture of SASS Service Overall Architecture Key Interfaces of SASS Service Performance Analysis Conclusion

Sunday, December 20, 2015 Performance Analysis 25

Sunday, December 20, 2015 Performance Analysis 26

Sunday, December 20, 2015 Outline Introduction Background Architecture of SASS Service Overall Architecture Key Interfaces of SASS Service Performance Analysis Conclusion

Sunday, December 20, 2015 Conclusion A secure “cell phone-banking” application has been implemented on SASS architecture in CDMA-1X mobile network. SASS can significantly improve the performance of mobile client's cryptographicoperation; SASS is a highly scalable service suitable for variant mobileapplications and future critical applications which require longer key length. 28