多媒體網路安全實驗室 A novel user identification scheme with key distribution preserving...
-
Upload
franklin-bradford -
Category
Documents
-
view
214 -
download
1
Transcript of 多媒體網路安全實驗室 A novel user identification scheme with key distribution preserving...
多媒體網路安全實驗室
A novel user identification scheme with key distribution preserving user
anonymity for distributed computer networks
A novel user identification scheme with key distribution preserving user
anonymity for distributed computer networks
Date:2011/10/05報告人:向峻霈
出處 : Wen-Shenq Juang, Sian-Teng Chen, and Horng-Twu Liaw IEEE Transactions on Industrial Electronics
, VOL.55, NO.6 ,2008
多媒體網路安全實驗室
Outline
Introduction1
Proposed scheme2
Security Analysis33
Functionality comparison44
Conclusion35
2
多媒體網路安全實驗室
Introduction
In various network environments, if a user needs to use or control a remote server
needs to pass the authentication scheme
3
多媒體網路安全實驗室
IntroductionFan et al. proposed a robust remote authentication
scheme with smart cardsAdvantages
low computation for smart cards no password table passwords chosen by the users themselves withstanding the replay attack server authentication withstanding the dictionary attack revoking the lost cards without changing the users’
identities
4
多媒體網路安全實驗室
Introduction
Drawbacks
no ability of anonymity
higher computation and communication cost
no session key agreement
cannot prevent the insider attack
5
多媒體網路安全實驗室
Parameter generation phase
Server sets up the system parameters Chooses a large prime number P Fp :y2 = x3 +ax+b mod P 4a3+27b2 mod P ≠ 0, G is a generator point of a large order n selects a random number x Computes a corresponding public key
Pki = Xi x G //Xi -> secret key
(PS,P,Ep,G,n) ->publish
6
Pp Z ,bZa
OGn
多媒體網路安全實驗室
Registration phase
7
Client Server{ IDi,h( PWi || b) }
bi =Es( h(PW||b) ||IDi||CIi|| h(IDi||CIi||h(PWi||b)) )Vi = h(IDi,s,CIi)
Card =( IDi,CIi,bi,vi )
Card =( IDi,CIi,bi,vi,b )
CI ID
1 ID1
2 ID2
… …
n IDn
tag
smart card
Card =( IDi,CIi,bi,vi,b )
e = r * Gc = r * Ps = r * x * G//as a point over Ep
Precomputation Phase c e
use in the log-in phase
多媒體網路安全實驗室
Log-in phase
8
ServerEvi(e),bi
s->decrypts biVi = h(IDi,s,CIi) -> decrypts Evi(e)
IDi is in the registrationCIi is stored in the registration table------------------check okc = r * x * GMS = h(c || u || Vi)
smart card
e = r * Gc = r * Ps = r * x * GVi = h(IDi,s,CIi)
IDi||CIi||h(PWi||b))
u,Ms
Checks Ms
MU = h(h(PWi||b)||Vi||c||u)Sk = h(Vi,c,u)
MU
Checks
Checks MU
Sk = h(Vi,c,u)
多媒體網路安全實驗室
Password-Changing Phase
9
ServerEsk(IDi,h(PWi*||b*))
bi* =Es( h(PWi*||b*) ||IDi||CIi|| h(IDi||CIi||h(PWi*||b*)) )
smart card
多媒體網路安全實驗室
Security analysis
Mutual authenticationPreventing the replay attackPreventing the insider attackPreventing the Offline Dictionary Attack Without
the Smart cardPreventing the Offline Dictionary Attack With the
Smart Card
10
多媒體網路安全實驗室
Log-in phase
11
ServerEvi(e),bi
s->decrypts biVi = h(IDi,s,CIi) -> decrypts Evi(e)
IDi is in the registrationCIi is stored in the registration table------------------check okc = r * x * GMS = h(c || u || Vi)
smart card
e = r * Gc = r * Ps = r * x * GVi = h(IDi,s,CIi)
IDi||CIi||h(PWi||b))
u,Ms
Checks Ms
MU = h(h(PWi||b)||Vi||c||u)Sk = h(Vi,c,u)
MU
Checks
Checks MU
Sk = h(Vi,c,u)
Mutual Authentication
多媒體網路安全實驗室
Log-in phase
12
ServerEvi(e),bi
s->decrypts biVi = h(IDi,s,CIi) -> decrypts Evi(e)
IDi is in the registrationCIi is stored in the registration table------------------check okc = r * x * GMS = h(c || u || Vi)
smart card
e = r * Gc = r * Ps = r * x * GVi = h(IDi,s,CIi)
IDi||CIi||h(PWi||b))
u,Ms
Checks Ms
MU = h(h(PWi||b)||Vi||c||u)Sk = h(Vi,c,u)
MU
Checks
Checks MU
Sk = h(Vi,c,u)
Preventing the replay attack
多媒體網路安全實驗室
Registration phase
13
Client Server{ IDi,h( PWi || b) }
bi =Es( h(PW||b) ||IDi||CIi|| h(IDi||CIi||h(PWi||b)) )Vi = h(IDi,s,CIi)
Card =( IDi,CIi,bi,vi )
Card =( IDi,CIi,bi,vi,b )
CI ID
1 ID1
2 ID2
… …
n IDn
smart card
Card =( IDi,CIi,bi,vi,b )
e = r * Gc = r * Ps = r * x * G//as a point over Ep
Precomputation Phase c e
use in the log-in phasePreventing the insider attack
多媒體網路安全實驗室
Log-in phase
14
ServerEvi(e),bi
s->decrypts biVi = h(IDi,s,CIi) -> decrypts Evi(e)
IDi is in the registrationCIi is stored in the registration table------------------check okc = r * x * GMS = h(c || u || Vi)
smart card
e = r * Gc = r * Ps = r * x * GVi = h(IDi,s,CIi)
IDi||CIi||h(PWi||b))
u,Ms
Checks Ms
MU = h(h(PWi||b)||Vi||c||u)Sk = h(Vi,c,u)
MU
Checks
Checks MU
Sk = h(Vi,c,u)
Preventing the offline dictionary attack without the smart card
多媒體網路安全實驗室
Log-in phase
15
ServerEvi(e),bi
s->decrypts biVi = h(IDi,s,CIi) -> decrypts Evi(e)
IDi is in the registrationCIi is stored in the registration table------------------check okc = r * x * GMS = h(c || u || Vi)
smart card
e = r * Gc = r * Ps = r * x * GVi = h(IDi,s,CIi)
IDi||CIi||h(PWi||b))
u,Ms
Checks Ms
MU = h(h(PWi||b)||Vi||c||u)Sk = h(Vi,c,u)
MU
Checks
Checks MU
Sk = h(Vi,c,u)
Preventing the Offline Dictionary Attack With the Smart Card
多媒體網路安全實驗室
Cost and Functionality Consideration
16
多媒體網路安全實驗室
17
E1: computation cost of registrationE2: computation cost of the precomputation phase for the clientE3: computation cost of login for the clientE4: computation cost of login for the server
多媒體網路安全實驗室
Functionality comparison
C1 : low communication and computation cost C2 : no password table C3 : users can choose the password by themselves C4 : no Time-Synchronization Problem C5 : mutual authentication C6 : revoking a lost card without changing the user’s identity C7 : identity protection C8 : session key agreement C9 : preventing the offline dictionary attack with the secret
information stored in the smart card
18
多媒體網路安全實驗室
Functionality comparison
19
Yang &Shiehscheme
Hwang &Li
scheme
Fan et alscheme
Juang scheme
Sunscheme
Chien et al
scheme
The propose
dscheme
C1 X X O O O O O
C2 O O O O O O O
C3 O X X O X O O
C4 O X X O X X O
C5 X X O O X O O
C6 X X X X X X O
C7 X X X X X X O
C8 X X O O X X O
C9 X X X X X X O
多媒體網路安全實驗室
Conclusion
Low Communication and Computation Cost
No Password Table
Choosing and Changing of Passwords by Users
No Time-Synchronization Problem
Identity Protection
Revoking the Lost Cards Without Changing
Session Key Agreement20
多媒體網路安全實驗室