Presentation is loading. Please wait.

Presentation is loading. Please wait.

Further improvement on the modified authenticated key agreement scheme Authors: N.Y. Lee and M.F. Lee Source: Applied Mathematics and Computation, Vol.157,

Published byMonica Trentham Modified over 9 years ago

Similar presentations

Presentation on theme: "Further improvement on the modified authenticated key agreement scheme Authors: N.Y. Lee and M.F. Lee Source: Applied Mathematics and Computation, Vol.157,"— Presentation transcript:

1 Further improvement on the modified authenticated key agreement scheme Authors: N.Y. Lee and M.F. Lee Source: Applied Mathematics and Computation, Vol.157, pp.729-733, 2004. Adviser: Min-Shiang Hwang Speaker: Chun-Ta Li

2 Outline Introduction Review and analysis of the Hsu et al. scheme The proposed scheme Conclusions Comments

3 Introduction In 1976, Diffie and Hellman proposed an asymmetric key agreement scheme. In 1999, Seo and Sweeney proposed an authenticated key agreement scheme, called SAKA –Used a pre-shared password to provide user authentication In 2000, Tseng proposed an scheme to prevent the replay attack. –Attacker can cheat the honest party into believing a wrong session key man-in-middle attack replay attack

4 Introduction (cont.) In 2000, Ku and Wang pointed out the Tseng scheme suffers from two kinds of attacks: –Backward replay attack without modification Attacker can masquerade as one communicating party Replay the exchanged messages to cheat the other one –Modification attack Attacker can alter exchanged messages to cheat one party into believing a wrong session key. In 2003, Hsu et al. proposed an improvement scheme which is more efficient than previous scheme modification attack

5 Review and analysis of the Hsu et al. scheme A, B: two communicating parties; C: an attacker; id A, id B : the identities of A and B; n: a large prime number; g: a generator with the order n-1; P: the common password shared between A and B; Q: an integer computed from P; Q -1 : the inverse of Q (mod n) a: a random number chosen by A; b: a random number chosen by B; H(.): a one-way hash function

6 Review and analysis of the Hsu et al. scheme (cont.) Key establishment phase A B (e.1) computes X 1 = g aQ mod n X 1 (e.2) Y 1 computes Y 1 = g bQ mod n (e.3) computes the session key K 1 (e.4) computes the session key K 2 Y = Y 1 Q -1 mod n = g b mod n X = X 1 Q -1 mod n = g a mod n K 1 = Y a mod n = g ab mod n K 2 = X b mod n = g ab mod n // After the Step (e.4), A and B can compute the same session key K 1 = K 2 = g ab mod n

7 Review and analysis of the Hsu et al. scheme (cont.) Key validation phase A B –(v.1) computes X 2 = H(id A, K 1 ) X 2 –(v.2) verifies X 2 = H(id A, K 2 ) –(v.3) Y 2 computes Y 2 = H(id B, K 2 ) –(v.4) verifies Y 2 = H(id B, K 1 ) // After the Step (v.4), A and B can convince the common secret key K 1 = K 2 = g ab mod n

8 Review and analysis of the Hsu et al. scheme (cont.) Modification attack A C B (e.1`) C replaces X 1 with X 1 `= X 1 t mod n X 1 ` (e.2`) Y 1 ` C replaces Y 1 with Y 1 `= Y 1 t mod n (e.3`) computes the wrong session key K 1 ` (e.4`) computes the wrong session key K 2 ` Y` = Y 1 ` Q -1 mod n (= g bt mod n) X` = X 1 ` Q -1 mod n (= g at mod n) K 1 ` = X` a mod n = (g abt mod n) K 2 ` = X` b mod n = (g abt mod n) // K 1 ` is equal to K 2 `, the message digest X 2 ` = H(id A, K 1 ` ) is equal to X 2 ` = H(id A, K 2 ` ) Similarly, the digest Y 2 ` = H(id B, K 2 ` ) is equal to Y 2 ` = H(id B, K 1 ` )

9 The proposed scheme The Key establishment phase is the same as the Hsu et al. scheme. Key validation phase A B –(v.1) computes X 2 = H(id A, X 1, K 1 ) X 2 –(v.2) verifies X 2 = H(id A, X 1, K 2 ) –(v.3) Y 2 computes Y 2 = H(id B, Y 1, K 2 ) –(v.4) verifies Y 2 = H(id B, Y 1, K 1 )

10 The proposed scheme (cont.) Security analysis and discussions A C B – replaces X 1 and Y 1 with X 1 ` and Y 1 ` – compute X 2 ` = H(id A, X 1 `, K 2 ` ) and convince Y 2 ` = H(id B, Y 1 `, K 1 ` ) convince – needs to know K 1 ` (K 1 ` = K 2 ` ) before computing X 2 and Y 2 – To find K 1 ` (g abt mod n) from X 1 (g aQ mod n) and Y 1 (g bQ mod n) discrete logarithm problem

11 Conclusions Hsu et al. scheme is still vulnerable to the modification attack. This paper further proposes an improvement to repair the security flaw. The improved scheme is as efficient as the Hsu et al. scheme.

12 Comments Improvement scheme? Authentication which communication parties won’t believing the wrong session key. Q and Q -1

Download ppt "Further improvement on the modified authenticated key agreement scheme Authors: N.Y. Lee and M.F. Lee Source: Applied Mathematics and Computation, Vol.157,"

Similar presentations

多媒體網路安全實驗室 An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards 作者 :JongHyup LEE 出處.

多媒體網路安全實驗室 An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards 作者 :JongHyup LEE 出處.
11 Efficient and Secure Certificateless Authentication and Key Agreement Protocol for Hybrid P2P Network Authors: Z. B. Xu and Z. W. Li Source: The 2nd.

11 Efficient and Secure Certificateless Authentication and Key Agreement Protocol for Hybrid P2P Network Authors: Z. B. Xu and Z. W. Li Source: The 2nd.
Kerberos Assisted Authentication in Mobile Ad-hoc Networks Authors: Asad Amir Pirzada and Chris McDonald Sources: Proceedings of the 27th Australasian.

Kerberos Assisted Authentication in Mobile Ad-hoc Networks Authors: Asad Amir Pirzada and Chris McDonald Sources: Proceedings of the 27th Australasian.
多媒體網路安全實驗室 Improved Secure Anonymous Authentication Scheme for Roaming Service in Global Mobility Networks Date : 2012.10.24 Reporter : Hong Ji Wei Authors.

多媒體網路安全實驗室 Improved Secure Anonymous Authentication Scheme for Roaming Service in Global Mobility Networks Date : Reporter : Hong Ji Wei Authors.
An Improvement on Authenticated Key Agreement Scheme Authors: Chin-Chen Chang and Shih-Yi Lin Source: 2007 International Conference on Intelligent Pervasive.

An Improvement on Authenticated Key Agreement Scheme Authors: Chin-Chen Chang and Shih-Yi Lin Source: 2007 International Conference on Intelligent Pervasive.
Implementation of a Two-way Authentication Protocol Using Shared Key with Hash CS265 Sec. 2 David Wang.

Implementation of a Two-way Authentication Protocol Using Shared Key with Hash CS265 Sec. 2 David Wang.
Public-key based. Public-key Techniques based Protocols –may use either weak or strong passwords –high computation complexity (Slow) –high deployment.

Public-key based. Public-key Techniques based Protocols –may use either weak or strong passwords –high computation complexity (Slow) –high deployment.
Computer and Information Security 期末報告 學號 92321501 姓名 莊玉麟.

Computer and Information Security 期末報告 學號 姓名 莊玉麟.
1 Authenticated key agreement without using one-way hash functions Harn, L.; Lin, H.-Y. Electronics Letters, Volume: 37 Issue: 10, 10 May 2001 Presented.

1 Authenticated key agreement without using one-way hash functions Harn, L.; Lin, H.-Y. Electronics Letters, Volume: 37 Issue: 10, 10 May 2001 Presented.
1 Security analysis of an enhanced authentication key exchange protocol Authors : H.Y. Liu, G.B. Horng, F.Y. Hung Presented by F.Y. Hung Date : 2005/5/20.

1 Security analysis of an enhanced authentication key exchange protocol Authors : H.Y. Liu, G.B. Horng, F.Y. Hung Presented by F.Y. Hung Date : 2005/5/20.
A simple remote user authentication scheme 1. M. S. Hwang, C. C. Lee and Y. L. Tang, “A simple remote user authentication.

A simple remote user authentication scheme 1. M. S. Hwang, C. C. Lee and Y. L. Tang, “A simple remote user authentication.
Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.

Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.
電子商務與數位生活研討會 1 Further Security Enhancement for Optimal Strong-Password Authentication Protocol Tzung-Her Chen, Gwoboa Horng, Wei-Bin Lee,Kuang-Long Lin.

電子商務與數位生活研討會 1 Further Security Enhancement for Optimal Strong-Password Authentication Protocol Tzung-Her Chen, Gwoboa Horng, Wei-Bin Lee,Kuang-Long Lin.
Identity-based authenticated key agreement protocol based on Weil pairing N.P.Smart ELECTRONICS LETTERS 20 th June 2002 vol.38 No13 p.630-632 Present by.

Identity-based authenticated key agreement protocol based on Weil pairing N.P.Smart ELECTRONICS LETTERS 20 th June 2002 vol.38 No13 p Present by.
Efficient fault-tolerant scheme based on the RSA system Author: N.-Y. Lee and W.-L. Tsai IEE Proceedings Presented by 詹益誌 2004/03/02.

Efficient fault-tolerant scheme based on the RSA system Author: N.-Y. Lee and W.-L. Tsai IEE Proceedings Presented by 詹益誌 2004/03/02.
Analysis of Key Agreement Protocols Brita Vesterås Supervisor: Chik How Tan.

Analysis of Key Agreement Protocols Brita Vesterås Supervisor: Chik How Tan.
An Improved Smart Card Based Password Authentication Scheme with Provable Security Source:Computer Standards & Interfaces, Vol. 31, No. 4, pp. 723-728,

An Improved Smart Card Based Password Authentication Scheme with Provable Security Source:Computer Standards & Interfaces, Vol. 31, No. 4, pp ,
A more efficient and secure dynamic ID- based remote user authentication scheme Yan-yan Wang, Jia-yong Liu, Feng-xia Xiao, Jing Dan in Computer Communications.

A more efficient and secure dynamic ID- based remote user authentication scheme Yan-yan Wang, Jia-yong Liu, Feng-xia Xiao, Jing Dan in Computer Communications.
Cryptography and Network Security Chapter 10. Chapter 10 – Key Management; Other Public Key Cryptosystems No Singhalese, whether man or woman, would venture.

Cryptography and Network Security Chapter 10. Chapter 10 – Key Management; Other Public Key Cryptosystems No Singhalese, whether man or woman, would venture.
Improvement of Hwang-Lo-Lin scheme based on an ID-based cryptosystem No author given (Korea information security Agency) Presented by J.Liu.

Improvement of Hwang-Lo-Lin scheme based on an ID-based cryptosystem No author given (Korea information security Agency) Presented by J.Liu.

Similar presentations

Ads by Google