多媒體網路安全實驗室 Anonymous Authentication Systems Based on Private Information Retrieval Date：2010.12.16 Reporter: Chien-Wen Huang 出處: Networked Digital Technologies,

Slides:

Advertisements

Similar presentations

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Advertisements

Many-to-one Trapdoor Functions and their Relations to Public-key Cryptosystems M. Bellare S. Halevi A. Saha S. Vadhan.

多媒體網路安全實驗室 An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards 作者 :JongHyup LEE 出處.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

CIS 5371 Cryptography 3b. Pseudorandomness.

Digital Signatures and Hash Functions. Digital Signatures.

Foundations of Cryptography Lecture 5 Lecturer: Moni Naor.

1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.

多媒體網路安全實驗室 Improved Secure Anonymous Authentication Scheme for Roaming Service in Global Mobility Networks Date ： Reporter : Hong Ji Wei Authors.

Foundations of Cryptography Lecture 13 Lecturer: Moni Naor.

Foundations of Cryptography Lecture 4 Lecturer: Moni Naor.

多媒體網路安全實驗室 Source:International Conference on Intelligent Information Hiding and Multimedia Signal Processing (IIH- MSP),2010 Sixth. Authors:Hsiang-Cheh.

1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.

多媒體網路安全實驗室 Towards Secure and Effective Utilization over Encrypted Cloud Data 報告人 : 葉瑞群日期 :2012/05/09 出處 :IEEE Transactions on Knowledge and Data Engineering.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

1 Authenticated key agreement without using one-way hash functions Harn, L.; Lin, H.-Y. Electronics Letters, Volume: 37 Issue: 10, 10 May 2001 Presented.

Private Information Retrieval Benny Chor, Oded Goldreich, Eyal Kushilevitz and Madhu Sudan Journal of ACM Vol.45 No Reporter : Chen, Chun-Hua Date.

Proactive Secure Mobile Digital Signatures Work in progress. Ivan Damgård and Gert Læssøe Mikkelsen University of Aarhus.

Identity Based Encryption

A Secure Fault-Tolerant Conference- Key Agreement Protocol Wen-Guey Tzeng Source : IEEE Transactions on computers Speaker ： LIN, KENG-CHU.

Co-operative Private Equality Test(CPET) Ronghua Li and Chuan-Kun Wu (received June 21, 2005; revised and accepted July 4, 2005) International Journal.

1 Identity-Based Encryption form the Weil Pairing Author ： Dan Boneh Matthew Franklin Presentered by Chia Jui Hsu Date ：

CMSC 414 Computer and Network Security Lecture 9 Jonathan Katz.

On The Cryptographic Applications of Random Functions Oded Goldreich Shafi Goldwasser Silvio Micali Advances in Cryptology-CRYPTO ‘ 84 報告人 : 陳昱升.

1 CIS 5371 Cryptography 9. Data Integrity Techniques.

Foundations of Cryptography Lecture 9 Lecturer: Moni Naor.

Foundations of Cryptography Lecture 8 Lecturer: Moni Naor.

Foundations of Cryptography Rahul Jain CS6209, Jan – April 2011

8. Data Integrity Techniques

多媒體網路安全實驗室 A Strong User Authentication Framework for Cloud Computing Date ： Reporter : Hong Ji Wei Authors : Amlan Jyoti Choudhury, Mangal.

CS555Topic 211 Cryptography CS 555 Topic 21: Digital Schemes (1)

Information Security Principles Assistant Professor Dr. Sana’a Wafa Al-Sayegh 1 st Semester ITGD 2202 University of Palestine.

(Multimedia University) Ji-Jian Chin Swee-Huay Heng Bok-Min Goi

多媒體網路安全實驗室 A Security Framework of Group Location-Based Mobile Applications in Cloud Computing Date ： Reporter : Hong Ji Wei Authors : Yu-Jia.

多媒體網路安全實驗室 A novel user identification scheme with key distribution preserving user anonymity for distributed computer networks Date:2011/10/05 報告人：向峻霈.

1 Anonymous Roaming Authentication Protocol with ID-based Signatures Lih-Chyau Wuu Chi-Hsiang Hung Department of Electronic Engineering National Yunlin.

多媒體網路安全實驗室 An Efficient RFID Authentication Protocol for Low-cost Tags Date ： Reporter : Hong Ji Wei Authors : Yanfei Liu From : 2008 IEEE/IFIP.

Session Initiation Protocol (SIP) 王承宇張永霖.

多媒體網路安全實驗室 A novel user authentication and privacy preserving scheme with smartcards for wireless communications 作者 :Chun-Ta Li,Cgeng-Chi Lee 出處 :Mathematical.

1 Lect. 13 : Public Key Encryption RSA ElGamal. 2 Shamir Rivest Adleman RSA Public Key Systems  RSA is the first public key cryptosystem  Proposed in.

Fall 2004/Lecture 201 Cryptography CS 555 Lecture 20-b Zero-Knowledge Proof.

Theory of Computation II Topic presented by: Alberto Aguilar Gonzalez.

多媒體網路安全實驗室 Protecting the Privacy of Users in e-Commerce Environment Date： Reporter:Chien-Wen Huang Author: Chun-Hua Chen and Gwoboa Horng 出處:

Presented by: Suparita Parakarn Kinzang Wangdi Research Report Presentation Computer Network Security.

Public Key Encryption with keyword Search Author: Dan Boneh Rafail Ostroversity Giovanni Di Crescenzo Giuseppe Persiano Presenter: 陳昱圻.

1 Reasoning about Concrete Security in Protocol Proofs A. Datta, J.Y. Halpern, J.C. Mitchell, R. Pucella, A. Roy.

14.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 14 Entity Authentication.

Interactive proof systems Section 10.4 Giorgi Japaridze Theory of Computability.

多媒體網路安全實驗室 Certificateless multi-proxy signature Date:2011/04/08 報告人：向峻霈出處 : Zhengping Jin, Qiaoyan Wen: Computer Communications, pp ,2011.

Authentication Issues and Solutions CSCI 5857: Encoding and Encryption.

多媒體網路安全實驗室 Ontological recommendation multi-agent for Tainan City travel Date ： Speaker : Hong Ji Wei Authors : Chang-Shing, Lee,Young-Chung.

多媒體網路安全實驗室 Robust authentication and key agreement scheme preserving Date:2011/11/05 報告人：向峻霈出處 : Ren-Chiun Wang Wen-Shenq Juang Chin-Laung Lei Computer.

Game-based composition for key exchange Cristina Brzuska, Marc Fischlin (University of Darmstadt) Nigel Smart, Bogdan Warinschi, Steve Williams (University.

多媒體網路安全實驗室 Mobility Assisted Secret Key Generation Using Wireless Link Signatures Date： Reporter : Hong Ji Wei Auther : Junxing Zhang Kasera,

多媒體網路安全實驗室 Anonymous ID Signature Scheme with Provable Identity Date： Reporter :Chien-Wen Huang 出處： 2008 Second International Conference on Future.

多媒體網路安全實驗室 Routing Through the Mist: Privacy Preserving Communication in Ubiquitous Computing Environments Date:2011/05/05 報告人：向峻霈出處 : Jalal Al-Muhtadi,

Data Integrity Proofs in Cloud Storage Author: Sravan Kumar R and Ashutosh Saxena. Source: The Third International Conference on Communication Systems.

多媒體網路安全實驗室 Practical Searching Over Encrypted Data By Private Information Retrieval Date： Reporter: Chien-Wen Huang 出處: GLOBECOM 2010, 2010 IEEE.

International Conference Security in Pervasive Computing(SPC’06) MMC Lab. 임동혁.

多媒體網路安全實驗室 An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards 作者 : Xiong Li, Yongping.

多媒體網路安全實驗室 Private Information Retrieval Scheme Combined with E- Payment in Querying Valuable Information Date： Reporter: Chien-Wen Huang 出處:

多媒體網路安全實驗室 An ID-based client authentication with key agreement protocol for mobile client–server environment on ECC with provable security Date:2012/02/16.

1 Example security systems n Kerberos n Secure shell.

Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.

Fourth Edition by William Stallings Lecture slides by Lawrie Brown

多媒體網路安全實驗室 A novel user identification scheme with key distribution preserving user anonymity for distributed computer networks Date:2011/10/12 報告人：向峻霈.

Reporter :Chien-Wen Huang

Reporter:Chien-Wen Huang

Topic 14: Random Oracle Model, Hashing Applications

Presentation transcript:

多媒體網路安全實驗室 Anonymous Authentication Systems Based on Private Information Retrieval Date： Reporter: Chien-Wen Huang 出處: Networked Digital Technologies, NDT '09. First International Conference

多媒體網路安全實驗室 Outline Introduction 1 PIR Based Authentication 2 Authentication Protocol Preventing Replay Attacks 33 Authentication Protocol Anonymous against Authentication-Server 44 Conclusions and Future Work 35

多媒體網路安全實驗室 Introduction  Due to increase of data storage available and progress of data mining technologies.  We focus on authentication with three types of entities:  a user who sends an authentication request.  an authentication-server who receives and verifies the request.  a database who supplies the authentication-server with information for verifying the request.

多媒體網路安全實驗室  Novel authentication protocols that satisfy the following important properties:  secure against replay-attacks.  the database(s) cannot identify which user is authenticating(anonymity against the database(s)).  the authentication-server cannot identify to which user a given authentication-request corresponds (anonymity against the authentication-server).

多媒體網路安全實驗室 PIR Based Authentication  The simple protocol has properties that  the authentication-server does not need not to store a set of passwords of users.  the database cannot identify which user is authenticating with the authentication-server. 1.Users:A user U i is assigned a unique identifier 2.Authentication-Server:who has sent an authentication request with identifier i is truly user U i.

多媒體網路安全實驗室 3.Databases: A database D stores a set P ={p 1, p 2,..., p n } of passwords of users.  It is important for an authentication protocol to satisfy the following requirements:  Correctness:if, the probability that the user U i is rejected by S.  Soundness:if, the probability that the user U i is accepted by S.  Anonymity against Database:It is hard for the database D to compute any information about the identifier.

多媒體網路安全實驗室  Simple Authentication Protocol Based on PIR  Definition 1 A single-database PIR for consists of the following three functions: 1.Query function Q: 2.Answer function A: 3.Reconstruction function R:

多媒體網路安全實驗室  For any set  For any,any probabilistic polynomial- time algorithm B, and sufficiently large w

多媒體網路安全實驗室  Simple authentication protocol based on PIR

多媒體網路安全實驗室  Theorem 1 The simple authentication protocol based on PIR satisfies correctness and soundness.  Theorem 2 The simple authentication protocol based on PIR satisfies anonymity against database. Proof: it is hard for any polynomial-time algorithms to compute any information about i from q.

多媒體網路安全實驗室 Authentication Protocol Preventing Replay Attacks  Prevent the authentication-server from obtaining a password, and prevents replay- attacks.  Password Protection and Security against Replay-Attack 1.Password Protection: it is hard for the S to compute the user’s password. 2.Security against Replay-attacks: it is hard for any adversary who can obtain transcripts of previous communication.

多媒體網路安全實驗室  Challenge-Response Authentication Protocol We assume that there exists an ideal hash function s.t. 1.it is hard to guess the input from an output (one- wayness) 2.it is hard to find two inputs that hash to the same output(collision resistance) 3.it is hard to distinguish whether an outputs from the hash function or from true random function (pseudo-randomness).  Let be an ideal hash function.

多媒體網路安全實驗室  Challenge-Response Authentication Protocol Based on PIR

多媒體網路安全實驗室  Theorem 3 The challenge-response authentication protocol based on PIR satisfies correctness, soundness, anonymity against database, password protection, and security against replay-attack. Proof: 1.(Correctness and soundness)  If,then clearly, the probability that U i is rejected by S is negligible,

多媒體網路安全實驗室  (Anonymity against Database) Since r is random value,r clearly includes no information about i.  (Password Protection) Since and H is a one-way hash function, it is hard to compute p i from  (Security against Replay-attacks) since H has one- wayness and pseudo-randomnes.

多媒體網路安全實驗室 Authentication Protocol Anonymous against Authentication-Server  In addition to the four requirements shown in the previous sections, we consider the following requirement.  Anonymity against Authentication-Server : It is hard for the authentication-server S to compute any information about the identifier i.

多媒體網路安全實驗室  Definition 2: An information theoretical k- database PIR without identifiers in reconstruction  k query functions Q 1,…,Q k :  Answer functions, A :  Reconstruction function,R :

多媒體網路安全實驗室 These functions satisfy the following requirements:  For any set  For any,,  For any,

多媒體網路安全實驗室  Authentication Protocol Anonymous against Authentication-Server  The key idea of the authentication protocol is to use a public key encryption scheme: key generation algorithm K, encryption algorithm E, and decryption algorithm T 1.For any Where 2.Semantic secure

多媒體網路安全實驗室  PIR-Based Authentication Protocol Anonymous against Authentication-Server

多媒體網路安全實驗室  Theorem 4 The proposed protocol satisfies correctness,soundness, password protection, security against replay-attacks, anonymity against databases, and anonymity against authentication-server proof:(Correctness and Soundness)  It is clear that if (Anonymity against Authentication-Server)  Since the public encryption scheme is semantic secure.

多媒體網路安全實驗室 Conclusions and Future Work  a single database which satisfies correctness, soundness, anonymity against database, password protection, and security against replay-attacks.  multiple databases which satisfies anonymity against authentication-server in addition to the previous properties.  The authentication protocol proposed is based on an information theoretical PIR.

多媒體網路安全實驗室