Presentation is loading. Please wait.

Presentation is loading. Please wait.

Sunday, December 20, 2015 ARCHITECTURE OF A SERVER- AIDED SIGNATURE SERVICE (SASS) FOR MOBILE NETWORKS Source: P. Lorenz and P. Dini (Eds.): ICN 2005,

Published byGyles French Modified over 8 years ago

Similar presentations

Presentation on theme: "Sunday, December 20, 2015 ARCHITECTURE OF A SERVER- AIDED SIGNATURE SERVICE (SASS) FOR MOBILE NETWORKS Source: P. Lorenz and P. Dini (Eds.): ICN 2005,"— Presentation transcript:

1 Sunday, December 20, 2015 ARCHITECTURE OF A SERVER- AIDED SIGNATURE SERVICE (SASS) FOR MOBILE NETWORKS Source: P. Lorenz and P. Dini (Eds.): ICN 2005, LNCS 3421, pp. 819 – 826, 2005. Author: Liang Cai, Xiaohu Yang, and Chun Chen Presenter: Li-Tzu Chang

2 Sunday, December 20, 2015 Outline Introduction Background Architecture of SASS Service Overall Architecture Key Interfaces of SASS Service Performance Analysis Conclusion

3 Sunday, December 20, 2015 Introduction Traditionally Asymmetric cryptographic techniques. Computationally expensive. Currently Limited computational capabilities. Equally limited power(batteries). The RSA cryptosystems is the most widely used PKI cryptosystem for key exchange and digital signatures.  SSL commonly uses RSA-based key exchange, most PKI products use RSA certificates. On PalmPilot  1024 bit RSA signature - 30 seconds.  1024 bit RSA key - 15 minutes.

4 Sunday, December 20, 2015 Introduction Instead of every mobile device performing computationally intensive cryptographic operations, we designed a Server-aided Signature Service (SASS) to offload work from clients in mobile networks. SASS The encryption. Key exchange capabilities of Modadugu's protocol. The digital signature generation capability of the S 3 protocol.

5 Sunday, December 20, 2015 Introduction Use of SASS benefits mobile clients Cryptographic hardware capable of performing single cryptographic operations faster than they can be performed by the client. Offloading cryptographic operations from the client CPU to these remote accelerators can free the client for other operations.

6 Sunday, December 20, 2015 Outline Introduction Background Architecture of SASS Service Overall Architecture Key Interfaces of SASS Service Performance Analysis Conclusion

7 Sunday, December 20, 2015 Background Typical message flow between mobile client and server.

8 Sunday, December 20, 2015 Background In order to reduce the computational load of the mobile clients, only the server side has the RSA key pair (public key & private key), thus can generate the non-repudiation digital signatures. The client side can only use the symmetric DES algorithm to achieve information privacy, but not non-repudiation.

9 Sunday, December 20, 2015 Outline Introduction Background Architecture of SASS Service Overall Architecture Key Interfaces of SASS Service Performance Analysis Conclusion

10 Sunday, December 20, 2015 Architecture of SASS Service

11 Sunday, December 20, 2015 Architecture of SASS Service Key interfaces ISASS_KeyGen( )  Help mobile client generate the key used for encryption and key exchange. ISASS_Cert( )  Help mobile client initialize the key used for generating the digital signature. ISASS_Sign( )  Help mobile client sign a message. 11

12 Sunday, December 20, 2015 Outline Introduction Background Architecture of SASS Service Overall Architecture Key Interfaces of SASS Service Performance Analysis Conclusion

13 Sunday, December 20, 2015 Overall Architecture The overall architecture is made up of three components: CA SASS service Client 13

14 Sunday, December 20, 2015 Overall Architecture Efficient generation of RSA keys on a low power mobile client with the help of SASS service works as follows. 1.The client must hide the modulus p and the exponent p-1. To hide the modulus p the client intends to multiply it by a random number R and send the resulting N = p ⋅ R to the servers. 14 p is a 512-bit prime R is a 4096-bit random number

15 Sunday, December 20, 2015 Overall Architecture Efficient generation of RSA keys on a low power mobile client with the help of SASS service works as follows. 2. The server will perform computations modulo N = p ⋅ R. 3. The client will run a probabilistic test to verify that p is prime. This is done to ensure that the servers returned correct values. 15

16 Sunday, December 20, 2015 Overall Architecture SASS based signature could be computed as follows: 16 使用者呼 叫 API 1 API - 提供資料進行簽章 - 一次性的票券 2

17 Sunday, December 20, 2015 Overall Architecture SASS based signature could be computed as follows: 17 API 提供資料進行簽章 一次性的票券 要求 Policy 授 權 Alice 操作 3 3 Policy 決定授權 A operation rights revocation status and billing status 3 如果決定授權 就會計算資料的 half-signature 和其 他參數, 傳回給 Aliice 3

18 Sunday, December 20, 2015 Overall Architecture SASS based signature could be computed as follows: 18 API 提供資料進行簽章 一次性的票券 A 驗證 own half-signature 和 SASS’s half-signature 。 如果放在一起,兩者符合,驗證 成功。 產生 SASS 和 Alice 共有的憑證。 4

19 Sunday, December 20, 2015 Overall Architecture Verifying a SASS signature : Verifier obtains the signature and verifies the two halves using the accompanying certificates. 19

20 Sunday, December 20, 2015 Outline Introduction Background Architecture of SASS Service Overall Architecture Key Interfaces of SASS Service Performance Analysis Conclusion

21 Sunday, December 20, 2015 Key Interfaces of SASS Service ISASS_KeyGen(N, g, s) :X It helps mobile clients offload the expensive exponentiation to SASS Server. To do that, It calculates X = g s mod N, and returns X. 21

22 Sunday, December 20, 2015 Key Interfaces of SASS Service ISASS_Cert(O, n, PK o, S) : O choose a SASS server that shall be responsible for generating signatures on O's behalf. generates a random secret key K O. Constructs the hash chain K o n =SHA o (SHA o (···SHA o (K o ) ···)) O submits the root public key PK o = K o n to CA. CA return the certificate for O's root public key: (O,n, PK, S)SK CA. 22 Mobile client O SASS server S

23 Sunday, December 20, 2015 Key Interfaces of SASS Service ISASS_Sign(O, MD5(m), i, K o i ) : (O, MD5(m), i, K o i )SK S S verifies the received public key based on O's root public key. Checks SHA o n-i (K o i ) = Pk o S has to ensure that only one signature can be created for a given (O, i, K o i ). If a message on behalf of O containing K o i has not yet been signed, S signs (O, MD5(m), i, K o i ), records K o i as consumed, and sends the signature (O, MD5(m), i, K o i )SK S back to O. 23 K o i is O's current public key.

24 Sunday, December 20, 2015 Outline Introduction Background Architecture of SASS Service Overall Architecture Key Interfaces of SASS Service Performance Analysis Conclusion

25 Sunday, December 20, 2015 Performance Analysis 25

26 Sunday, December 20, 2015 Performance Analysis 26

27 Sunday, December 20, 2015 Outline Introduction Background Architecture of SASS Service Overall Architecture Key Interfaces of SASS Service Performance Analysis Conclusion

28 Sunday, December 20, 2015 Conclusion A secure “cell phone-banking” application has been implemented on SASS architecture in CDMA-1X mobile network. SASS can significantly improve the performance of mobile client's cryptographicoperation; SASS is a highly scalable service suitable for variant mobileapplications and future critical applications which require longer key length. 28

Download ppt "Sunday, December 20, 2015 ARCHITECTURE OF A SERVER- AIDED SIGNATURE SERVICE (SASS) FOR MOBILE NETWORKS Source: P. Lorenz and P. Dini (Eds.): ICN 2005,"

Similar presentations

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (4) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (4) Information Security.
WAP Public Key Infrastructure CSCI 5939.02 – Independent Study Fall 2002 Jaleel Syed Presentation No 5.

WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.
1 ID-Based Proxy Signature Using Bilinear Pairings Author: Jing Xu, Zhenfeng Zhang, and Dengguo Feng Presenter: 林志鴻.

1 ID-Based Proxy Signature Using Bilinear Pairings Author: Jing Xu, Zhenfeng Zhang, and Dengguo Feng Presenter: 林志鴻.
Self proxy signature scheme IJCSNS International Journal of Computer Science and Network Security,VOL.7 No.2,Februry 2007 Author:Young-seol Kim,Jik Hyun.

Self proxy signature scheme IJCSNS International Journal of Computer Science and Network Security,VOL.7 No.2,Februry 2007 Author:Young-seol Kim,Jik Hyun.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 29 Cryptography and Network.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 29 Cryptography and Network.
FIT3105 Smart card based authentication and identity management Lecture 4.

FIT3105 Smart card based authentication and identity management Lecture 4.
Public-key Cryptography Montclair State University CMPT 109 J.W. Benham Spring, 1998.

Public-key Cryptography Montclair State University CMPT 109 J.W. Benham Spring, 1998.
Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.
1 A new identity based proxy signature scheme Source: Lecture Notes In Computer Science Author: Chunxiang Gu and Yuefei Zhu Presenter: 林志鴻.

1 A new identity based proxy signature scheme Source: Lecture Notes In Computer Science Author: Chunxiang Gu and Yuefei Zhu Presenter: 林志鴻.
Cryptographic Techniques Instructor: Jerry Gao Ph.D. San Jose State University URL: May,

Cryptographic Techniques Instructor: Jerry Gao Ph.D. San Jose State University URL: May,
A Server-aided Signature Scheme Based on Secret Sharing for Mobile Commerce Source: Journal of Computers, Vol.19, No.1, April 2008 Author: Chin-Ling Chen,

A Server-aided Signature Scheme Based on Secret Sharing for Mobile Commerce Source: Journal of Computers, Vol.19, No.1, April 2008 Author: Chin-Ling Chen,
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.

Similar presentations

Ads by Google