Presentation is loading. Please wait.

Presentation is loading. Please wait.

多媒體網路安全實驗室 A novel user identification scheme with key distribution preserving user anonymity for distributed computer networks Date:2011/10/12 報告人:向峻霈.

Similar presentations


Presentation on theme: "多媒體網路安全實驗室 A novel user identification scheme with key distribution preserving user anonymity for distributed computer networks Date:2011/10/12 報告人:向峻霈."— Presentation transcript:

1 多媒體網路安全實驗室 A novel user identification scheme with key distribution preserving user anonymity for distributed computer networks Date:2011/10/12 報告人:向峻霈 出處 : Chien-Lung Hsu Yu-Hao Chuang Information Sciences pp. 422-429,2009

2 多媒體網路安全實驗室 Outline Introduction 1 Related work 2 Proposed scheme 33 Functionality comparison 44 Conclusion 35 2

3 多媒體網路安全實驗室 Introduction  The distributed computer networks  allow hosts and user terminals connected into the same network  share information and computing power 3

4 多媒體網路安全實驗室 4 Introduction (2/2)  Security problems in the distributed computer networks  user identification  key distribution  user anonymity

5 多媒體網路安全實驗室 Related work  Review of the Yang et al. and Mangipudi– Katti schemes 5

6 多媒體網路安全實驗室 Key generation phase  SCPC sets up the system parameters  N j =p j *q j  selects two integers e j and d j such that e j d j =1 mod φ(N j )  φ(N j ) = (p j -1)(q j -1)  chooses a generator g in the field Z N j  a hash function H(m) on a message  a symmetric-key cryptosystem such as AES  public parameters=>e j, N j, g j, and ID j  secret =>d j,p j,q j 6

7 多媒體網路安全實驗室 Anonymous user identification and key agreement phase-(Yang et al. scheme) 7 ClientServer Service request Z = g k ‧ S j -1 mod N M2 =(Z) a = Z e ‧ ID j mod N K ij = a t mod N w =g et mod N x = g t ‧ S i H(w,T) y = E k i| (ID i ) M3 = (w,x,y,T) K i| = w k mod N D k ij (y) -> ID i 檢查 ID 表是否存在 w ID i H(w,T) mod N = x e mod N Accepts this login request

8 多媒體網路安全實驗室 Anonymous user identification and key agreement phase-(SIKA) 8 ClientServer Service request S j = ID j d mod N Z = g k ‧ S j -1 mod N u = g j v v = H(Z,T,ID j )d j M2 =(Z,T,u) u = H(Z,T,ID j ) u e j mod N j = g j u mod N j a = Z e ‧ ID j mod N K ij = a t mod N w =g et mod N x = g t ‧ S i H(w,T’) y = E ki| (ID i ) M3 = (x,y,p,T’) K ij = w k mod N D ki| (y) -> ID i 檢查 ID 表是否存在 w ID i H(w,T’) mod N = x e mod N Accepts this login request

9 多媒體網路安全實驗室 Anonymous user identification and key agreement phase 9 ClientServer Service request S j = ID j d mod N Z = g k ‧ S j mod N M2 =(Z) a = Z e ‧ ID -1 j mod N K ij = a t mod N w =g et mod N x = S j h(K ij ||Z||w||T) mod N y = E kij (ID i ) M3 = (w,x,y,T) K ij = w k mod N D kij (y) -> ID i ID i h(K ij ||Z||w||T) mod N = x e mod N D i = h(K ij || T’ || Z || ID i || ID j ) D’ i = h(K ij || T’ || Z || ID i || ID j ) D’ i = D i M4=(D i,T’)

10 多媒體網路安全實驗室 Security analysis  Security of the private keys  Security of the session keys  Security of user identification  Security of user anonymity  Prevention of a DoS attack 10

11 多媒體網路安全實驗室 Anonymous user identification and key agreement phase 11 ClientServer Service request S j = ID j d mod N Z = g k ‧ S j -1 mod N M2 =(Z) a = Z e ‧ ID -1 j mod N K ij = a t mod N w =g et mod N x = S j h(K ij ||Z||w||T) mod N y = E kij (ID i ) M3 = (w,x,y,T) K ij = w k mod N D kij (y) -> ID i ID i h(K ij ||Z||w||T) mod N = x e mod N D i = h(K ij || T’ || Z || ID i || ID j ) D’ i = h(K ij || T’ || Z || ID i || ID j ) D’ i = D i M4=(D i,T’) Security of the private keys

12 多媒體網路安全實驗室 Anonymous user identification and key agreement phase 12 ClientServer Service request S j = ID j d mod N Z = g k ‧ S j -1 mod N M2 =(Z) a = Z e ‧ ID -1 j mod N K ij = a t mod N w =g et mod N x = S j h(K ij ||Z||w||T) mod N y = E kij (ID i ) M3 = (w,x,y,T) K ij = w k mod N D kij (y) -> ID i ID i h(K ij ||Z||w||T) mod N = x e mod N D i = h(K ij || T’ || Z || ID i || ID j ) D’ i = h(K ij || T’ || Z || ID i || ID j ) D’ i = D i M4=(D i,T’) Security of the session keys

13 多媒體網路安全實驗室 Anonymous user identification and key agreement phase 13 ClientServer Service request S j = ID j d mod N Z = g k ‧ S j -1 mod N M2 =(Z) a = Z e ‧ ID -1 j mod N K ij = a t mod N w =g et mod N x = S j h(K ij ||Z||w||T) mod N y = E kij (ID i ) M3 = (w,x,y,T) K ij = w k mod N D kij (y) -> ID i ID i h(K ij ||Z||w||T) mod N = x e mod N D i = h(K ij || T’ || Z || ID i || ID j ) D’ i = h(K ij || T’ || Z || ID i || ID j ) D’ i = D i M4=(D i,T’) Security of user identification

14 多媒體網路安全實驗室 Anonymous user identification and key agreement phase 14 ClientServer Service request S j = ID j d mod N Z = g k ‧ S j -1 mod N M2 =(Z) a = Z e ‧ ID -1 j mod N K ij = a t mod N w =g et mod N x = S j h(K ij ||Z||w||T) mod N y = E kij (ID i ) M3 = (w,x,y,T) K ij = w k mod N D kij (y) -> ID i ID i h(K ij ||Z||w||T) mod N = x e mod N D i = h(K ij || T’ || Z || ID i || ID j ) D’ i = h(K ij || T’ || Z || ID i || ID j ) D’ i = D i M4=(D i,T’) Security of user annymity //the adversary will face the problems of solving the DLP

15 多媒體網路安全實驗室 Anonymous user identification and key agreement phase 15 ClientServer Service request S j = ID j d mod N Z = g k ‧ S j -1 mod N M2 =(Z) a = Z e ‧ ID -1 j mod N K ij = a t mod N w =g et mod N x = S j h(K ij ||Z||w||T) mod N y = E kij (ID i ) M3 = (w,x,y,T) K ij = w k mod N D kij (y) -> ID i ID i h(K ij ||Z||w||T) mod N = x e mod N D i = h(K ij || T’ || Z || ID i || ID j ) D’ i = h(K ij || T’ || Z || ID i || ID j ) D’ i = D i M4=(D i,T’) Prevention of a DoS attack //Z,T,ID j

16 多媒體網路安全實驗室 Functionality comparison  T h : the time for executing a one-way hash function  T inv : the time for executing a modular inverse computation  T mul : the time for executing a modular multiplication computation  T exp : the time for executing a modular exponentiation computation  T enc : the time for executing a symmetric-key encryption  T dec : the time for executing a symmetric-key decryption  |x| : the bit length of x 16

17 多媒體網路安全實驗室 Communi cation costs Computational complexities 年份 UiPj The Lee -Chang4|N| + |T|T h + 5T mul + 5T exp T h + T inv + 2T mul + 4T exp 1999 The Wu–Hsu3|N| + |T|T h + T inv + 3T mul + 4T exp T h + T inv + 2T mul + 4T exp 2004 The Yang et al. 3|N| + |T| + |IDi| T enc + T h + 3T mul + 5T exp T dec + T h + T inv + 2T mul + 4T exp 2004 The Mangipudi– Katti 4|N| + 2|T| + |IDi| T enc + 2T h + 3T mul + 7T exp T dec + 2T h + T inv + 3T mul + 5T exp 2006 The proposed 3|N| + |T| + |IDi| T enc + T h + T inv + 2T mul + 4T exp T dec + T h + T mul + 4T exp 2009 The proposed scheme against a DoS attacka 4|N| + 2|T| + |IDi| T enc + 2T h + T inv + 2T mul + 6T exp T dec + 2T h + 2T mul + 5T exp 2009 17

18 多媒體網路安全實驗室 Functionality comparison  C1 : Prevention of a replay attack.  C2 : Prevention of a compromising attack ?  C3 : Prevention of an identity disclosure attack  C4 : Prevention of an impersonation attack  C5 : Prevention of a compromising attack ?  C6 : Prevention of a DoS attack  C7 : Mutual authentication  C8 : Session key establishment  C9 : Session key confirmation from the user to the service provider  C10 : Session key confirmation from the service provider to the user 18

19 多媒體網路安全實驗室 Functionality comparison The Lee-Chang scheme The Wu–Hsu scheme Yang et al.’s scheme The Mangipudi –Katti scheme The proposed scheme C1OOOOO C2OXOOO C3XXXXO C4XXOOO C5OXOOO C6XXXOO C7XXXOO C8OOOOO C9XXOOO C10XXXXO 19

20 多媒體網路安全實驗室 Conclusion  Yang et al.’s scheme suffers from identity disclosure attack and DoS attack.  The proposed scheme can withstand the possible attacks and achieve mutual authentication. 20

21 多媒體網路安全實驗室


Download ppt "多媒體網路安全實驗室 A novel user identification scheme with key distribution preserving user anonymity for distributed computer networks Date:2011/10/12 報告人:向峻霈."

Similar presentations


Ads by Google