Secure Authentication Scheme with Anonymity for Wireless Communications
description
Transcript of Secure Authentication Scheme with Anonymity for Wireless Communications
Secure Authentication Scheme with Anonymity for Wireless Communications
Speaker : Hong-Ji Wei
Date : 2012-12-08
2
Outline
1. Introduction
2. Review of Wu et al.’s scheme
3. Weakness of Wu et al.’s scheme
4. Improved Scheme
5. Security Analysis
6. Conclusion
3
1. Introduction
In recent years, many authors proposed the anonymous authentication scheme for wireless communications.
In 2004, Zhu and Ma proposed an authentication scheme with anonymity for wireless communications. However, in 2006, Lee, Hwang and Laio pointed out that Zhu-Ma’s scheme exists some weaknesses and proposed the improved scheme to overcome these weaknesses in Zhu-Ma’s scheme.
4
1. Introduction
In 2008, Wu, Lee and Tsaur pointed out that Lee et al’s scheme still exists weakness of anonymity and backward secrecy. Therefore, they also proposed an improved scheme to improve the weaknesses in Lee et al.’s scheme.
In 2009, Zeng et al and Lee et al found out that Wu et al.’s scheme still not protect the anonymity of user. However, they did not propose the scheme to improve it.
5
1. Introduction
In 2009, Chang et al. also pointed out that Wu et al’s scheme exists two weaknesses, which failed to achieve the anonymity and prevent impersonation attack. At the same time, they also proposed the improved scheme to overcome these weaknesses. However, it’s unfortunately, their proposed scheme still not efficiently overcome these weaknesses.
In this paper, we will analyze Wu et al.’s scheme and propose a secure anonymous authentication scheme to improve the security weaknesses in Wu at al.’s scheme.
6
2. Review of Wu et al.’s scheme
Notations
MU : Mobile User
HA : Home Agent of a mobile user
FA : Foreign Agent of the network
IDA: Identity of A
TA : Timestamp of A
CertA : Certificate of A
(X)K : Symmetric Encryption
EK(X) : Asymmetric Encryption
h(X) : Hash X using hash function
PWA : Password of A
PA : Public key of A
SA : Private key of A
7
2. Review of Wu et al.’s scheme This scheme can be divided into three phases
1. Initial Phase
MU registers with HA through secure channel.
2. First Phase
FA authenticates MU through HA and establishes a session
key with MU.
3. Second Phase
MU updates the session key with FA.
8
2. Review of Wu et al.’s scheme Initial Phase
MU HA
Secure Channel
Secure ChannelMUIDMUID
MUHA
MUHA
MUMU
IDID
ID||NhID||Nhr
ID||NhPW
)()(
)(
h(.),IDr,,PW HAMU
9
2. Review of Wu et al.’s scheme First Phase
MU FA HA
MU
MUMU
PWrn
PWThL
Compute 1.
)(
MUHAL0MU TID,x||x||IDhn, 2. ,))((
FA
MU
S with signatureCompute
bnumber random Generate
T Check 3.
),,))((((
,,))((
FAMUL0MUS
FAFAMUL0MU
CertTx||x||IDhn,b,hE
CertTT,x||x||IDhn,b, 4.
FA
))))||(((
?)()'(
with))((
'
0MUP
HA
MUMU
0MU
MUHAHA
FAFA
x||x||IDNhhEW Compute
S with signatureCompute
cnumber random Generate
IDhIDh Check
L x||x||IDh Decrypt
IDIDn)ID||h(N Compute
T and Cert Check 5.
FA
HAHAHAPS TCert,CertWhEc,b,hEW,c, 6.FAHA
,),)))((((
)))||(((
.6
0MU
FA
x||x||IDNhhh k
key sessionCompute
S withW Decrypt
k0MU x||xhTCert ))(||(.7
k withx||xhTCert Decrypt
k Compute
0MU ))(||(
.8
kMU1 ationOtherInfom||TCert||x )(.9
10
2. Review of Wu et al.’s scheme Second Phase
In order to enhance the efficiency, while MU stays with the same FA, the new session key ki can be derived from the unexpired previous secret knowledge xi−1 and a fixed secret x as
MU FA
Session key update
1,2,3...nifor x||x||IDNhhh k 1-iMUi )))||(((
ikMUiMU ationOtherInfom||TCert||xTCert )(,
3. Weakness of Wu et al.’s scheme Anonymity
MUHAMUHA IDIDID||NhrID||Nh 1. )()(
HAHAMU IDID||NhnID 2. )(
Attacker
MU FA HA
MU
MUMU
PWrn
PWThL
Compute 1.
)(
MUHAL0MU TID,x||x||IDhn, 2. ,))((
FA
MU
S with signatureCompute
bnumber random Generate
T Check 3.
),,))((((
,,))((
FAMUL0MUS
FAFAMUL0MU
CertTx||x||IDhn,b,hE
CertTT,x||x||IDhn,b, 4.
FA
))))||(((
?)()'(
with))((
'
0MUP
HA
MUMU
0MU
MUHAHA
FAFA
x||x||IDNhhEW Compute
S with signatureCompute
cnumber random Generate
IDhIDh Check
L x||x||IDh Decrypt
IDIDn)ID||h(N Compute
T and Cert Check 5.
FA
HAHAHAPS TCert,CertWhEc,b,hEW,c, 6.FAHA
,),)))((((
)))||(((
.6
0MU
FA
x||x||IDNhhh k
key sessionCompute
S withW Decrypt
k0MU x||xhTCert ))(||(.7
k withx||xhTCert Decrypt
k Compute
0MU ))(||(
.8
kMU1 ationOtherInfom||TCert||x )(.9
11
12
3. Weakness of Wu et al.’s scheme Impersonation attack
*PWIDIDID||NhnID||Nh 2.
*PWIDIDID||NhID||Nh
*PWr 1.n
MUHAHAMU
MUHAMUHA
)()(
)()(
MU FA HA
MU
MUMU
PWrn
PWThL
Compute 1.
)(
MUHAL0MU TID,x||x||IDhn, 2. ,))((
FA
MU
S with signatureCompute
bnumber random Generate
T Check 3.
),,))((((
,,))((
FAMUL0MUS
FAFAMUL0MU
CertTx||x||IDhn,b,hE
CertTT,x||x||IDhn,b, 4.
FA
))))||(((
?)()'(
with))((
'
0MUP
HA
MUMU
0MU
MUHAHA
FAFA
x||x||IDNhhEW Compute
S with signatureCompute
cnumber random Generate
IDhIDh Check
L x||x||IDh Decrypt
IDIDn)ID||h(N Compute
T and Cert Check 5.
FA
HAHAHAPS TCert,CertWhEc,b,hEW,c, 6.FAHA
,),)))((((
)))||(((
.6
0MU
FA
x||x||IDNhhh k
key sessionCompute
S withW Decrypt
k0MU x||xhTCert ))(||(.7
k withx||xhTCert Decrypt
k Compute
0MU ))(||(
.8
kMU1 ationOtherInfom||TCert||x )(.9
PWMU *
Attacker
13
4. Improved scheme Registration Phase
MU HA
Secure Channel
Secure ChannelMUID MIDMU ,
)||)((
)(
)(
NMIDhhL
M
IDIDID||Nhn
ID||MhPW
MU
MUHAHA
MUMU
Lh(.),,IDn,,PW HAMU
14
Authentication and establishment session key phase
4. Improved scheme
MUMUHAL0MU TID,x||x||MIDhn, ,))((.2
FA
MU
S withe signaturCompute
bnumber random Generate
T Check .3
)),,))((((
,,))((.4
FAMUL0MUS
FAFAMUL0MU
CertTx||x||MIDhn,b,hE
CertTT,x||x||MIDhn,b,
FA
)))(((
?)()'(
with))((
'
.5
0MUP
HA
MUMU
0MU
MUHAHA
FAFA
x||x||MIDhhEW Compute
S withe signaturCompute
cnumber random Generate
MIDhM'IDh Check
L x||x||MIDh Decrypt
M'IDIDn)ID||h(N Compute
T and Cert Check
FA
HAHAHAPS TCert,CertWhEc,b,hEW,c, .FAHA
,),)))((((6
)))(((
.7
0MU
FA
x||x||MIDhhh k
key sessionCompute
S withW Decrypt
k0MU xhTCert ))(||(.8
)(with)(
))(||(
.9
00
0MU
xh 'xh Compare
k withxhTCert Decrypt
k Compute
kMU1 ationOtherInfom||TCert||x )(.10
FA HA
L withx||x||MIDh Encrypt
?PW'PW Check
ID||M''PW Compute
M'Enter
0MU
MUMU
MUMU
))((
)(
.1
15
4. Improved scheme Session key update phase
In order to enhance the efficiency, while MU stays with the same FA, the new session key ki can be derived from the unexpired previous secret knowledge xi−1 and a fixed secret x as
MU FA
Session key update
, ( )iMU i MU kTCert x TCert OtherInfomation
1,2,3...nifor x||x||MIDhhh k 1-iMUi )))(((
16
Password change phase
MU FA HA
MUHAL1MU TID,M||M||MIDhn, . ,))((2 FA
MU
S withe signaturCompute
bnumber random Generate
T Check .3
)),,))((((
,,))((.4
FAMUL1MUS
FAFAMUL1MU
CertTM||M||MIDhn,b,hE
CertTT,M||M||MIDhn,b,
FA
HA
Snewnewnew
MU
1MU
1MUHAHAnew
1MUnew
1MUnew
MU
MUMU
MUMU
0MU
MUHAHA
FAFA
S withe signaturCompute
cnumber random Generate
n||L||PWW Compute
MMIDh SCompute
MIDIDIDNhn Compute
NMIDh(hL Compute
MIDhPW Compute
MM'IDID Compute
MIDhM'IDh Check
L x||x||MIDh Decrypt
M'IDIDn)ID||h(N Compute
T and Cert Check
)(
)||||(
)||(
)||)(
)(
'
?)()'(
with))((
'
.5
HAHAHAPS TCert,CertWhEc,b,hEW,c, FAHA
,),)))((((.6
FA
HAHA
S withe signaturCompute
Cert and T Check .7
card smartinto n LPW Store
S withW Decrypt
M)||M||(ID SCompute
Cert and T Check
newnewnewMU
1MU
FAFA
and
.9
、
4. Improved scheme
L withM||M||MIDh Encrypt
Mnumber random new Generate .
1MU
1
))((
1
FAFAFAS CertT,CertWhEW, FA
,),)((.8
17
5. Security Analysis Anonymity
MUHAHA IDIDrID||Nh 1. )(
HAHAMU IDID||NhnMID 2. )(
Attacker
MUMUHAL0MU TID,x||x||MIDhn, ,))((.2
FA
MU
S withe signaturCompute
bnumber random Generate
T Check .3
)),,))((((
,,))((.4
FAMUL0MUS
FAFAMUL0MU
CertTx||x||MIDhn,b,hE
CertTT,x||x||MIDhn,b,
FA
)))(((
?)()'(
with))((
'
.5
0MUP
HA
MUMU
0MU
MUHAHA
FAFA
x||x||MIDhhEW Compute
S withe signaturCompute
cnumber random Generate
MIDhM'IDh Check
L x||x||MIDh Decrypt
M'IDIDn)ID||h(N Compute
T and Cert Check
FA
HAHAHAPS TCert,CertWhEc,b,hEW,c, .FAHA
,),)))((((6
)))(((
.7
0MU
FA
x||x||MIDhhh k
key sessionCompute
S withW Decrypt
k0MU xhTCert ))(||(.8
)(with)(
))(||(
.9
00
0MU
xh 'xh Compare
k withxhTCert Decrypt
k Compute
kMU1 ationOtherInfom||TCert||x )(.10
FA HA
L withx||x||MIDh Encrypt
?PW'PW Check
ID||M''PW Compute
M'Enter
0MU
MUMU
MUMU
))((
)(
.1
18
5. Security Analysis Impersonation Attack
MUMUHAL0MU TID,x||x||MIDhn, ,))((.2
FA
MU
S withe signaturCompute
bnumber random Generate
T Check .3
)),,))((((
,,))((.4
FAMUL0MUS
FAFAMUL0MU
CertTx||x||MIDhn,b,hE
CertTT,x||x||MIDhn,b,
FA
)))(((
?)()'(
with))((
'
.5
0MUP
HA
MUMU
0MU
MUHAHA
FAFA
x||x||MIDhhEW Compute
S withe signaturCompute
cnumber random Generate
MIDhM'IDh Check
L x||x||MIDh Decrypt
M'IDIDn)ID||h(N Compute
T and Cert Check
FA
HAHAHAPS TCert,CertWhEc,b,hEW,c, .FAHA
,),)))((((6
)))(((
.7
0MU
FA
x||x||MIDhhh k
key sessionCompute
S withW Decrypt
k0MU xhTCert ))(||(.8
)(with)(
))(||(
.9
00
0MU
xh 'xh Compare
k withxhTCert Decrypt
k Compute
kMU1 ationOtherInfom||TCert||x )(.10
FA HA
L withx||x||MIDh Encrypt
?PW'PW Check
ID||M''PW Compute
M'Enter
0MU
MUMU
MUMU
))((
)(
.1
19
5. Security Analysis Comparison Table
20
6. Conclusion
In this paper, we propose the secure anonymous auth-entication scheme which not only improves the above mentioned weaknesses in Wu et al.’s scheme, but also provides the extra function of changing password for mobile users.
From our security analysis, we find out that our proposed scheme indeed can improve all of the weaknesses in Wu et al.’s scheme and also achieve our expected efficiency.
21
Many thanks for your listening