Presentation is loading. Please wait.

Presentation is loading. Please wait.

網路環境中通訊安全技術之研究 Secure Communication Schemes in Network Environments

Similar presentations


Presentation on theme: "網路環境中通訊安全技術之研究 Secure Communication Schemes in Network Environments"— Presentation transcript:

1 網路環境中通訊安全技術之研究 Secure Communication Schemes in Network Environments
博士論文 指導教授:張真誠 博士 (Dr. Chin-Chen Chang) 研究生:李佳穎 (Chia-Yin Lee) Department of Computer Science and Information Engineering National Chung Cheng University, Chia-Yi, Taiwan

2 Outline Introduction A Mutual Authenticated Key Agreement Scheme
A Dynamic ID-based User Authentication Scheme Using Smart Cards A Secure Single Sign-on Mechanism for Distributed Computer Networks An Enhanced Authentication Scheme with Anonymity for Roaming Service in GLOMONET A Secure Protocol for Mobile Devices Conclusions and Future Works

3 Introduction (1/2) Property of network environments convenient
efficient cannot communicate face to face insecure Secure communications user authentication data confidentiality

4 Introduction (2/2) Authentication user authentication protocols
mutual authentication protocols Confidentiality encryption session key establishment protocols

5 Mutual Authenticated Key Agreement (1/6)
Login into the server over insecure networks:

6 Mutual Authenticated Key Agreement (2/6)
Drawbacks of conventional user authentication schemes suffer from possible attacks, (e.g., forgery attacks) require high computational costs to provide high security (e.g., modular exponentiation) extra time-synchronized mechanisms are needed (using timestamp) do not establish a one-time session key

7 Mutual Authenticated Key Agreement (3/6)
A secure authenticated key agreement protocol: direct authentication no timestamps perfect forward secrecy

8 Mutual Authenticated Key Agreement (4/6)
Initialization phase: (Secure Channel) Ui Server

9 Mutual Authenticated Key Agreement (5/6)
Authentication phase:

10 Mutual Authenticated Key Agreement (6/6)
Comparison: Security properties Ours Lee et al.’s 2005 [62] Chien et al.’s 2004 [24] Sun’s 2000 [87] Lamport’s 1981 [55] No password table Yes No Withstanding the replay attack Withstanding the parallel session attack Mutual authentication Passwords chosen by the users freely Not requiring time synchronization One-time session key establishment

11 A Dynamic ID-based User Authentication Scheme Using Smart Cards (1/5)
Conventional authentication schemes the log-in identity (ID) is never change the adversary can trace the source of the sender Existing dynamic ID-based user authentication schemes suffer from possible attacks must maintain a registration table

12 A Dynamic ID-based User Authentication Scheme Using Smart Cards (2/5)
The characteristic of our method no registration table without using timestamps ensure the privacy of the users achieve perfect forward secrecy

13 A Dynamic ID-based User Authentication Scheme Using Smart Cards (3/5)
Registration phase:

14 Authentication phase:

15 A Dynamic ID-based User Authentication Scheme Using Smart Cards (5/5)
Comparison of security properties: Items Das et al.’s 2004 [26] Wang et al.’s 2009 [97] Khan et al.’s 2010 [44] Ours Mutual authentication No Yes Password chosen by users User anonymity Without registration table Withstand impersonation attacks Without time-synchronized mechanisms Session key establishment Perfect forward secrecy No* * Since Das et al.’s and Wang et al.’s schemes do not provide session key establishment, these two schemes do not provide the property of perfect forward secrecy for transmitted messages.

16 A Secure Single Sign-on Mechanism for Distributed Computer Networks (1/6)
Conventional authentication schemes register with each service provider keep different identity/password pairs Existing user identification schemes for distributed networks suffer from possible attacks require time-synchronized mechanisms

17 A Secure Single Sign-on Mechanism for Distributed Computer Networks (2/6)
The characteristic of our method withstand possible attacks (e.g., impersonation attacks) without time-synchronized mechanisms more efficient

18 A Secure Single Sign-on Mechanism for Distributed Computer Networks (3/6)
Registration phase:

19 User identification phase:

20 A Secure Single Sign-on Mechanism for Distributed Computer Networks (5/6)
Computation cost comparison:

21 A Secure Single Sign-on Mechanism for Distributed Computer Networks (6/6)
Communication cost comparison:

22 Enhanced Authentication Scheme with Anonymity for Roaming Service in GLOMONET (1/6)
Existing schemes adopt asymmetric and symmetric cryptosystems use timestamps suffer from possible attacks do not provide the property of anonymity

23 Enhanced Authentication Scheme with Anonymity for Roaming Service in GLOMONET (2/6)
The characteristic of proposed scheme use low cost functions without time-synchronized mechanisms provide anonymity for mobile users the session key selected by the mobile user

24 Enhanced Authentication Scheme with Anonymity for Roaming Service in GLOMONET (3/6)
Registration phase:

25 Authentication and key establishment phases:

26 Enhanced Authentication Scheme with Anonymity for Roaming Service in GLOMONET(5/6)
Performance comparisons:

27 Enhanced Authentication Scheme with Anonymity for Roaming Service in GLOMONET (6/6)
Functionality comparisons:

28 A Secure E-mail Protocol for Mobile Devices (1/8)
systems a popular medium for data transmission transmit pure text and multimedia Internet is public and insecure data might be eavesdropped If long-term secret key is compromised all previous mails might be exposed

29 A Secure E-mail Protocol for Mobile Devices (2/8)
Objectives of our research reduce the computation cost achieve Perfect Forward Secrecy (PFS) work in the inter-domain

30 A Secure E-mail Protocol for Mobile Devices (3/8)
Registration phase:

31 A Secure E-mail Protocol for Mobile Devices (4/8)
Login phase:

32 A Secure E-mail Protocol for Mobile Devices (5/8)
The first sub-phase of the sending phase:

33 The second sub-phase of the sending phase:

34 A Secure E-mail Protocol for Mobile Devices (7/8)
The receiving phase:

35 A Secure E-mail Protocol for Mobile Devices (8/8)

36 Conclusions and Future Works (1/2)
We have proposed solutions as follows mutual authenticated key agreement protocol dynamic ID-based user authentication scheme secure single sign-on mechanism for distributed computer networks authentication scheme with anonymity for roaming service secure protocol for mobile devices

37 Conclusions and Future Works (2/2)
In the future, we will extend the result of this study decrease the overhead of message transmission design authentication schemes that can provide 1-out-of-∞ deniability design secure authentication protocols in the RFID systems


Download ppt "網路環境中通訊安全技術之研究 Secure Communication Schemes in Network Environments"

Similar presentations


Ads by Google