多媒體網路安全實驗室 Anonymous Authentication Systems Based on Private Information Retrieval Date: Reporter: Chien-Wen Huang 出處: Networked Digital Technologies, NDT '09. First International Conference
多媒體網路安全實驗室 Outline Introduction 1 PIR Based Authentication 2 Authentication Protocol Preventing Replay Attacks 33 Authentication Protocol Anonymous against Authentication-Server 44 Conclusions and Future Work 35
多媒體網路安全實驗室 Introduction Due to increase of data storage available and progress of data mining technologies. We focus on authentication with three types of entities: a user who sends an authentication request. an authentication-server who receives and verifies the request. a database who supplies the authentication-server with information for verifying the request.
多媒體網路安全實驗室 Novel authentication protocols that satisfy the following important properties: secure against replay-attacks. the database(s) cannot identify which user is authenticating(anonymity against the database(s)). the authentication-server cannot identify to which user a given authentication-request corresponds (anonymity against the authentication-server).
多媒體網路安全實驗室 PIR Based Authentication The simple protocol has properties that the authentication-server does not need not to store a set of passwords of users. the database cannot identify which user is authenticating with the authentication-server. 1.Users:A user U i is assigned a unique identifier 2.Authentication-Server:who has sent an authentication request with identifier i is truly user U i.
多媒體網路安全實驗室 3.Databases: A database D stores a set P ={p 1, p 2,..., p n } of passwords of users. It is important for an authentication protocol to satisfy the following requirements: Correctness:if, the probability that the user U i is rejected by S. Soundness:if, the probability that the user U i is accepted by S. Anonymity against Database:It is hard for the database D to compute any information about the identifier.
多媒體網路安全實驗室 Simple Authentication Protocol Based on PIR Definition 1 A single-database PIR for consists of the following three functions: 1.Query function Q: 2.Answer function A: 3.Reconstruction function R:
多媒體網路安全實驗室 For any set For any,any probabilistic polynomial- time algorithm B, and sufficiently large w
多媒體網路安全實驗室 Simple authentication protocol based on PIR
多媒體網路安全實驗室 Theorem 1 The simple authentication protocol based on PIR satisfies correctness and soundness. Theorem 2 The simple authentication protocol based on PIR satisfies anonymity against database. Proof: it is hard for any polynomial-time algorithms to compute any information about i from q.
多媒體網路安全實驗室 Authentication Protocol Preventing Replay Attacks Prevent the authentication-server from obtaining a password, and prevents replay- attacks. Password Protection and Security against Replay-Attack 1.Password Protection: it is hard for the S to compute the user’s password. 2.Security against Replay-attacks: it is hard for any adversary who can obtain transcripts of previous communication.
多媒體網路安全實驗室 Challenge-Response Authentication Protocol We assume that there exists an ideal hash function s.t. 1.it is hard to guess the input from an output (one- wayness) 2.it is hard to find two inputs that hash to the same output(collision resistance) 3.it is hard to distinguish whether an outputs from the hash function or from true random function (pseudo-randomness). Let be an ideal hash function.
多媒體網路安全實驗室 Challenge-Response Authentication Protocol Based on PIR
多媒體網路安全實驗室 Theorem 3 The challenge-response authentication protocol based on PIR satisfies correctness, soundness, anonymity against database, password protection, and security against replay-attack. Proof: 1.(Correctness and soundness) If,then clearly, the probability that U i is rejected by S is negligible,
多媒體網路安全實驗室 (Anonymity against Database) Since r is random value,r clearly includes no information about i. (Password Protection) Since and H is a one-way hash function, it is hard to compute p i from (Security against Replay-attacks) since H has one- wayness and pseudo-randomnes.
多媒體網路安全實驗室 Authentication Protocol Anonymous against Authentication-Server In addition to the four requirements shown in the previous sections, we consider the following requirement. Anonymity against Authentication-Server : It is hard for the authentication-server S to compute any information about the identifier i.
多媒體網路安全實驗室 Definition 2: An information theoretical k- database PIR without identifiers in reconstruction k query functions Q 1,…,Q k : Answer functions, A : Reconstruction function,R :
多媒體網路安全實驗室 These functions satisfy the following requirements: For any set For any,, For any,
多媒體網路安全實驗室 Authentication Protocol Anonymous against Authentication-Server The key idea of the authentication protocol is to use a public key encryption scheme: key generation algorithm K, encryption algorithm E, and decryption algorithm T 1.For any Where 2.Semantic secure
多媒體網路安全實驗室 PIR-Based Authentication Protocol Anonymous against Authentication-Server
多媒體網路安全實驗室 Theorem 4 The proposed protocol satisfies correctness,soundness, password protection, security against replay-attacks, anonymity against databases, and anonymity against authentication-server proof:(Correctness and Soundness) It is clear that if (Anonymity against Authentication-Server) Since the public encryption scheme is semantic secure.
多媒體網路安全實驗室 Conclusions and Future Work a single database which satisfies correctness, soundness, anonymity against database, password protection, and security against replay-attacks. multiple databases which satisfies anonymity against authentication-server in addition to the previous properties. The authentication protocol proposed is based on an information theoretical PIR.
多媒體網路安全實驗室