Embed Size (px)
DESCRIPTION
Three-Party Authenticated Key Agreements and Its Applications- PCSs Roaming Protocol. 李添福 (Tian-Fu Lee) 國立成功大學資訊工程博士 Cryptography/ Network security/ Wireless networks communication/ Algorithmic graph theory/ Database and data engineering. Outlines. - PowerPoint PPT Presentation
Citation preview
1
Three-Party Authenticated Key Agreements and Its Applications- PCSs Roaming Protocol
李添福 (Tian-Fu Lee)國立成功大學資訊工程博士
Cryptography/ Network security/ Wireless networks communication/ Algorithmic graph theory/ Dat
abase and data engineering
2
Outlines
Three-Party Authenticated Key Agreements (3PAKA) Applications
Portable Communication Systems (PCSs) Roaming Protocol RFID Protocol E-Payment Protocol Electronic Medical Record Security and Privacy Vehicular Mobile Network
Proposed PCSs Roaming Protocol Delegation-Based Authentication Protocol for PCSs Security discussion Computational comparison & Experimental Results
Conclusions
3
Three-Party Authenticated Key Agreements
An authenticated key agreement protocol is an interactive method for two or more parties to determine session keys based on their secret keys or public/private keys.
AuthenticationAuthentication
Key agreement / key exchangeSK
Secure communication
Trusted server
4
Portable Communication Systems Roaming Protocol
Mobile Station
Visited Network Home NetworkPDA
cellular phone
notebook
5
RFID Protocol
Tag Reader Database Server
6
E-Payment Protocol
BuyerSeller
E-Bank
7
醫療資訊安全 - 電子病歷安全與隱私(Electronic Medical Record Security and Privacy)
IC card
Hospital
政府衛生行政單位電子病歷 Database
健保機關
一般民眾
8
Vehicular Mobile Network
9
Proposed PCSs Roaming Protocol
Delegation-Based Authentication Protocol for PCSs
10
Delegation-Based Authentication Protocol for PCSs
RegistrationOn-line authentication processi-th Off-line authentication process
11
Delegation-Based Authentication Protocol for PCSs
MS VN
HN
Delegation ((x),K)
(x,v=gx)
Public key (v)
Proxy signature
Verify the signature by v
12
On-line authentication process
Sing(msg.),K
VerifyK
MS (,K) VN (KVH; pk:v) HN (,KVH)
KIDMS
SK,h(token)
SK, token
Obtain SK Obtain SK
13
i-th Off-line authentication process
ESKi(tokeni,h(tokeni+1))
Verify tokeni
Keep h(tokeni+1) Compute SKi+1
MS (SKi, tokeni) VN (SKi, h(tokeni)) HN
Compute SKi+1
14
comparison
Previous Scheme: tokeni and tokeni+1 are independent. HN can forge tokeni Have not non-repudiation Charge Problem :
Mobile users deny has used services and refuse to pay. Overcharge mobile users for services that he did not request.
[IEEE Trans. Wireless Commun. 2005] Proposed Scheme:
All tokeni are chained by backward hash-chain and are decided by MS. HN cannot forge tokeni Have non-repudiation Pre-Compute and reduce the computational cost in MS.
[IEEE Trans. Wireless Commun. 2009]
15
i-th Off-line authentication process
ESKi(tokeni)Verify tokeni
Keep tokeni = h(tokeni+1) Compute SKi+1
MS (SKi, tokeni) VN (SKi, h(tokeni)) HN
Compute SKi+1
Pre-compute and store h(1)(n1),
h(2)(n1) (=tokenn),
…, h(n)(n1)(=token2),
h(n+1)(n1)(=token1) token1
16
Security Discussion
GSM MGSM Public-keybased scheme
Lee & Yeh'sScheme
ProposedScheme
Identity privacy No No No Yes Yes
Non-repudiation No No Yes No Yes
Mutual-authen.(MS-VN)
No No Yes Yes Yes
Easy key management
Yes Yes No Yes Yes
Low computational load
Yes Yes No Yes Yes
Good commu. efficiency
Yes Yes No Yes Yes
17
Computational comparison of MS
*: Can be pre-computed in this entry.
hash function secret-key computation(encryption/decryption)
public-key computation(signature/verification)
GSM 2(n+1) 1(n+1) 0
MGSM 1(n+1) 1(n+1) 0
Public-key based scheme 0 0 2n
Lee & Yeh's scheme
On-line 2 1 1Pre.*
Off-line 3n n 0
Proposed scheme On-line (n+1)Pre.*+2 1 1Pre.*
Off-line n n 0
18
Experimental Results
0
0.02
0.04
0.06
0.08
0.1
0.12
0.14
0.16
0.18
0.2
Pre-comp.
on-line off-line1 off-line2 off-line3 off-line4 off-line5
period
time(
ms)
Lee and Yeh's Protocol
Proposed Protocol
19
Experimental Results
84.2
84.22
84.24
84.26
84.28
84.3
84.32
84.34
84.36
84.38
84.4
Pre-comp.
on-line off-line1 off-line2 off-line3 off-line4 off-line5(Total)
period
time(
ms)
Lee and Yeh'sProtocol
Proposed Protocol
20
Conclusions
Three-party authenticated key agreements and its applications
Proposed secure and efficient delegation-based authentication protocol for PCSs
Future researchesVehicular Mobile NetworkElectronic Medical Record Security and Privacy
21
References
Lee, T.-F., Hwang, T. and Lin C.-L. “Enhanced Three-Party Encrypted Key Exchange without Server Public Keys,” Computers & Security, Volume: 23, Issue: 7, pp. 571-577, October, 2004.
Wen, H.-A., Lee, T.-F. and Hwang, T. “A Provably Secure Three-Party Password-based Authenticated Key Exchange Protocol Using Weil Pairing,” IEE Proc. Communications, Vol. 152, No. 2, pp. 138-143, April 2005.
Lee, T.-F., Liu, J.-L., Sung, M.-J., Yang, S.-B. and Chen, C.-M., “Communication-Efficient Three-Party Protocols for Authentication and Key Agreement”, Computers and Mathematics with Applications, Vol. 58, No, 4, pp.641-648, August, 2009.
Lee, T.-F., Chang, C.-C. and Hwang, T. “Private Authentication Techniques for the Global Mobility Network,” Wireless Personal Communications, Vol. 35,Issue: 4, pp. 329-336, December 2005.
Lee, W.-B. and Yeh, C.-K., “A new delegation-based authentication protocol for use in portable communication systems,” IEEE Trans. Wireless Commun., vol. 4, no.1, pp.57-64, January 2005.
Lee, T.-F., Chang, S.-H., Hwang, T. and Chong, S.-K., “Enhanced Delegation-Based Authentication Protocol for PCSs”, IEEE Trans. Wireless Commun., Vol.8, No. 5, pp. 2166-2171, May 2009.
