Presentation is loading. Please wait.

Presentation is loading. Please wait.

Improvement of Hwang-Lo-Lin scheme based on an ID-based cryptosystem No author given (Korea information security Agency) Presented by J.Liu.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Improvement of Hwang-Lo-Lin scheme based on an ID-based cryptosystem No author given (Korea information security Agency) Presented by J.Liu."— Presentation transcript:

1 Improvement of Hwang-Lo-Lin scheme based on an ID-based cryptosystem No author given (Korea information security Agency) Presented by J.Liu

2 Outline Introduction Review of the Hwang-Lo-Lin scheme Cryptanalysis The modified ID-based identification scheme Security analysis Performance analysis Conclusions

3 Introduction ID-based public key cryptosystem. Maurer-Yacobi(1996)  Tseng-Jan(1998)  Hwang-Lo-Lin(2004)  Horng-Liu-Liu(2005)  This Letter(2005) Hwang et al. developed the improved scheme was suitable for the wireless environment.

4 Review of the Hwang-Lo-Lin scheme TA setup the system parameters as following: 1.N = p 1  p 2  p 3  p 4, where p i are primes and their decimal digits are between 60-70, (p i -1)/2 are odd and pair wise relatively prime. 2.DLP is feasible but factoring N is infeasible. 3.g is a primitive root in each GF(p i ). 4.h(.) is an one way hash function. 5.ed = 1 mod  (N) and tv = 1 mod  (N).

5 Cont 6.ID b, ID m : identity of base station(BS) and mobile device(M), respectively. 7.s b = et  log g (ID b 2 ) mod  (N) is secret key for BS. 8.s m = et  log g (ID m 2 ) mod  (N) is secret key for M. 9.T: timestamp {N, g, e, h(.)}are public parameters and keep {p 1, p 2, p 3, p 4, t, v, d } secret.

6 Login and authentication 1.Choose k  R Z N *, computes Y = (ID m 2 ) k mod N, Z = (ID b 2 ) ks m T mod N 2.Sends {ID m, Y, Z, T } to BS. 3.BS computes Z’ = (Y) s b T, checks Z = Z’ If yes then… else…. ?

7 Key points

8 Cryptanalysis Attacker forge {ID m, Y 1, Z 1, T’ } from a valid login message {ID m, Y, Z, T } by Y 1 = Y rT mod N and Z 1 = Z rT’ mod N.

9 The modified ID-based identification scheme The parameters are the same of Hwang’s scheme, but the 4 primes have bit size more than 1024 bits. (DLP OK? about 300 decimal digits) 1.M sends {ID m, Z, T} to BS, where Z = H((ID b 2 ) s m T mod N) 2.BS verifies by Z = H((ID m 2 ) s b T mod N)

10 Security analysis 1.Passive replay attack: Changes timestamp T. H((ID m 2 ) s b T mod N)  H((ID m 2 ) s b T’ mod N) 2.Active replay attack: The attacker can not change Z and T without s m and s b. 3.ID-stolen attack: The same with 2.

11 Performance analysis Without random number generator(hash function). Shorter message length (1/2). Fewer exponential operation (2  1). More suitable in wireless environment.

12 Conclusion Secure More suitable.

Download ppt "Improvement of Hwang-Lo-Lin scheme based on an ID-based cryptosystem No author given (Korea information security Agency) Presented by J.Liu."

Similar presentations

Further improvement on the modified authenticated key agreement scheme Authors: N.Y. Lee and M.F. Lee Source: Applied Mathematics and Computation, Vol.157,

Further improvement on the modified authenticated key agreement scheme Authors: N.Y. Lee and M.F. Lee Source: Applied Mathematics and Computation, Vol.157,
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.

Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
Public Key Cryptosystems - RSA Receiver Sender Eavesdroppe r 175753411947 p q p q p q p and q prime.

Public Key Cryptosystems - RSA Receiver Sender Eavesdroppe r p q p q p q p and q prime.
LOGO Multi-user Broadcast Authentication in Wireless Sensor Networks ICU 20082065 Myunghan Yoo.

LOGO Multi-user Broadcast Authentication in Wireless Sensor Networks ICU Myunghan Yoo.
Public-key based. Public-key Techniques based Protocols –may use either weak or strong passwords –high computation complexity (Slow) –high deployment.

Public-key based. Public-key Techniques based Protocols –may use either weak or strong passwords –high computation complexity (Slow) –high deployment.
Computer and Information Security 期末報告 學號 92321501 姓名 莊玉麟.

Computer and Information Security 期末報告 學號 姓名 莊玉麟.
HW6 due tomorrow Teams T will get to pick their presentation day in the order Teams T will get to pick their presentation day in the orderQuestions? Review.

HW6 due tomorrow Teams T will get to pick their presentation day in the order Teams T will get to pick their presentation day in the orderQuestions? Review.
1 Security analysis of an enhanced authentication key exchange protocol Authors : H.Y. Liu, G.B. Horng, F.Y. Hung Presented by F.Y. Hung Date : 2005/5/20.

1 Security analysis of an enhanced authentication key exchange protocol Authors : H.Y. Liu, G.B. Horng, F.Y. Hung Presented by F.Y. Hung Date : 2005/5/20.
Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.

Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.
電子商務與數位生活研討會 1 Further Security Enhancement for Optimal Strong-Password Authentication Protocol Tzung-Her Chen, Gwoboa Horng, Wei-Bin Lee,Kuang-Long Lin.

電子商務與數位生活研討會 1 Further Security Enhancement for Optimal Strong-Password Authentication Protocol Tzung-Her Chen, Gwoboa Horng, Wei-Bin Lee,Kuang-Long Lin.
Introduction to Modern Cryptography Homework assignments.

Introduction to Modern Cryptography Homework assignments.
Announcements: 1. HW6 due now 2. HW7 posted Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman, ElGamal Hash Functions.

Announcements: 1. HW6 due now 2. HW7 posted Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman, ElGamal Hash Functions.
1 An ID-based multisignature scheme without reblocking and predetermined signing order Chin-Chen Chang, Iuon-Chang Lin, and Kwok-Yan Lam Computer Standards.

1 An ID-based multisignature scheme without reblocking and predetermined signing order Chin-Chen Chang, Iuon-Chang Lin, and Kwok-Yan Lam Computer Standards.
An Improved Smart Card Based Password Authentication Scheme with Provable Security Source:Computer Standards & Interfaces, Vol. 31, No. 4, pp. 723-728,

An Improved Smart Card Based Password Authentication Scheme with Provable Security Source:Computer Standards & Interfaces, Vol. 31, No. 4, pp ,
Security Arguments for Digital Signatures and Blind Signatures Journal of Cryptology, (2000) 13: 361-396 Authors: D. Pointcheval and J. Stern Presented.

Security Arguments for Digital Signatures and Blind Signatures Journal of Cryptology, (2000) 13: Authors: D. Pointcheval and J. Stern Presented.
A more efficient and secure dynamic ID- based remote user authentication scheme Yan-yan Wang, Jia-yong Liu, Feng-xia Xiao, Jing Dan in Computer Communications.

A more efficient and secure dynamic ID- based remote user authentication scheme Yan-yan Wang, Jia-yong Liu, Feng-xia Xiao, Jing Dan in Computer Communications.
1 Hidden Exponent RSA and Efficient Key Distribution author: He Ge Cryptology ePrint Archive 2005/325 PDFPDF 報告人:陳昱升.

1 Hidden Exponent RSA and Efficient Key Distribution author: He Ge Cryptology ePrint Archive 2005/325 PDFPDF 報告人:陳昱升.
Security Arguments for Digital Signatures and Blind Signatures Journal of Cryptology, (2000) 13: 361-396 Authors: D. Pointcheval and J. Stern Presented.

Security Arguments for Digital Signatures and Blind Signatures Journal of Cryptology, (2000) 13: Authors: D. Pointcheval and J. Stern Presented.
Introduction to Modern Cryptography, Lecture 9 More about Digital Signatures and Identification.

Introduction to Modern Cryptography, Lecture 9 More about Digital Signatures and Identification.
Cryptography and Network Security Chapter 10. Chapter 10 – Key Management; Other Public Key Cryptosystems No Singhalese, whether man or woman, would venture.

Cryptography and Network Security Chapter 10. Chapter 10 – Key Management; Other Public Key Cryptosystems No Singhalese, whether man or woman, would venture.

Similar presentations

Ads by Google