A Novel Privacy Preserving Authentication and Access Control Scheme for Pervasive Computing Environments Authors: Kui Ren, Wenjing Lou, Kwangjo Kim, and.

Slides:



Advertisements
Similar presentations
Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.
Advertisements

Anonymity without Sacrificing Performance Enhanced Nymble System with Distributed Architecture CS 858 Project Presentation Omid Ardakanian * Nam Pham *
A hierarchical key management scheme for secure group communications in mobile ad hoc networks Authors: Nen-Chung Wang and Shian-Zhang Fang Sources: The.
Kerberos Assisted Authentication in Mobile Ad-hoc Networks Authors: Asad Amir Pirzada and Chris McDonald Sources: Proceedings of the 27th Australasian.
The Italian Academic Community’s Electronic Voting System Pierluigi Bonetti Lisbon, May 2000.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
Mutual Authentication and Key Exchange Protocol (MAKEP) Reporter: Jung-Wen Lo ( 駱榮問 ) Date: 2008/4/18.
Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.
WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.
Using Internet Information Server And Microsoft ® Internet Explorer To Implement Security On The Intranet HTTP.
Anonymity and Security in Public Internet Forums Ho-fung LEUNG Senior Member, IEEE Dept. of Computer Science & Engineering The Chinese University of Hong.
Efficient Multi-server Password Authenticated Key Agreement Using Smart Cards Computer and Information Security Ming-Hong Shih.
TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.
Security Management.
1 Authentication Protocols Celia Li Computer Science and Engineering York University.
Digital Signature Xiaoyan Guo/ Xiaohang Luo/
Csci5233 Computer Security1 GS: Chapter 6 Using Java Cryptography for Authentication.
OV Copyright © 2011 Element K Content LLC. All rights reserved. System Security  Computer Security Basics  System Security Tools  Authentication.
Chapter 10: Authentication Guide to Computer Network Security.
Cong Wang1, Qian Wang1, Kui Ren1 and Wenjing Lou2
Wireless and Security CSCI 5857: Encoding and Encryption.
1 Anonymous Roaming Authentication Protocol with ID-based Signatures Lih-Chyau Wuu Chi-Hsiang Hung Department of Electronic Engineering National Yunlin.
Guomin Yang et al. IEEE Transactions on Wireless Communication Vol. 6 No. 9 September
An efficient secure distributed anonymous routing protocol for mobile and wireless ad hoc networks Authors: A. Boukerche, K. El-Khatib, L. Xu, L. Korba.
The Cryptographic Sensor FTO Libor Dostálek, Václav Novák.
An Authenticated Payword Scheme without Public Key Cryptosystems Author: Chia-Chi Wu, Chin-Chen Chang, and Iuon-Chang Lin. Source: International Journal.
Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.
Efficient remote mutual authentication and key agreement Improvement of Chien et al. ’ s remote user authentication scheme using smart cards An efficient.
Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.
Network Security7-1 CIS3360: Chapter 8: Cryptography Application of Public Cryptography Cliff Zou Spring 2012 TexPoint fonts used in EMF. Read the TexPoint.
All Rights Reserved © Alcatel-Lucent 2007, ##### 1 | Presentation Title | January 2007 UMB Security Evolution Proposal Abstract: This contribution proposes.
Security (and privacy) Larry Rudolph With help from Srini Devedas, Dwaine Clark.
Enhanced secure anonymous authentication scheme for roaming service in global mobility networks Hyeran Mun, Kyusuk Han, Yan Sun Lee, Chan Yeob Yeun, Hyo.
Authentication of Signaling in VoIP Applications Authors: Srinivasan et al. (MIT Campus of Anna University, India) Source: IJNS review paper Reporter:
Two-tier authentication for cluster and individual sets in mobile ad hoc networks Authors: Yuh-Ren Tsai and Shiuh-Jeng Wang Sources: Computer Networks,
1 Normal executable Infected executable Sequence of program instructions Entry Original program Entry Jump Replication and payload Viruses.
1 Efficient User Authentication and Key Management for Peer-to- Peer Live Streaming Systems Authors: X. Liu, Y. Hao, C. Lin, and C. Du Source: Tsinghua.
Secure and efficient key management in mobile ad hoc networks Authors: Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, and Spyros Magliveras Sources:
Secure Communication between Set-top Box and Smart Card in DTV Broadcasting Authors: T. Jiang, Y. Hou and S. Zheng Source: IEEE Transactions on Consumer.
Key management for wireless sensor networks Sources: ACM Transactions on Sensor Networks, 2(4), pp , Sources: Computer Communications, 30(9),
1 Kerberos – Private Key System Ahmad Ibrahim. History Cerberus, the hound of Hades, (Kerberos in Greek) Developed at MIT in the mid 1980s Available as.
Authentication protocol providing user anonymity and untraceability in wireless mobile communication systems Computer Networks Volume: 44, Issue: 2, February.
1 CMPT 471 Networking II Authentication and Encryption © Janice Regan,
A flexible biometrics remote user authentication scheme Authors: Chu-Hsing Lin and Yi-Yi Lai Sources: Computer Standards & Interfaces, 27(1), pp.19-23,
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Data Integrity Proofs in Cloud Storage Author: Sravan Kumar R and Ashutosh Saxena. Source: The Third International Conference on Communication Systems.
User authentication schemes with pseudonymity for ubiquitous sensor network in NGN Authors: Binod Vaidya, Joel J. Rodrigues and Jong Hyuk Park Source:
Establishing authenticated channels and secure identifiers in ad-hoc networks Authors: B. Sieka and A. D. Kshemkalyani (University of Illinois at Chicago)
Robust and Efficient Password- Authenticated Key Agreement Using Smart Cards Authors: Wen-Shenq Juang, Sian-Teng Chen and Horng-Twu Liaw Src: IEEE Transaction.
Security in mobile ad-hoc networks using soft encryption and trust-based multi-path routing Authors: Prayag Narula, Sanjay Kumar Dhurandher, Sudip Misra,
SPEAKER: HONG-JI WEI DATE: Efficient and Secure Anonymous Authentication Scheme with Roaming Used in Mobile Networks.
A secure anonymous routing protocol with authenticated key exchange for ad hoc networks Authors: R. Lu, Z. Cao, L. Wang, and C. Sun Sources: Computer Standards.
VANETs. Agenda System Model → What is VANETs? → Why VANETs? Threats Proposed Protocol → AOSA → SPCP → PARROTS Evaluation → Entropy → Anonymity Set → Tracking.
Threshold password authentication against guessing attacks in Ad hoc networks Authors: Zhenchuan Chai, Zhenfu Cao, Rongxing Lu Sources: Ad Hoc Networks,
多媒體網路安全實驗室 A Secure Privacy-Preserving Roaming Protocol Based on Hierarchical Identity-Based Encryption for mobile Networks 作者 :Zhiguo Wan,Kui Ren,Bart.
1 Authentication Celia Li Computer Science and Engineering York University.
An Efficient and Practical Authenticated Communication Scheme for Vehicular Ad Hoc Networks Source: IEEE Transactions on Vehicular Technology, Reviewing.
Lightweight Mutual Authentication for IoT and Its Applications
A Dynamic ID-Based Generic Framework for Anonymous Authentication Scheme for Roaming Service in Global Mobility Networks Source: Wireless Personal Communications,
網路環境中通訊安全技術之研究 Secure Communication Schemes in Network Environments
Efficient password authenticated key agreement using smart cards
Secure Electronic Transaction (SET) University of Windsor
An efficient biometric based remote user authentication scheme for secure internet of things environment Source: Journal of Intelligent & Fuzzy Systems.
Privacy Protection for E-Health Systems by
Presentation transcript:

A Novel Privacy Preserving Authentication and Access Control Scheme for Pervasive Computing Environments Authors: Kui Ren, Wenjing Lou, Kwangjo Kim, and Robert Deng Sources: IEEE Transactions on Vehicular Technology, 55(4), pp , July Reporter: Chun-Ta Li ( 李俊達 )

2 22 Outline  Pervasive computing environments (PCE)  Motivations  The proposed scheme  Analysis  Comments

3 Pervasive computing environments  Definition Integrates digital devices (such as computers, handheld devices, sensors and actuators) seamlessly with everyday physical devices (such as electrical appliances and automobiles). Three components [James Kurose and Keith Ross, 2004]  Nomadic computing: wireless-technology  Sensor-based smart spaces: environment-monitoring  Mobile computing data management Sensor network

4 Pervasive computing environments  Service-Oriented Architecture

5 Pervasive computing environments  Sample PCE Authentication Server Router Public Internet Public Internet Gateway Access Point Printer User Fax Scanner Scientific Device

6 Motivations  Providing explicit mutual authentication between mobile user and the service  Allowing mobile user to anonymously interact with the service  Enabling differentiated service access control among different users  Providing flexibility and scalability to both user and service sides  Generating fresh session keys to secure the interaction  Efficiency of communication, computation and management overheads

7 The proposed scheme  Notations

8 The proposed scheme (cont.)  System architecture Mobile User Authentication Server Service Access Point 1. Registration 2. Authorization 3. Access Request 4. Authentication Request 5. Authentication Acknowledgement 6. Access/Reject

9 The proposed scheme (cont.)  User authorization protocol Credential generation Mobile user U (a certificate CertU) Service provider S 1. Generate two nonces: r’ U and r” U 2. Sign her own ID with a nonce r” U  {U, r” U } PriK U 3. Compute the anchor value C 0  h(r” U, U, {U, r” U } PriK U ) Non-repudiation property 4. Compute the credential chain C n  h n (C 0 ), with length n 5. Blind C n as C U  {r’ U } PubK SID * C n

10 The proposed scheme (cont.)  User authorization protocol Credential authorization Mobile user U (a certificate CertU) Service provider S U, C U, CertU, SID authorization request 6. Verify CertU with PubK S 7. Sign C U as C S  {C U } PriK SID = r’ U * {C n } PriK SID CSCS authorization confirmation 8. Compute C S /r’ U  (C n, {C n } PriK SID )

11 The proposed scheme (cont.)  User operational protocol Mobile user U Service provider S Access point P 1. Generate a nonce: r U 2. Send {r U, C n, {C n } PriK SID } PubK S 3. Send {r U, C n, {C n } PriK SID } PubK S secure tunnel 4. Decrypt r U, C n 5. Store C n 6. Send r U, C n secure tunnel 7. Generate a nonce: r P 8. Compute K UP =h(C n, r P, r U, 0). K’ UP =h(C n, r P, r U, 1) 9. Send r P, {r U, P} K UP access acknowledgement access request access acknowledgement

12 The proposed scheme (cont.)  User operational protocol Mobile user U Service provider S Access point P 10. Compute K UP =h(C n, r P, r U, 0), K’ UP = h(C n, r P, r U, 1). 11. Decrypt and verifies r U, C n, P 12. Encrypt X m 0 = {m 0 } K’ UP 13. Compute h K UP (X m 0 ) 14. Send r P, r U, X m 0, h K UP (X m 0 ) 15. Verify X m 0 using K UP 16. Decrypt m 0 using K’ UP … r P, r U, X m i, h K UP (X m i ) authenticated data traffic

13 Analysis

14 Comments  Cryptanalysis of anonymity property Service provider S Step 1: Get U, C U = {r’ U } PubK SID * C n in Credential Authorization phase Step 2: Sign C U as C S  {C U } PriK SID = r’ U * {C n } PriK SID Step 3: Store U, C U, C S = {C U } PriK SID = r’ U * {C n } PriK SID in their own DB Step 4: Get C n, {C n } PriK SID in User Operational phase Step 5: Compute C S / {C n } PriK SID to derive r’ U Step 6: Compute C’ U = {r’ U } PubK SID * C n to verify whether C’ U = C U holds or not. Step 7: If it holds, S confirms that mobile user U accesses the service; otherwise, S continually executes the previous Steps from 4 to 6.

15 Comments (cont.)  Efficiency improvement in user operational phase compared C j with all C j s stored in S’s DB  Time complexity is O(n) if there are n users in DB solution: User i generates a T ID in access request message and sends it to service provider to store the T ID of user i  Time complexity is O(1)

16 Comments (cont.)  Service abuse problem No one can derive the value of C n unless user itself and thus anyone can fabricate an invalid Cn with a valid Cert U to access the service without limits even than a valid user can deny his accesses. Cert U must keep secret for outsiders {U, C U, CertU, SID} PubK S Mobile user U (a certificate CertU) Service provider S

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.