Presentation is loading. Please wait.

Presentation is loading. Please wait.

Mutual Authentication and Key Exchange Protocol (MAKEP) Reporter: Jung-Wen Lo ( 駱榮問 ) Date: 2008/4/18.

Published byBritton O’Brien’ Modified over 9 years ago

Similar presentations

Presentation on theme: "Mutual Authentication and Key Exchange Protocol (MAKEP) Reporter: Jung-Wen Lo ( 駱榮問 ) Date: 2008/4/18."— Presentation transcript:

1 Mutual Authentication and Key Exchange Protocol (MAKEP) Reporter: Jung-Wen Lo ( 駱榮問 ) Date: 2008/4/18

2 2 Outline Introduction ES-MAKEP: Efficient & Secure MAKEP Fuw-Yi Yang and Jinn-Ke Jan (2004) ES-MAKEP-Forward Secret Attack F-MAKEP He Yijun, Xu Nan and Li Jie (2007) Comment

3 3 Introduction MAKEP: Mutual authentication and key exchange protocol L-MAKEP: Linear MAKEP Author: D. S. Wong and A. H. Chan Title: Mutual authentication and key exchange for low power wireless communications Src: Military Communications Conference, 2001. MILCOM 2001. Communications for Network-Centric Operations: Creating the Information Force, IEEE, Vol. 1, 2001, pp. 39-43 IL-MAKEP: Improved L-MAKEP Author: K. Shim Title: Cryptanalysis of mutual authentication and key exchange for low-power wireless communications Src: IEEE Communications Letters, Vol. 7, No. 5, pp.248-250, 2003. I-MAKEP Authors: Jinn-Ke Jan and Yi-Hwa Chen Title: A new efficient MAKEP for wireless communications Src: In Proceedings of the 18 th International Conference on Advanced Information Networking and Application (AINA’04), IEEE, Volume 2, pp. 347-350, 2004 ES-MAKEP: Efficient & Secure MAKEP Authors: Fuw-Yi Yang and Jinn-Ke Jan Title: A Secure and Efficient Key Exchange Protocol for Mobile Communications Src: Cryptology ePrint Archive 2004/167, July 2004, http://eprint.iacr.org F-MAKEP: Perfect forward secrecy Improved ES-MAKEP

4 A Secure and Efficient Key Exchange Protocol for Mobile Communications Authors: Fuw-Yi Yang and Jinn-Ke Jan Src: Cryptology ePrint Archive 2004/167, July 2004, http://eprint.iacr.org

5 5 Notation ε pk (): an asymmetric encryption function δ SK (): an asymmetric decryption function E K () : a symmetric encryption function D K (): a symmetric decryption function SK S : a private key of server S PK S : a public key of server S ID U : the identification of a client entity U ID S : the identification of a server S p, q: a private key pair of U g,n: a public key pair of U x || y: string x concatenates string y |n|: bit length of n r UK, r UF, r UR :three random numbers selected by U r SK : a random number selected by S r ∈ R G : r is a random number selected from the set G l: the length of session keys

6 6 ES-MAKEP User U Server S r UK,r UR,r UF C1 r UK =ε PK S (r UK ) CMT=g r UF ||r UF mod n M1={C1 r UK,CMT,ID U } r UK = δ SK S (C1 r UK ) Random r sk σ SU =r SK  r UK C2 r UK =E σ SU (r UK ) M2={r SK,C2 r UK } σ US =r UK  r SK r’ UK =D σ US (C2 r UK ) =D σ US (E σ SU (r UK )) r’ UK ?= r UK S F =h(r UK,r SK,ID U,ID S ) C3=E σ SU (ID U ) S R =2 |n| (r UF -S F )+r UR mod λ(n) ※ n=pq ;λ(n)=lcm(p-1, q-1) M3={C3,S R } S F =h(r UK,r SK,ID U,ID S ) CMT’=g S F ||S R mod n CMT’?=CMT (PK S,SK S )

7 A Secure Key Exchange and Mutual Authentication Protocol for Wireless Mobile Communications Authors: He Yijun, Xu Nan and Li Jie Src: The Second International Conference on Availability, Reliability and Security, 2007. ARES 2007, 10-13 April 2007 pp. 558 – 563

8 8 ES-MAKEP -Forward Secret Attack User U Server S r UK,r UR,r UF C1 r UK =ε PK S (r UK ) CMT=g r UF ||r UF mod n M1={C1 r UK,CMT,ID U } r UK = δ SK S (C1 r UK ) Random r sk σ SU =r SK  r UK C2 r UK =E σ SU (r UK ) M2={r SK,C2 r UK } σ US =r UK  r SK r’ UK =D σ US (C2 r UK ) =D σ US (E σ SU (r UK )) r’ UK ?= r UK S F =h(r UK,r SK,ID U,ID S ) C3=E σ SU (ID U ) S R =2 |n| (r UF -S F )+r UR mod λ(n) M3={C3,S R } S F =h(r UK,r SK,ID U,ID S ) CMT’=g S F ||S R mod n CMT’?=CMT Attacker Conceal SK S (PK S,SK S )

9 9 F-MAKEP User U Server S r UK,r UR,r UF C1 r UK =ε PK S (g r UK ) CMT=g r UF ||r UF mod n M1={C1 r UK,CMT,ID U } r UK = δ SK S (C1 r UK ) Random r sk σ SU =g r SK  r UK C2 r UK =E σ SU (r UK ) M2={r SK,C2 r UK } σ SU =g r SK  r UK r’ UK =D σ US (C2 r UK ) =D σ US (E σ SU (r UK )) r’ UK ?= r UK S F =h(r UK,r SK,ID U,ID S ) C3=E σ SU (ID U ) S R =2 |n| (r UF -S F )+r UR mod λ(n) ※ n=pq ;λ(n)=lcm(p-1, q-1) M3={C3,S R } S F =h(r UK,r SK,ID U,ID S ) CMT’=g S F ||S R mod n CMT’?=CMT (PK S,SK S )

10 10 Comment Conceal secret key is difficult ES-MAKEP & F-MAKEP: PKI system => Inefficient => Not suitable for wireless devices

11 11 DoS-Resistance Protocol Y ⊕ H(pw j ),σ ⊕ H(pw i ) Server A (pw1,pw2) Client B (pw1,pw2) 3. r A Y= r A ⊕ r B σ=H(r A,r B,ID A,ID B ) 2. Try pw i 5. H(σ’) ID A,ID B,X, H(ID A,ID B,X) 1. r B X=pw i ⊕ r B 4. r’ A =Y ⊕ r B σ’=H(r’ A,r B,ID A,ID B ) H(σ’) ?= H(σ) 4. H(σ’) ?= H(σ)

12 12 PK-based MAKEP

13 13 Server-specific MAKEP

14 14 Linear MAKEP

15 15 Unknown key-share attack on L- MAKEP(?) y’=cy σ’ =r A  y’ E σ’ (x)

16 16 IL-MAKEP E σ (x,ID A,ID B )

17 A new efficient MAKEP for wireless communications Authors: Jinn-Ke Jan and Yi-Hwa Chen Src: In Proceedings of the 18th International Conference on Advanced Information Networking and Application (AINA’04), IEEE, Volume 2, pp. 347-350, 2004

18 18 I-MAKEP User U Server S ID,Y v = y e +ID mod N Random r s u,t,s Random w,k u=g w mod N t=E PK S (k) s=w+x  H(rs||t||u) σ=k  s H(k’) Register Phase x v=g -x mod N ID,v y=(v-ID) d mod N Session Key Generation Phase rsrs g s  v H(r s ||t||u) ?≡u mod N k’=D(t) σ=k’  s H(k’)?=H(k)

19 19 ES-MAKEP Performance- Client’s Computations

20 20 Remark for Table 1

21 21 ES-MAKEP Performance- Server’s Computations

22 22 Remark for Table 2

23 23 ES-MAKEP Performance- Message Sizes

24 24 WTLS The security of WAP Operate over the transport layer Provide privacy, data integrity & authentication Two layer protocol Lower layer: Record protocol encrypt/decrypts data Upper layer protocol (4 sub-protocols) 1. Handshake Protocol  Establish/resume the secure connection between WAP client and WAP gateway. 2. Alert Protocol  Send urgent data or signals. 3. Change Cipher Protocol  Exchange keys on the fly to guarantee the security dynamically. 4. Application Protocol  Send data from application to Record Protocol and deliver the received data from Record Protocol to applications.

25 25 WTLS Handshake Notation V: version of WTLS SID: session ID SecNeg E : key exchange suit, cipher suit, key fresh, etc of entity E K P : pre_master_secret K m : master_secret h: one-way hush function f: a function to compute master_secret with KP Cert E : Certificate of E X E : private key of E P E : public key of E

26 26 WTLS based on F-MAKEP

Download ppt "Mutual Authentication and Key Exchange Protocol (MAKEP) Reporter: Jung-Wen Lo ( 駱榮問 ) Date: 2008/4/18."

Similar presentations

Kerberos Assisted Authentication in Mobile Ad-hoc Networks Authors: Asad Amir Pirzada and Chris McDonald Sources: Proceedings of the 27th Australasian.

Kerberos Assisted Authentication in Mobile Ad-hoc Networks Authors: Asad Amir Pirzada and Chris McDonald Sources: Proceedings of the 27th Australasian.
TLS. 14.1 Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Cryptography and Network Security

Cryptography and Network Security
Secure Socket Layer.

Secure Socket Layer.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, I've Got You under My Skin“ by Cole Porter.

7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.

Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
WAP Public Key Infrastructure CSCI 5939.02 – Independent Study Fall 2002 Jaleel Syed Presentation No 5.

WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.
Cryptography and Network Security Chapter 17

Cryptography and Network Security Chapter 17
1 Three-Party Encrypted Key Exchange Without Server Public-Keys C. L. Lin, H. M. Sun, M. Steiner, and T. Hwang IEEE COMMUNICATIONS LETTER, VOL. 5, NO.12,

1 Three-Party Encrypted Key Exchange Without Server Public-Keys C. L. Lin, H. M. Sun, M. Steiner, and T. Hwang IEEE COMMUNICATIONS LETTER, VOL. 5, NO.12,
An Efficient and Anonymous Buyer- Seller Watermarking Protocol C. L. Lei, P. L. Yu, P. L. Tsai and M. H. Chan, IEEE Transactions on Image Processing, VOL.

An Efficient and Anonymous Buyer- Seller Watermarking Protocol C. L. Lei, P. L. Yu, P. L. Tsai and M. H. Chan, IEEE Transactions on Image Processing, VOL.
0 SSL3.0 / TLS1.0 Secure Communication over Insecure Line.

0 SSL3.0 / TLS1.0 Secure Communication over Insecure Line.
IEEE 802.11 Wireless Local Area Networks (WLAN’s).

IEEE Wireless Local Area Networks (WLAN’s).
Efficient Multi-server Password Authenticated Key Agreement Using Smart Cards Computer and Information Security 92321509 Ming-Hong Shih.

Efficient Multi-server Password Authenticated Key Agreement Using Smart Cards Computer and Information Security Ming-Hong Shih.
Chapter 8 Web Security.

Chapter 8 Web Security.
1 Authentication Protocols Celia Li Computer Science and Engineering York University.

1 Authentication Protocols Celia Li Computer Science and Engineering York University.
Computer Science Public Key Management Lecture 5.

Computer Science Public Key Management Lecture 5.
Announcement Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed. 1.

Announcement Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed. 1.
How HTTPS Works J. David Giese. Hyper Text Transfer Protocol BrowserHTTP Server GET / HTTP/1.1 HOST: edge-effect.github.io HEADERS BODY HTTP/1.1 200 OK.

How HTTPS Works J. David Giese. Hyper Text Transfer Protocol BrowserHTTP Server GET / HTTP/1.1 HOST: edge-effect.github.io HEADERS BODY HTTP/ OK.
Computer Networks NYUS FCSIT Spring 2008 Milos STOLIC, Bs.C. Teaching Assistant

Computer Networks NYUS FCSIT Spring 2008 Milos STOLIC, Bs.C. Teaching Assistant

Similar presentations

Ads by Google