Mutual Authentication and Key Exchange Protocol (MAKEP) Reporter: Jung-Wen Lo ( 駱榮問 ) Date: 2008/4/18.

Slides:



Advertisements
Similar presentations
Kerberos Assisted Authentication in Mobile Ad-hoc Networks Authors: Asad Amir Pirzada and Chris McDonald Sources: Proceedings of the 27th Australasian.
Advertisements

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Cryptography and Network Security
Secure Socket Layer.
SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.
Cryptography and Network Security Chapter 17
1 Three-Party Encrypted Key Exchange Without Server Public-Keys C. L. Lin, H. M. Sun, M. Steiner, and T. Hwang IEEE COMMUNICATIONS LETTER, VOL. 5, NO.12,
An Efficient and Anonymous Buyer- Seller Watermarking Protocol C. L. Lei, P. L. Yu, P. L. Tsai and M. H. Chan, IEEE Transactions on Image Processing, VOL.
0 SSL3.0 / TLS1.0 Secure Communication over Insecure Line.
IEEE Wireless Local Area Networks (WLAN’s).
Efficient Multi-server Password Authenticated Key Agreement Using Smart Cards Computer and Information Security Ming-Hong Shih.
Chapter 8 Web Security.
1 Authentication Protocols Celia Li Computer Science and Engineering York University.
Computer Science Public Key Management Lecture 5.
Announcement Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed. 1.
How HTTPS Works J. David Giese. Hyper Text Transfer Protocol BrowserHTTP Server GET / HTTP/1.1 HOST: edge-effect.github.io HEADERS BODY HTTP/ OK.
Computer Networks NYUS FCSIT Spring 2008 Milos STOLIC, Bs.C. Teaching Assistant
Network Security. An Introduction to Cryptography The encryption model (for a symmetric-key cipher).
Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),
多媒體網路安全實驗室 A novel user identification scheme with key distribution preserving user anonymity for distributed computer networks Date:2011/10/05 報告人:向峻霈.
1 Anonymous Roaming Authentication Protocol with ID-based Signatures Lih-Chyau Wuu Chi-Hsiang Hung Department of Electronic Engineering National Yunlin.
Guomin Yang et al. IEEE Transactions on Wireless Communication Vol. 6 No. 9 September
SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.
1 Authentication and Digital Signature Schemes and Their Applications to E-commerce ( 身份認證與數位簽章技術及其在電子商務上的應用 ) Advisor: Chin-Chen Chang 1, 2 Student: Ya-Fen.
Introduction to Secure Sockets Layer (SSL) Protocol Based on:
©The McGraw-Hill Companies, Inc., 2000© Adapted for use at JMU by Mohamed Aboutabl, 2003Mohamed Aboutabl1 1 Chapter 29 Internet Security.
多媒體網路安全實驗室 A novel user authentication and privacy preserving scheme with smartcards for wireless communications 作者 :Chun-Ta Li,Cgeng-Chi Lee 出處 :Mathematical.
Shambhu Upadhyaya Security –Upper Layer Authentication Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 10)
Cryptography and Network Security (CS435) Part Fourteen (Web Security)
Web Security : Secure Socket Layer Secure Electronic Transaction.
An ID-Based Mutual Authentication and Key Exchange Protocol for Low- Power Mobile Devices Authors: Tsu-Yang Wu and Yuh-Min Tseng Source: The Computer Journal.
Secure Authentication Scheme with Anonymity for Wireless Communications Speaker : Hong-Ji Wei Date :
A Secure Identification and Key Agreement Protocol with User Anonymity (SIKA) Authors: Kumar Mangipudi and Rajendra Katti Source: Computers & Security,
Authentication of Signaling in VoIP Applications Authors: Srinivasan et al. (MIT Campus of Anna University, India) Source: IJNS review paper Reporter:
CS 4244: Internet Programming Security 1.0. Introduction Client identification and cookies Basic Authentication Digest Authentication Secure HTTP.
Secure and efficient key management in mobile ad hoc networks Authors: Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, and Spyros Magliveras Sources:
Secure Communication between Set-top Box and Smart Card in DTV Broadcasting Authors: T. Jiang, Y. Hou and S. Zheng Source: IEEE Transactions on Consumer.
Authentication protocol providing user anonymity and untraceability in wireless mobile communication systems Computer Networks Volume: 44, Issue: 2, February.
Wireless Authentication Using Remote Passwords Authors: Andrew Harding, Timothy W. van der Horst, and Kent E. Seamons Source: Proceedings of the first.
Security Standards. IEEE IEEE 802 committee for LAN standards IEEE formed in 1990’s – charter to develop a protocol & transmission specifications.
User authentication schemes with pseudonymity for ubiquitous sensor network in NGN Authors: Binod Vaidya, Joel J. Rodrigues and Jong Hyuk Park Source:
Secure Messenger Protocol using AES (Rijndael) Sang won, Lee
Web Security Web now widely used by business, government, individuals but Internet & Web are vulnerable have a variety of threats – integrity – confidentiality.
Password-based user authentication and key distribution protocols for client-server applications Authors: Her-Tyan Yeh and Hung-Min Sun Sources: The Journal.
Robust and Efficient Password- Authenticated Key Agreement Using Smart Cards Authors: Wen-Shenq Juang, Sian-Teng Chen and Horng-Twu Liaw Src: IEEE Transaction.
RSA-based password authenticated key exchange protocol Presenter: Jung-wen Lo( 駱榮問 )
A Novel Privacy Preserving Authentication and Access Control Scheme for Pervasive Computing Environments Authors: Kui Ren, Wenjing Lou, Kwangjo Kim, and.
Efficient Pairwise Key Establishment Scheme Based on Random Pre-Distribution Keys in Wireless Sensor Networks Source: Lecture Notes in Computer Science,
SPEAKER: HONG-JI WEI DATE: Efficient and Secure Anonymous Authentication Scheme with Roaming Used in Mobile Networks.
多媒體網路安全實驗室 An ID-based client authentication with key agreement protocol for mobile client–server environment on ECC with provable security Date:2012/02/16.
This courseware is copyrighted © 2016 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.
- Richard Bhuleskar “At the end of the day, the goals are simple: safety and security” – Jodi Rell.
Non-PKI Methods for Public Key Distribution
網路環境中通訊安全技術之研究 Secure Communication Schemes in Network Environments
A secure and traceable E-DRM system based on mobile device
SAKAWP: Simple Authenticated Key Agreement Protocol Based on Weil Pairing Authors: Eun-Jun Yoon and Kee-Young Yoo Src: International Conference on Convergence.
Originally by Yu Yang and Lilly Wang Modified by T. A. Yang
The Secure Sockets Layer (SSL) Protocol
Authors:Debiao He, Sherali Zeadally, Neeraj Kumar and Wei Wu
Date:2011/09/28 報告人:向峻霈 出處: Ren-Chiun Wang  Wen-Shenq Juang 
Transport Layer Security (TLS)
Source:IEEE Communications Letters, Vol 7, No 5, 2003, pp 248–250.
Privacy Protection for E-Health Systems by
Presentation transcript:

Mutual Authentication and Key Exchange Protocol (MAKEP) Reporter: Jung-Wen Lo ( 駱榮問 ) Date: 2008/4/18

2 Outline Introduction ES-MAKEP: Efficient & Secure MAKEP Fuw-Yi Yang and Jinn-Ke Jan (2004) ES-MAKEP-Forward Secret Attack F-MAKEP He Yijun, Xu Nan and Li Jie (2007) Comment

3 Introduction MAKEP: Mutual authentication and key exchange protocol L-MAKEP: Linear MAKEP Author: D. S. Wong and A. H. Chan Title: Mutual authentication and key exchange for low power wireless communications Src: Military Communications Conference, MILCOM Communications for Network-Centric Operations: Creating the Information Force, IEEE, Vol. 1, 2001, pp IL-MAKEP: Improved L-MAKEP Author: K. Shim Title: Cryptanalysis of mutual authentication and key exchange for low-power wireless communications Src: IEEE Communications Letters, Vol. 7, No. 5, pp , I-MAKEP Authors: Jinn-Ke Jan and Yi-Hwa Chen Title: A new efficient MAKEP for wireless communications Src: In Proceedings of the 18 th International Conference on Advanced Information Networking and Application (AINA’04), IEEE, Volume 2, pp , 2004 ES-MAKEP: Efficient & Secure MAKEP Authors: Fuw-Yi Yang and Jinn-Ke Jan Title: A Secure and Efficient Key Exchange Protocol for Mobile Communications Src: Cryptology ePrint Archive 2004/167, July 2004, F-MAKEP: Perfect forward secrecy Improved ES-MAKEP

A Secure and Efficient Key Exchange Protocol for Mobile Communications Authors: Fuw-Yi Yang and Jinn-Ke Jan Src: Cryptology ePrint Archive 2004/167, July 2004,

5 Notation ε pk (): an asymmetric encryption function δ SK (): an asymmetric decryption function E K () : a symmetric encryption function D K (): a symmetric decryption function SK S : a private key of server S PK S : a public key of server S ID U : the identification of a client entity U ID S : the identification of a server S p, q: a private key pair of U g,n: a public key pair of U x || y: string x concatenates string y |n|: bit length of n r UK, r UF, r UR :three random numbers selected by U r SK : a random number selected by S r ∈ R G : r is a random number selected from the set G l: the length of session keys

6 ES-MAKEP User U Server S r UK,r UR,r UF C1 r UK =ε PK S (r UK ) CMT=g r UF ||r UF mod n M1={C1 r UK,CMT,ID U } r UK = δ SK S (C1 r UK ) Random r sk σ SU =r SK  r UK C2 r UK =E σ SU (r UK ) M2={r SK,C2 r UK } σ US =r UK  r SK r’ UK =D σ US (C2 r UK ) =D σ US (E σ SU (r UK )) r’ UK ?= r UK S F =h(r UK,r SK,ID U,ID S ) C3=E σ SU (ID U ) S R =2 |n| (r UF -S F )+r UR mod λ(n) ※ n=pq ;λ(n)=lcm(p-1, q-1) M3={C3,S R } S F =h(r UK,r SK,ID U,ID S ) CMT’=g S F ||S R mod n CMT’?=CMT (PK S,SK S )

A Secure Key Exchange and Mutual Authentication Protocol for Wireless Mobile Communications Authors: He Yijun, Xu Nan and Li Jie Src: The Second International Conference on Availability, Reliability and Security, ARES 2007, April 2007 pp. 558 – 563

8 ES-MAKEP -Forward Secret Attack User U Server S r UK,r UR,r UF C1 r UK =ε PK S (r UK ) CMT=g r UF ||r UF mod n M1={C1 r UK,CMT,ID U } r UK = δ SK S (C1 r UK ) Random r sk σ SU =r SK  r UK C2 r UK =E σ SU (r UK ) M2={r SK,C2 r UK } σ US =r UK  r SK r’ UK =D σ US (C2 r UK ) =D σ US (E σ SU (r UK )) r’ UK ?= r UK S F =h(r UK,r SK,ID U,ID S ) C3=E σ SU (ID U ) S R =2 |n| (r UF -S F )+r UR mod λ(n) M3={C3,S R } S F =h(r UK,r SK,ID U,ID S ) CMT’=g S F ||S R mod n CMT’?=CMT Attacker Conceal SK S (PK S,SK S )

9 F-MAKEP User U Server S r UK,r UR,r UF C1 r UK =ε PK S (g r UK ) CMT=g r UF ||r UF mod n M1={C1 r UK,CMT,ID U } r UK = δ SK S (C1 r UK ) Random r sk σ SU =g r SK  r UK C2 r UK =E σ SU (r UK ) M2={r SK,C2 r UK } σ SU =g r SK  r UK r’ UK =D σ US (C2 r UK ) =D σ US (E σ SU (r UK )) r’ UK ?= r UK S F =h(r UK,r SK,ID U,ID S ) C3=E σ SU (ID U ) S R =2 |n| (r UF -S F )+r UR mod λ(n) ※ n=pq ;λ(n)=lcm(p-1, q-1) M3={C3,S R } S F =h(r UK,r SK,ID U,ID S ) CMT’=g S F ||S R mod n CMT’?=CMT (PK S,SK S )

10 Comment Conceal secret key is difficult ES-MAKEP & F-MAKEP: PKI system => Inefficient => Not suitable for wireless devices

11 DoS-Resistance Protocol Y ⊕ H(pw j ),σ ⊕ H(pw i ) Server A (pw1,pw2) Client B (pw1,pw2) 3. r A Y= r A ⊕ r B σ=H(r A,r B,ID A,ID B ) 2. Try pw i 5. H(σ’) ID A,ID B,X, H(ID A,ID B,X) 1. r B X=pw i ⊕ r B 4. r’ A =Y ⊕ r B σ’=H(r’ A,r B,ID A,ID B ) H(σ’) ?= H(σ) 4. H(σ’) ?= H(σ)

12 PK-based MAKEP

13 Server-specific MAKEP

14 Linear MAKEP

15 Unknown key-share attack on L- MAKEP(?) y’=cy σ’ =r A  y’ E σ’ (x)

16 IL-MAKEP E σ (x,ID A,ID B )

A new efficient MAKEP for wireless communications Authors: Jinn-Ke Jan and Yi-Hwa Chen Src: In Proceedings of the 18th International Conference on Advanced Information Networking and Application (AINA’04), IEEE, Volume 2, pp , 2004

18 I-MAKEP User U Server S ID,Y v = y e +ID mod N Random r s u,t,s Random w,k u=g w mod N t=E PK S (k) s=w+x  H(rs||t||u) σ=k  s H(k’) Register Phase x v=g -x mod N ID,v y=(v-ID) d mod N Session Key Generation Phase rsrs g s  v H(r s ||t||u) ?≡u mod N k’=D(t) σ=k’  s H(k’)?=H(k)

19 ES-MAKEP Performance- Client’s Computations

20 Remark for Table 1

21 ES-MAKEP Performance- Server’s Computations

22 Remark for Table 2

23 ES-MAKEP Performance- Message Sizes

24 WTLS The security of WAP Operate over the transport layer Provide privacy, data integrity & authentication Two layer protocol Lower layer: Record protocol encrypt/decrypts data Upper layer protocol (4 sub-protocols) 1. Handshake Protocol  Establish/resume the secure connection between WAP client and WAP gateway. 2. Alert Protocol  Send urgent data or signals. 3. Change Cipher Protocol  Exchange keys on the fly to guarantee the security dynamically. 4. Application Protocol  Send data from application to Record Protocol and deliver the received data from Record Protocol to applications.

25 WTLS Handshake Notation V: version of WTLS SID: session ID SecNeg E : key exchange suit, cipher suit, key fresh, etc of entity E K P : pre_master_secret K m : master_secret h: one-way hush function f: a function to compute master_secret with KP Cert E : Certificate of E X E : private key of E P E : public key of E

26 WTLS based on F-MAKEP