Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Anonymous Roaming Authentication Protocol with ID-based Signatures Lih-Chyau Wuu Chi-Hsiang Hung Department of Electronic Engineering National Yunlin.

Published byAbraham Lyons Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Anonymous Roaming Authentication Protocol with ID-based Signatures Lih-Chyau Wuu Chi-Hsiang Hung Department of Electronic Engineering National Yunlin."— Presentation transcript:

1 1 Anonymous Roaming Authentication Protocol with ID-based Signatures Lih-Chyau Wuu Chi-Hsiang Hung Department of Electronic Engineering National Yunlin University of Science & Technology, Taiwan E-mail: wuulc@yuntech.edu.tw

2 2 Outline  Introduction  Roaming Authentication Protocol  Security Analysis  Performance Analysis  Conclusion

3 3 Introduction  The mobile communication environment Access data at any place and at any time Security issues  Data privacy  Data integrity  Mutual authentication  Anonymity  Non-repudiation

4 4 Introduction An authentication server exists in each network Authenticate roaming users before providing any service AS: Authentication Server MS: Mobile Station Home Network Foreign Network AS HN AS FN MS Accept/Reject Roaming Service Request Roaming MS

5 5 Introduction  Roaming Authentication Methods: On-Line Authentication Off-Line Authentication The mixture of On-Line and Off-Line Authentication

6 6 On-Line Authentication  Authenticate the roaming user each time Roaming Service Request Is the MS valid? Yes or No Home Network Foreign Network AS HN AS FN MS Accept/Reject Roaming MS

7 7 Off-Line Authentication  Authenticate the roaming user locally Home NetworkForeign Network Accept/Reject Roaming Service Request pre-shared information AS HN AS FN MS Roaming

8 8 The mixture of On-Line and Off-Line Authentication On-line authentication when the roaming user requests service for the first time. Off-line authentication for subsequent service requests Home Network Accept/Reject Roaming Service Request Is the MS valid? Yes or No shared information AS HN AS FN MS Roaming Foreign Network

9 9 The roaming authentication protocol  Off-line roaming authentication  Security properties Anonymity of MS Mutual Authentication between MS and Foreign Network Nonrepudiation of MS  Minimizing the number of exchanged messages  Minimizing the computation load at MS  Simple Key Management

10 10 The roaming authentication protocol  ID-based signature technique from Weil-pairing No certificate is needed Verify the signature by public information of the signer (email address, identity, …)  Secret sharing technique from Lagrange Interpolating polynomial

11 11 Lagrange interpolating polynomial - secret sharing ID 1 ID 2 ID n … x 1 =ID 1 and y 1 = f (ID 1 ) x 2 =ID 2 and y 2 = f (ID 2 ) x n =ID n and y n = f (ID n ) y 1 = f (ID 1 ) y 2 = f (ID 2 ) y n = f (ID n )

12 12 Lagrange interpolating polynomial - secret sharing ID 1 ID 2 ID t … x 1 =ID 1 and y 1 = f (ID 1 ) x 2 =ID 2 and y 2 = f (ID 2 ) x t =ID t and y t = f (ID t ) secret

13 13 The Roaming Authentication Protocol Home Network Foreign Network K Accept/Reject Sig charge2 AS HN AS FN MS 2 + K MS 1 MS n … RS MS1 RS MS2 RS MSn Roaming Information RS FN

14 14 System Initialization-AS HN  System Initialization AS HN generates  System public parameters {e, G 1, G 2, P, H 1, H 2, H 3 }  System private key s  System public key P pub = s P AS HN selects a RS FN  R Z q, and sends the RS FN to AS FN by secure channel.

15 15 System Initialization-AS HN  When MS registers at AS HN, the MS will get {ID MS, TID MS, SK MS, RS MS, K comm } Where PK MS =H 1 (TID MS || ID HN || Date MS ), SK MS = s PK MS Date MS : the expiration date of the public/secret key pair

16 16 Mutual Authentication  MS roams to the Foreign Network (AS FN ): Foreign Network Compute the Sig charge Compute the session key K Verify the Sig charge Compute the session key K MS AS FN {TID MS, ID HN, Date MS, PK MS, request, T, RS MS, C MS, Sig charge } {E K [ServiceData, T]} or reject

17 17 Mutual Authentication-MS  MS executes the following steps: Step A1: MS computes the Sig charge ={R charge, S charge } Step A2: MS sends the authentication request to AS FN

18 18 Mutual Authentication-AS FN  When AS FN receives the request from MS, AS FN will execute the following steps: Step B1: verify the public key PK MS Step B2: check the Date MS then check

19 19 Mutual Authentication-AS FN Step B3: verify the correctness of Sig charge Step B4: compute the r MS and the session key K Step B5: send to MS

20 20 Mutual Authentication-MS  When MS receives the message from AS FN, MS computes the session key K’ K’ = K comm ⊕ C MS MS decrypts the by using K’  MS gets the ServiceData and T’ MS checks T’ = T ?

21 21 Security Analysis  Anonymity of Roaming User  TID MS  Mutual Authentication between MS and AS FN AS FN  MS: Sig charge MS  AS FN : Session key K  Nonrepudiation of Roaming User  Sig charge

22 22 Security Analysis  Prevention of Attacks Replay Attack  timestamp: T Impersonating Attack MS  Attacker cannot get the SK MS  cannot compute the Sig charge AS FN  Attacker cannot get the RS FN  cannot compute the K Dishonest AS FN  The AS FN cannot compute the Sig charge Disclosure of session key Attacker cannot get the Roaming Share RS FN of AS FN  cannot compute the K

23 23 Performance analysis [ 7] M. Rahnema, “Overview of the GSM system and protocol architecture,” IEEE Commun. Mag., pp. 92–100, Apr. 1993. [12] J. Zhu, J. Ma, “A new authentication scheme with anonymity for wireless environments,” IEEE Trans. Consumer Electronics, Vol.50, No. 1, pp. 231 – 235, Feb 2004. [ 6] M. Long, C.-H. Wu, J.D. Irwin, “Localized authentication for inter-network roaming across wireless LANs,” IEE Proc. Communications, Vol.151, No5, Oct. 2004. [ 5] W.-B. Lee, C.-K. Yeh, “A New Delegation-Based Authentication Protocol for Use in Portable Communication System”, IEEE Trans. Wireless Communication, Vol.4, No.1, pp. 57-64, Jan. 2005.

24 24 Performance Analysis  The Number of Exchanged Messages The Number of Exchanged Messages protocolOn-LineOff-Line GSM [7]Mixture62 ZHU[12]Mixture41 Long[6]Off-Line03 Lee[5]Mixture61 OursOff-Line02

25 25 Performance Analysis  Comparison of Computation Load at MS Asymmetric Computation Symmetric Computation Hash Function GSM [7]On-Line012 Off-Line002 ZHU[12]On-Line022 Off-Line010 M.Long[6]Off-Line310 Lee[5]On-Line111 Off-Line013 OursOff-Line1*10

26 26 Performance Analysis  Storage Overhead Each MS: {ID MS, TID MS, SK MS, RS MS, K comm } AS FN : RS FN

27 27 Conclusion  The proposed off-line anonymous roaming authentication Number of exchanged messages: 2 Security Issues Anonymity, Mutual authentication, Non-repudiation, data privacy and data integrity Low computation load at MS Simple key management

Download ppt "1 Anonymous Roaming Authentication Protocol with ID-based Signatures Lih-Chyau Wuu Chi-Hsiang Hung Department of Electronic Engineering National Yunlin."

Similar presentations

1 9 4 5 1 8 8 6 E W H A W U New Nominative Proxy Signature Scheme for Mobile Communication April. 30. 2003 Seo, Seung-Hyun Dept. of Computer Science and.

E W H A W U New Nominative Proxy Signature Scheme for Mobile Communication April Seo, Seung-Hyun Dept. of Computer Science and.
CMSC 414 Computer (and Network) Security Lecture 22 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 22 Jonathan Katz.
DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13

DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13
DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13 DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13 Digital Signatures Authentication.

DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13 DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13 Digital Signatures Authentication.
Unlicensed Mobile Access (UMA) Dasun Weerasinghe School of Engineering and Mathematical Sciences City University London.

Unlicensed Mobile Access (UMA) Dasun Weerasinghe School of Engineering and Mathematical Sciences City University London.
An Improvement on Privacy and Authentication in GSM Young Jae Choi, Soon Ja Kim Computer Networks Lab. School of Electrical Engineering and Computer Science,

An Improvement on Privacy and Authentication in GSM Young Jae Choi, Soon Ja Kim Computer Networks Lab. School of Electrical Engineering and Computer Science,
Kerberos Assisted Authentication in Mobile Ad-hoc Networks Authors: Asad Amir Pirzada and Chris McDonald Sources: Proceedings of the 27th Australasian.

Kerberos Assisted Authentication in Mobile Ad-hoc Networks Authors: Asad Amir Pirzada and Chris McDonald Sources: Proceedings of the 27th Australasian.
Further improvement on the modified authenticated key agreement scheme Authors: N.Y. Lee and M.F. Lee Source: Applied Mathematics and Computation, Vol.157,

Further improvement on the modified authenticated key agreement scheme Authors: N.Y. Lee and M.F. Lee Source: Applied Mathematics and Computation, Vol.157,
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
LOGO Multi-user Broadcast Authentication in Wireless Sensor Networks ICU 20082065 Myunghan Yoo.

LOGO Multi-user Broadcast Authentication in Wireless Sensor Networks ICU Myunghan Yoo.
1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.

1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.
1 Chapter 13 – Digital Signatures & Authentication Protocols Fourth Edition by William Stallings Lecture slides by Lawrie Brown (modified by Prof. M. Singhal,

1 Chapter 13 – Digital Signatures & Authentication Protocols Fourth Edition by William Stallings Lecture slides by Lawrie Brown (modified by Prof. M. Singhal,
Wireless Security In wireless networks. Security and Assurance - Goals Integrity Modified only in acceptable ways Modified only by authorized people Modified.

Wireless Security In wireless networks. Security and Assurance - Goals Integrity Modified only in acceptable ways Modified only by authorized people Modified.
Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.

Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.
An Authentication Scheme for Mobil Satellite Communication Systems Advisor: Prof. Jen-Chang Liu Graduate Student: Yi-Ching Chen( 陳怡靜 92321527) Date: 2004/05/26.

An Authentication Scheme for Mobil Satellite Communication Systems Advisor: Prof. Jen-Chang Liu Graduate Student: Yi-Ching Chen( 陳怡靜 ) Date: 2004/05/26.
CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.
An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.

An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.
A more efficient and secure dynamic ID- based remote user authentication scheme Yan-yan Wang, Jia-yong Liu, Feng-xia Xiao, Jing Dan in Computer Communications.

A more efficient and secure dynamic ID- based remote user authentication scheme Yan-yan Wang, Jia-yong Liu, Feng-xia Xiao, Jing Dan in Computer Communications.
Identity Base Threshold Proxy Signature Jing Xu, Zhenfeng Zhang, and Dengguo Feng Form eprint Presented by 魏聲尊.

Identity Base Threshold Proxy Signature Jing Xu, Zhenfeng Zhang, and Dengguo Feng Form eprint Presented by 魏聲尊.
Overview of Digital Signatures Introduction To Networks and Communications (CS 555) Presented by Bharath Kongara.

Overview of Digital Signatures Introduction To Networks and Communications (CS 555) Presented by Bharath Kongara.

Similar presentations

Ads by Google