Download presentation
Presentation is loading. Please wait.
1
A lightweight anonymous user authentication and key establishment scheme for wearable devices
Source: Computer Networks Volume 149, 11 February 2019, Pages 29-42 Authors: Ankur Gupta, Meenakshi Tripathi, Tabish Jami lShaikh , Aakar Sharma Speaker: Yao-Zhu Zheng Date: 2019/03/07
2
Outline Introduction System model Proposed scheme Experimental results
Conclusions
3
Introduction(1/2) IoT(Internet of Things) healthcare industry
4
Introduction(2/2) Wearable devices
smartwatch, smart glasses, fitness tracker etc.
5
System model(1/2) 1. 2. 3. 5. 4. Wearable devices User/GWN
Authentication server
6
System model(2/2) Adversary knows the authentication protocol used and may eavesdrop all the messages transmitted over an insecure channel. Adversary may modify or redirect the transmitted messages or replay the eavesdropped messages. Adversary may get any sensing device and extract all the stored parameters from its memory. However, adversary can not get the mobile terminal.
7
Proposed scheme (1/27) System setup Registration
Authentication and key-establishment Password-change
8
Proposed scheme (2/27) System setup phase Sensing device setup phase
Mobile terminal setup phase
9
Proposed scheme (3/27) Sensing device setup phase SDj
Trusted Authority (TA) 1. chooses SIDj , XSDj for SDj 2. computes MSIDj = h(SIDj ∥ XSDj) secure channel 3. stores (h(·),SIDj,XSDj,MSIDj) 4. stores SIDj, MSIDj and XSDj
10
Proposed scheme (4/27) Parameter stored in entities SDj GWN TA SIDj
XSDj MSIDj SIDj XSer , XSDj MSIDj
11
Proposed scheme (5/27) Mobile terminal setup phase TA GWN
1. chooses GID , XGD for GWN 2. computes MGID = h(GID ∥ XGD) secure channel 3. stores (h(·), GID, XGD, MGID) 4. stores GID, MGID and XGD
12
Proposed scheme (6/27) Parameter stored in entities SDj GWN TA SIDj
XSDj MSIDj GID XGD MGID SIDj , GID XSer , XSDj , XGD MSIDj , MGID
13
Proposed scheme (7/27) Registration phase User registration phase
Sensing device registration phase
14
Proposed scheme (8/27) User registration phase TA Ui(with GWN)
1. User chooses IDi , PWi 2. GWN chooses a random number ru to compute MIi = h(ID ∥ ru) , MPi = h(PW ∥ ru) 3. GWN sends MIi , MPi , MGID to TA secure channel
15
Proposed scheme (9/27) User registration phase TA Ui(with GWN)
4. computes fi = h(MIi ∥ XSer) , xi = h(MPi ∥ XGD) 5. computes ei = fi ⊕ xi 6. sends ei back to GWN secure channel
16
Proposed scheme (10/27) User registration phase Ui(with GWN)
7. computes xi = h(MPi ∥ XGD) 8. computes fi = ei ⊕ xi 9. stores xi , ei , fi , ru
17
Proposed scheme (11/27) Parameter stored in entities SDj GWN TA SIDj
XSDj MSIDj GID XGD MGID xi , ei , fi ru SIDj , GID XSer , XSDj , XGD MSIDj , MGID
18
Proposed scheme (12/27) Sensing device registration phase SDj GWN TA
1. chooses random number rj 2. computes MPj = h(SIDj ∥ XSDj ∥ rj ∥ T1) 3. computes MNj = XSDj ⊕ rj 4. sends MSIDj, MNj, MPj, and T1 to GWN
19
Proposed scheme (13/27) Sensing device registration phase SDj GWN TA
5. checks |T2 - T1|<ΔT 6. computes TI = h(GID∥ T2) 7. sends TI, MGID, MSIDj, MNj, MPj, T1, T2 to TA
20
Proposed scheme (14/27) Sensing device registration phase SDj GWN TA
8. checks |T3 - T2|<ΔT 9. computes TI* = h(GID∥ T2) and checks TI =? TI* (confirms message from GWN) 10. computes rj* = MNj ⊕ XSDj 11. computes MPj* = h(SIDj ∥ XSDj ∥ rj* ∥ T1) (confirms message from SDj)
21
Proposed scheme (15/27) Sensing device registration phase SDj GWN TA
12. computes fj = h(SIDj∥ XSer) , xj = h(MPj∥ XSDj) 13. computes ej = fj ⊕ xj 14. computes TIj = h(SIDj∥ T3) , TISer = h(GID∥ T3) 15. sends ej , TIj , TISer , T3 to GWN
22
Proposed scheme (16/27) Sensing device registration phase SDj GWN TA
16. checks |T4 – T3|<ΔT 17. computes TISer* = h(GID∥ T3) and checks TISer* =? TISer (confirms message from TA) 18. stores MSIDj 19. sends TIj , ej , MIi , MGID , T3 , T4 to SDj
23
Proposed scheme (17/27) Sensing device registration phase SDj GWN TA
20. checks |T5 – T4|<ΔT 21. computes TIj* = h(SIDj∥ T3) and checks TIj* =? TIj (confirms message from TA) 22. computes xj = h(MPj∥ XSDj) , fj = ej ⊕ xj 23. stores ej , xj , fj , MIi , MGID
24
Proposed scheme (18/27) Parameter stored in entities SDj GWN TA SIDj
XSDj MSIDj , MGID xj , ej , fj MIi GID XGD MSIDj , MGID xi , ei , fi ru SIDj , GID XSer , XSDj , XGD MSIDj , MGID
25
Proposed scheme (19/27) Authentication and key-establishment SDj
Ui (with GWN) TA 1. inputs IDi , PWi 2. GWN computes MIi* = h(IDi∥ ru), MPi* = h(PWi∥ ru), xi* = h(MPi* ∥ XGD) and checks MIi* =? MIi , xi* =? xi 3. sends MIi , MGID , T1 to SDj
26
Proposed scheme (20/27) Authentication and key-establishment SDj
Ui (with GWN) TA 4. checks |T2 – T1|<ΔT 5. chooses random number Kj 6. computes Aj = h(MIi ∥ XSDj ∥ T2) ⊕ xj and Zj = Kj ⊕ fj 7. sends MSIDj , Aj , Zj , T2 to GWN
27
Proposed scheme (21/27) Authentication and key-establishment SDj
Ui (with GWN) TA 8. checks |T3 – T2|<ΔT 9. stores Zj 10. sends MIi , MGID , MSIDj , ei , Aj , T2 , T3 to TA
28
Proposed scheme (22/27) Authentication and key-establishment SDj
Ui (with GWN) TA 11. checks |T4 – T3|<ΔT 12. compute xj* = Aj ⊕ h(MIi ∥ XSDj ∥ T2) and check xj* =? xj (confirm SDj) 13. compute fi* = h(MIi ∥ XSer) , xi* = ei ⊕ fi* and check xi* =? xi (confirm Ui)
29
Proposed scheme (23/27) Authentication and key-establishment SDj
Ui (with GWN) TA 14. computes Fij = fj ⊕ h(fi* ∥ XGD), Hi = h(fi* ∥ XGD ∥T4), Sj = h(xj* ∥ XSDj ∥T4) 15. sends Fij , Hi , Sj , T4 to GWN
30
Proposed scheme (24/27) Authentication and key-establishment SDj
Ui (with GWN) TA 16. checks |T5 – T4|<ΔT 17. computes Hi* = h(fi ∥ XGD ∥T4) and check Hi* =? Hi (confirm TA) 18. computes fj = Fij ⊕ h(fi ∥ XGD), Kj = Zj ⊕ fj 19. chooses random number Ki 20. computes Rij = h(fj ∥ MGID ∥ T5 ) ⊕ Ki and SK = h(Ki ⊕ Kj ) 21. sends Rij , Sj , T4 , T5 to SDj
31
Proposed scheme (25/27) Authentication and key-establishment SDj
Ui (with GWN) TA 22. checks |T6 – T5|<ΔT 23. computes Sj* = h(xj ∥ XSDj ∥T4) and check Sj* =? Sj (confirm TA) 24. computes Ki = Rij ⊕ h(fj ∥ MGID ∥ T5 ) 25. computes SK = h(Ki ⊕ Kj )
32
Proposed scheme (26/27) Password-change Ui(with GWN) TA
1. inputs IDi , PWi 2. GWN computes xi* =? xi 3. inputs new password PWinew 4. computes MPinew = h(PWinew ∥ ru) 5. sends MIi , MPi , MPinew to TA
33
Proposed scheme(27/27) Password-change Ui(with GWN) TA
6. computes fi* = h(MIi ∥ XSer) 7. computes xi* = fi* ⊕ ei and check xi* =? xi 8. computes xinew = h(MPinew ∥ XGD) , einew = fi ⊕ xinew 9. sends einew back to GWN 10. stores einew
34
Experimental results (1/5)
Comparison of security features Security property [22] [24] [26] [28] [30] [31] Proposed Anonymity and untraceability N Y Perfect forward secrecy Replay attack User impersonation attack Sensing device impersonation attack Gateway impersonation attack Node capture attack Offline guessing attack Privileged insider attack Man-in-the-middle attack
35
Experimental results (2/5)
Computation cost comparison Scheme Sensor side User side Server side Total Cost Amin et al. 5Th + 3TXOR 12Th + 7TXOR 15Th + 7TXOR 32Th + 17TXOR Chang and Le 5Th + 4TXOR 7Th + 4TXOR 8Th + 1TXOR 20Th + 9TXOR Gope and Hwang 3Th + 1TXOR 14Th + 7TXOR 9Th + 4TXOR 26Th + 12TXOR Adavoudi-Jofaei et al. 3Th + 2TXOR 8Th + 9TXOR 9Th + 7TXOR 20Th + 19TXOR Li et al. 3Th + 7TXOR - 4Th + 12TXOR 7Th + 19TXOR Wu et al. 6Th + 1TXOR 7Th + 1TXOR 10Th + 2TXOR 23Th + 4TXOR Das et al. 7Th + 2TXOR 9Th + 5TXOR 16Th + 7TXOR Proposed 4Th + 4TXOR 16Th + 11TXOR
36
Experimental results (3/5)
Communication cost comparison Scheme Number of messages Number of bits Amin et al. 6 4096 Chang and Le 4 3104 Gope and Hwang 3184 Adavoudi-Jofaei et al. 3696 Li et al. 4672 Wu et al. 5 3932 Das et al. 3 1696 Proposed 3808
37
Experimental results (4/5)
38
Experimental results (5/5)
39
Conclusions A new lightweight anonymous user authentication and key- establishment scheme for wearable devices. This protocol is cost efficient in terms of computation and communication overheads.
Similar presentations
