Transcript 下載/瀏覽

多媒體網路安全實驗室
A novel user identification scheme with
key distribution preserving user
anonymity for distributed computer
networks
Date:2011/10/12
報告人：向峻霈
出處: Chien-Lung Hsu Yu-Hao Chuang
Information Sciences
pp. 422-429 ,2009
多媒體網路安全實驗室
Outline
1
Introduction
2
Related work
3
Proposed scheme
4
5
3
Functionality comparison
Conclusion
2
多媒體網路安全實驗室
Introduction
The distributed computer networks
allow hosts and user terminals
connected into the same network
share information and computing power
3
多媒體網路安全實驗室
Introduction (2/2)
Security problems in the distributed computer
networks
 user identification
 key distribution
 user anonymity
4
多媒體網路安全實驗室
Related work
Review of the Yang et al. and Mangipudi–
Katti schemes
5
多媒體網路安全實驗室
Key generation phase
SCPC sets up the system parameters
 Nj =pj*qj
 selects two integers ej and dj such that
ejdj =1 mod φ(Nj)
 φ(Nj) = (pj-1)(qj-1)
 chooses a generator g in the field ZNj
 a hash function H(m) on a message
 a symmetric-key cryptosystem such as AES
 public parameters =>ej, Nj, gj, and IDj
 secret =>dj,pj,qj
6
多媒體網路安全實驗室
Anonymous user identification and key agreement
phase-(Yang et al. scheme)
Client
Service request
Server
Z = gk ‧ Sj-1 mod N
M2 =(Z)
a = Ze ‧ IDj mod N
Kij = at mod N
w =get mod N
x = gt ‧ SiH(w,T)
y = Eki|(IDi)
M3 = (w,x,y,T)
Ki| = wk mod N
Dkij(y) -> IDi 檢查ID表是否存在
w IDiH(w,T) mod N = xe mod N
7
Accepts this login request
多媒體網路安全實驗室
Anonymous user identification and key agreement
phase-(SIKA)
Client
Service request
Server
Sj = IDjd
mod N
Z = gk ‧ Sj-1 mod N
u = gjv v = H(Z,T,IDj)dj
M2 =(Z,T,u)
u = H(Z,T,IDj)
uej mod Nj
=
gju mod Nj
a = Ze ‧ IDj mod N
Kij = at mod N
w =get mod N
x = gt ‧ SiH(w,T’)
y = Eki|(IDi)
M3 = (x,y,p,T’)
Kij = wk mod N
Dki|(y) -> IDi 檢查ID表是否存在
w IDiH(w,T’) mod N = xe mod N
8
Accepts this login request
多媒體網路安全實驗室
Anonymous user identification and key agreement
phase
Client
Service request
Sj = IDjd
mod N
Z = gk ‧ Sj mod N
M2 =(Z)
a = Ze ‧ ID-1j mod N
Kij = at mod N
w =get mod N
x = Sjh(Kij||Z||w||T) mod N
y = Ekij(IDi)
D’i = h(Kij || T’ || Z || IDi || IDj)
Server
M3 = (w,x,y,T)
M4=(Di,T’)
D’i = Di
9
Kij = wk mod N
Dkij(y) -> IDi
IDih(Kij||Z||w||T) mod N = xe mod N
Di = h(Kij || T’ || Z || IDi || IDj)
多媒體網路安全實驗室
Security analysis
Security of the private keys
Security of the session keys
Security of user identification
Security of user anonymity
Prevention of a DoS attack
10
多媒體網路安全實驗室
Anonymous user identification and key agreement
phase
Client
Service request
Sj = IDjd
mod N
Z = gk ‧ Sj-1 mod N
M2 =(Z)
a = Ze ‧ ID-1j mod N
Kij = at mod N
w =get mod N
x = Sjh(Kij||Z||w||T) mod N
y = Ekij(IDi)
D’i = h(Kij || T’ || Z || IDi || IDj)
Server
M3 = (w,x,y,T)
M4=(Di,T’)
Kij = wk mod N
Dkij(y) -> IDi
IDih(Kij||Z||w||T) mod N = xe mod N
Di = h(Kij || T’ || Z || IDi || IDj)
D’i = Di
Security of the private keys
11
多媒體網路安全實驗室
Anonymous user identification and key agreement
phase
Client
Service request
Sj = IDjd
mod N
Z = gk ‧ Sj-1 mod N
M2 =(Z)
a = Ze ‧ ID-1j mod N
Kij = at mod N
w =get mod N
x = Sjh(Kij||Z||w||T) mod N
y = Ekij(IDi)
D’i = h(Kij || T’ || Z || IDi || IDj)
Server
M3 = (w,x,y,T)
M4=(Di,T’)
Kij = wk mod N
Dkij(y) -> IDi
IDih(Kij||Z||w||T) mod N = xe mod N
Di = h(Kij || T’ || Z || IDi || IDj)
D’i = Di
Security of the session keys
12
多媒體網路安全實驗室
Anonymous user identification and key agreement
phase
Client
Service request
Sj = IDjd
mod N
Z = gk ‧ Sj-1 mod N
M2 =(Z)
a = Ze ‧ ID-1j mod N
Kij = at mod N
w =get mod N
x = Sjh(Kij||Z||w||T) mod N
y = Ekij(IDi)
D’i = h(Kij || T’ || Z || IDi || IDj)
Server
M3 = (w,x,y,T)
M4=(Di,T’)
Kij = wk mod N
Dkij(y) -> IDi
IDih(Kij||Z||w||T) mod N = xe mod N
Di = h(Kij || T’ || Z || IDi || IDj)
D’i = Di
Security of user identification
13
多媒體網路安全實驗室
Anonymous user identification and key agreement
phase
Client
Service request
Sj = IDjd
mod N
Z = gk ‧ Sj-1 mod N
M2 =(Z)
a = Ze ‧ ID-1j mod N
Kij = at mod N
w =get mod N
x = Sjh(Kij||Z||w||T) mod N
y = Ekij(IDi)
D’i = h(Kij || T’ || Z || IDi || IDj)
D’i = Di
Server
M3 = (w,x,y,T)
M4=(Di,T’)
Kij = wk mod N
Dkij(y) -> IDi
IDih(Kij||Z||w||T) mod N = xe mod N
Di = h(Kij || T’ || Z || IDi || IDj)
//the adversary will face the problems of solving the DLP
Security of user annymity
14
多媒體網路安全實驗室
Anonymous user identification and key agreement
phase
Client
Service request
Sj = IDjd
mod N
Z = gk ‧ Sj-1 mod N
M2 =(Z)
a = Ze ‧ ID-1j mod N
Kij = at mod N
w =get mod N
x = Sjh(Kij||Z||w||T) mod N
y = Ekij(IDi)
D’i = h(Kij || T’ || Z || IDi || IDj)
Server
//Z,T,IDj
M3 = (w,x,y,T)
M4=(Di,T’)
Kij = wk mod N
Dkij(y) -> IDi
IDih(Kij||Z||w||T) mod N = xe mod N
Di = h(Kij || T’ || Z || IDi || IDj)
D’i = Di
Prevention of a DoS attack
15
多媒體網路安全實驗室
Functionality comparison
 Th : the time for executing a one-way hash function
 Tinv : the time for executing a modular inverse
computation
 Tmul : the time for executing a modular multiplication
computation
 Texp : the time for executing a modular exponentiation
computation
 Tenc : the time for executing a symmetric-key encryption
 Tdec : the time for executing a symmetric-key decryption
 |x| : the bit length of x
16
Communi
cation
costs
Ui
Pj
The Lee -Chang
4|N| + |T|
Th + 5Tmul + 5Texp
Th + Tinv + 2Tmul + 4Texp
1999
The Wu–Hsu
3|N| + |T|
Th + Tinv + 3Tmul + 4Texp
Th + Tinv + 2Tmul + 4Texp
2004
The Yang et al.
3|N| + |T|
+ |IDi|
Tenc + Th + 3Tmul + 5Texp
Tdec + Th + Tinv + 2Tmul +
4Texp
2004
The Mangipudi–
Katti
4|N| + 2|T|
+ |IDi|
Tenc + 2Th + 3Tmul + 7Texp
Tdec + 2Th + Tinv + 3Tmul +
5Texp
2006
The proposed
3|N| + |T|
+ |IDi|
Tenc + Th + Tinv + 2Tmul +
4Texp
Tdec + Th + Tmul + 4Texp
2009
The proposed
scheme against a
DoS attacka
4|N| + 2|T|
+ |IDi|
Tenc + 2Th + Tinv + 2Tmul +
6Texp
Tdec + 2Th + 2Tmul + 5Texp
2009
Computational complexities
多媒體網路安全實驗室
年份
17
多媒體網路安全實驗室
Functionality comparison










C1 : Prevention of a replay attack.
C2 : Prevention of a compromising attack ?
C3 : Prevention of an identity disclosure attack
C4 : Prevention of an impersonation attack
C5 : Prevention of a compromising attack ?
C6 : Prevention of a DoS attack
C7 : Mutual authentication
C8 : Session key establishment
C9 : Session key confirmation from the user to the service provider
C10 : Session key confirmation from the service provider to the user
18
多媒體網路安全實驗室
Functionality comparison
The
Lee-Chang
scheme
The
Wu–Hsu
scheme
Yang et
al.’s
scheme
The
Mangipudi
–Katti
scheme
The
proposed
scheme
C1
O
O
O
O
O
C2
O
X
O
O
O
C3
X
X
X
X
O
C4
X
X
O
O
O
C5
O
X
O
O
O
C6
X
X
X
O
O
C7
X
X
X
O
O
C8
O
O
O
O
O
C9
X
X
O
O
O
C10
X
X
X
X
O
19
多媒體網路安全實驗室
Conclusion
Yang et al.’s scheme suffers from identity
disclosure attack and DoS attack.
The proposed scheme can withstand the
possible attacks and achieve mutual
authentication.
20
多媒體網路安全實驗室