Presentation is loading. Please wait.

Presentation is loading. Please wait.

RSA-based password authenticated key exchange protocol Presenter: Jung-wen Lo( 駱榮問 )

Published byDerek Terry Modified over 8 years ago

Similar presentations

Presentation on theme: "RSA-based password authenticated key exchange protocol Presenter: Jung-wen Lo( 駱榮問 )"— Presentation transcript:

1 RSA-based password authenticated key exchange protocol Presenter: Jung-wen Lo( 駱榮問 )

2 2 Outline Introduction C.C. Yang, R.C. Wang, "Cryptanalysis of improvement of password authenticated key exchange based on RSA for imbalanced wireless networks," IEICE Transactions on Communications, Vol. E88-B, No. 11, pp. 4370-4372, 2005. Chien-Lung Hsu, Wen-Te Lin, and Yen-Chun Chou, “New Efficient Password Authenticated Key Exchange Protocol for Imbalanced Wireless Networks”, Journal of Computers, Vol.18, No.2, pp. 25-32, 2007 Conclusion & Comment

3 3 Introduction Password-authenticated key exchange (PAKE) protocol Two communicating parties share a session key over an insecure channel 1992: 1st PAKE protocol proposed by Bellovin and Merrit 2002 Zhu et al.: e-residues attack in BM 2003 Yeh et al.: impersonation attack in Zhu 2005 Yang-Wang.: dictionary/man-in-the-middle attack in Yeh 2007 Hsu et al.: performance improvement Two classes Use Diffie–Hellman key exchange Use RSA cryptosystem RSA-PAKE protocol RSA parameter generation/verification phase challenge/response qualified parameter which satisfies several conditions Session key establishment phase

4 Cryptanalysis of improvement of password authenticated key exchange based on RSA for imbalanced wireless networks Authors: C.C. Yang and R.C. Wang, Src: IEICE Transactions on Communications, Vol. E88-B, No. 11, pp. 4370-4372, 2005.

5 5 Yeh et al.’s Protocol (n, e), r A z σ δ Server A r A  R {0,1} l π= z d mod n (ID A,ID B,r A,r B )=D pw (π) c B =h 2 (r B ) K=h 3 (r A,c B,ID A,ID B ) σ=E K (ID B ) δ’ =h 4 (K) δ ’ ?= δ Client B r B  R Z n π=E pw (ID A,ID B,r A,r B ) z =π e mod n c’ B =h 2 (r B ) K’=h 3 (r A,c’ B,ID A,ID B ) ID B’ =D K’ (σ) ID B’ ?= ID B δ = h 4 (K’) {m i  R Z n } 1  i  N {m i e  R Z n } 1  i  N {h 1 (m i ’)} 1  i  N Request h 1 (m’ i ) ?= h 1 (m i )

6 6 Weakness of Yeh et al.’s scheme Can not against dictionary attack (n’, e’), r F z {m i e’  R Z n } 1  i  N {h 1 (m i ’)} 1  i  N Server A rFrF z d’ => π D pw’ (π)?=(ID A,ID B,r A,r B ) Attacker F (n’,d’,e’) Client B r B π=E pw (ID A,ID B,r A,r B ) z =π e’ mod n’ {m i  R Z n } 1  i  N Request

7 7 Yang-Wang’s Improved Protocol ω z σ δ Server A r A  R {0,1} l ω =(e||n||r A )  h 1 (pw) π= z d mod n (ID A,ID B,r A,r B )=D pw (π) c B =h 2 (r B ) K=h 3 (r A,c B,ID A,ID B ) σ=E K (ID B ) δ’ =h 4 (K) δ ’ ?= δ Client B r B  R Z n π=E pw (ID A,ID B,r A,r B ) z =π e mod n c’ B =h 2 (r B ) K’=h 3 (r A,c’ B,ID A,ID B ) ID B’ =D K’ (σ) ID B’ ?= ID B δ = h 4 (K’) {m i  R Z n } 1  i  N C i =(m i ||r A ) e mod n {c i } 1  i  N {h 1 (m i ’)} 1  i  N Request h 1 (m’ i ) ?= h 1 (m i ) e||n||r A = ω  h 1 (pw) m’ i ||r A =c i d mod n

8 New Efficient Password Authenticated Key Exchange Protocol for Imbalanced Wireless Networks Authors: Chien-Lung Hsu, Wen-Te Lin, and Yen-Chun Chou Src: Journal of Computers, Vol.18,No.2, pp. 25-32, 2007

9 9 Hsu et al. ’ s Improved Protocol ω σ, z δ Server A r A  R {0,1} l ω =E pw (r A ||n||e) r’ B = (z d mod n)  pw  r A K’=r A  r’ B  (ID A ||ID B ) σ ?= h(r A ||r’ B ||ID A ||ID B ||K’) δ =h(K’) Client B r B  R Z n z =(r B  pw  r A ) e mod n K= r A  r B  (ID A ||ID B ) σ= h(r A ||r B ||ID A ||ID B ||K) δ ? = h(K) {m i  R Z n } 1  i  N {h(m i ’)} 1  i  N Request h (m’ i ) ?= h(m i ) r A ||e||n=E pw ( ω) {m i e  R Z n } 1  i  N

10 10 Comparison-1

11 11 Comparison-2 |ε|:ciphertext |n|: modular n |h|: hash fct

12 12 Conclusion & Comment Conclusion Less cost Computational complexities Communication overheads Transmission number Better security Comment Error of Table 3 Performance improvement 22 2 2 2 2 1 2 4 4 4 3

13 13 P187 Protocol (Improved) ID A, n, e, ω, H(ID A,n,e,ω) {m i e mod n} 1  i  N {H (m i )} 1  i  N z Server A (pw) r’ A ||r’ B =z d r’ A ?=r A σ =H(r A,r’ B,ID A,ID B ) δ=H(σ ⊕ r’ B ) n,e,d,r A ω=r A ⊕ H(pw) Client B (pw) {m i } 1  i  N r’ A = ω ⊕ H(pw) r B z=(r’ A ||r B ) e mod n σ =H(r A,r B,ID A,ID B ) δ?=H(σ ⊕ r B ) δ Request

14 14 Comparison New (N+4)T h +(N+1)T exp +2T XOR (N+4)T h +(N+1)T exp +2T XOR ※ 1T E ≒ 10T h 4T XOR

15 15 Bellovin-Merritt’s Interactive RSA-EKE Protocol 1. ID A, n, e 2. {m i e mod n} 1  i  N 3. {m i mod n} 1  i  N 4. E pw (σ, r B ) 5.E σ (r B,r A ) 6.E σ (r A ) Server A (pw) Client B (pw) rArA {m i } 1  i  N σ,r B n,e,d

16 16 Zhu et al’s Protocol (2002) Server A (pw) Client B (pw) (n, e), r A 2’.r B, s B π=T(pw, ID A,ID B,r A,r B ) z =s B e +π z, r B E k (c A,ID B ) 4.D k (E k (c A,ID B )) => c’ A check ID B ? σ’=G 3 (c’ A,c B,ID A,ID B ) h(σ’) 2. {m i  R Z n } 1  i  N {m i e  R Z n } 1  i  N {H(m i ’)} 1  i  N 1. r A 3. π=T(pw, ID A,ID B,r A,r B ) Decrypt (z-π) => s B k =G 1 (s B ) c A 5. h(σ’) ?= h(σ) 4’. c B =G 2 (s B ) σ=G 3 (c A,c B,ID A,ID B )

17 17 Cryptanalysis Zhu et al’s Protocol Attacker E (pw’) (n, e), r A 2’.r E, s E π’=T(pw’, ID A,ID B,r A,r E ) z’ =s E e +π’ z’, r E E k (c A,ID B ) 4. k’ =G 1 (s E ) D k’ (E k (c A,ID B )) => If ID B correct ==> pw’=pw 2. Intercept (n, e), r A Interactive check (n,e) Client B (pw) {m i e  R Z n } 1  i  N {H(m i ’)} 1  i  N Server A (pw) 1. r A 3. π=T(pw, ID A,ID B,r A,r E ) Decrypt (z’-π) => s’ E k =G 1 (s’ E ) c A

18 18 Yeh et al’s scheme : Man-in-the-middle attack Server A (pw) Client B (pw) 1. r A (n, e), r A 2’. s B π= E pw ( ID A,ID B,r A,s B ) z =π e’ mod n’ z’ 3. Decrypt z’  π  s B D pw ( π )=s B c B =G 1 (s B ) σ=G 2 (r A,c B,ID A,ID B ) E σ (ID B ) 2. {m i  R Z n } 1  i  N {m i e  R Z n } 1  i  N {H(m i ’)} 1  i  N Attacker C (n’,e’) (n’, e’), r A z {m i e’  R Z n } 1  i  N {H(m i ’)} 1  i  N z  π z’ =π e mod n Try all pw’ D pw’ ( π )  s’ B G 1 (s’ B )=c’ B σ’=G 2 (r A,c’ B,ID A,ID B ) check D σ’ (E σ (ID B )) ?= ID B

Download ppt "RSA-based password authenticated key exchange protocol Presenter: Jung-wen Lo( 駱榮問 )"

Similar presentations

Cryptanalysis of a Communication-Efficient Three-Party Password Authenticated Key Exchange Protocol Source: Information Sciences in review Presenter: Tsuei-Hung.

Cryptanalysis of a Communication-Efficient Three-Party Password Authenticated Key Exchange Protocol Source: Information Sciences in review Presenter: Tsuei-Hung.
Kerberos Assisted Authentication in Mobile Ad-hoc Networks Authors: Asad Amir Pirzada and Chris McDonald Sources: Proceedings of the 27th Australasian.

Kerberos Assisted Authentication in Mobile Ad-hoc Networks Authors: Asad Amir Pirzada and Chris McDonald Sources: Proceedings of the 27th Australasian.
Further improvement on the modified authenticated key agreement scheme Authors: N.Y. Lee and M.F. Lee Source: Applied Mathematics and Computation, Vol.157,

Further improvement on the modified authenticated key agreement scheme Authors: N.Y. Lee and M.F. Lee Source: Applied Mathematics and Computation, Vol.157,
An Improvement on Authenticated Key Agreement Scheme Authors: Chin-Chen Chang and Shih-Yi Lin Source: 2007 International Conference on Intelligent Pervasive.

An Improvement on Authenticated Key Agreement Scheme Authors: Chin-Chen Chang and Shih-Yi Lin Source: 2007 International Conference on Intelligent Pervasive.
Mutual Authentication and Key Exchange Protocol (MAKEP) Reporter: Jung-Wen Lo ( 駱榮問 ) Date: 2008/4/18.

Mutual Authentication and Key Exchange Protocol (MAKEP) Reporter: Jung-Wen Lo ( 駱榮問 ) Date: 2008/4/18.
Public-key based. Public-key Techniques based Protocols –may use either weak or strong passwords –high computation complexity (Slow) –high deployment.

Public-key based. Public-key Techniques based Protocols –may use either weak or strong passwords –high computation complexity (Slow) –high deployment.
Cross-Realm Password-Based Server Aided Key Exchange Source: WISA 2010, LNCS 6513, pp. 322–336, 2011(0) Author: Kazuki Yoneyama Presenter: Li-Tzu Chang.

Cross-Realm Password-Based Server Aided Key Exchange Source: WISA 2010, LNCS 6513, pp. 322–336, 2011(0) Author: Kazuki Yoneyama Presenter: Li-Tzu Chang.
A Secure Remote User Authentication Scheme with Smart Cards Manoj Kumar 報告者 : 許睿中 日期 :11.23 1.

A Secure Remote User Authentication Scheme with Smart Cards Manoj Kumar 報告者 : 許睿中 日期 :
1 Three-Party Encrypted Key Exchange Without Server Public-Keys C. L. Lin, H. M. Sun, M. Steiner, and T. Hwang IEEE COMMUNICATIONS LETTER, VOL. 5, NO.12,

1 Three-Party Encrypted Key Exchange Without Server Public-Keys C. L. Lin, H. M. Sun, M. Steiner, and T. Hwang IEEE COMMUNICATIONS LETTER, VOL. 5, NO.12,
Wireless Security In wireless networks. Security and Assurance - Goals Integrity Modified only in acceptable ways Modified only by authorized people Modified.

Wireless Security In wireless networks. Security and Assurance - Goals Integrity Modified only in acceptable ways Modified only by authorized people Modified.
A simple remote user authentication scheme 1. M. S. Hwang, C. C. Lee and Y. L. Tang, “A simple remote user authentication.

A simple remote user authentication scheme 1. M. S. Hwang, C. C. Lee and Y. L. Tang, “A simple remote user authentication.
CMSC 414 Computer and Network Security Lecture 17 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 17 Jonathan Katz.
電子商務與數位生活研討會 1 Further Security Enhancement for Optimal Strong-Password Authentication Protocol Tzung-Her Chen, Gwoboa Horng, Wei-Bin Lee,Kuang-Long Lin.

電子商務與數位生活研討會 1 Further Security Enhancement for Optimal Strong-Password Authentication Protocol Tzung-Her Chen, Gwoboa Horng, Wei-Bin Lee,Kuang-Long Lin.
A password authentication scheme with secure password updating SEC 期末報告 學號: 89321037 姓名:翁玉芬.

A password authentication scheme with secure password updating SEC 期末報告 學號: 姓名:翁玉芬.
CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.
Improvement of Password Authenticated Key Exchange Based on RSA for Imbalanced Wireless Networks IEICE Transactions on Communications, Vol. E86-B, No.

Improvement of Password Authenticated Key Exchange Based on RSA for Imbalanced Wireless Networks IEICE Transactions on Communications, Vol. E86-B, No.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
1 Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment Authors : Han-Cheng Hsiang and Wei-Kuan Shih.

1 Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment Authors : Han-Cheng Hsiang and Wei-Kuan Shih.
90321011 孫國偉 Efficient Password authenticated key agreement using smart cards Author : Wen-Shenq Juang* Date : 2003.11.26 in Computers & Security.

孫國偉 Efficient Password authenticated key agreement using smart cards Author : Wen-Shenq Juang* Date : in Computers & Security.
An Improved Smart Card Based Password Authentication Scheme with Provable Security Source:Computer Standards & Interfaces, Vol. 31, No. 4, pp. 723-728,

An Improved Smart Card Based Password Authentication Scheme with Provable Security Source:Computer Standards & Interfaces, Vol. 31, No. 4, pp ,

Similar presentations

Ads by Google