Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Novel Privacy Preserving Authentication and Access Control Scheme for Pervasive Computing Environments Authors: Kui Ren, Wenjing Lou, Kwangjo Kim, and.

Published byMelvin Norris Modified over 9 years ago

Similar presentations

Presentation on theme: "A Novel Privacy Preserving Authentication and Access Control Scheme for Pervasive Computing Environments Authors: Kui Ren, Wenjing Lou, Kwangjo Kim, and."— Presentation transcript:

1 A Novel Privacy Preserving Authentication and Access Control Scheme for Pervasive Computing Environments Authors: Kui Ren, Wenjing Lou, Kwangjo Kim, and Robert Deng Sources: IEEE Transactions on Vehicular Technology, 55(4), pp. 1373-1384, July 2006. Reporter: Chun-Ta Li ( 李俊達 )

2 2 22 Outline  Pervasive computing environments (PCE)  Motivations  The proposed scheme  Analysis  Comments

3 3 Pervasive computing environments  Definition Integrates digital devices (such as computers, handheld devices, sensors and actuators) seamlessly with everyday physical devices (such as electrical appliances and automobiles). Three components [James Kurose and Keith Ross, 2004]  Nomadic computing: wireless-technology  Sensor-based smart spaces: environment-monitoring  Mobile computing data management Sensor network

4 4 Pervasive computing environments  Service-Oriented Architecture

5 5 Pervasive computing environments  Sample PCE Authentication Server Router Public Internet Public Internet Gateway Access Point Printer User Fax Scanner Scientific Device

6 6 Motivations  Providing explicit mutual authentication between mobile user and the service  Allowing mobile user to anonymously interact with the service  Enabling differentiated service access control among different users  Providing flexibility and scalability to both user and service sides  Generating fresh session keys to secure the interaction  Efficiency of communication, computation and management overheads

7 7 The proposed scheme  Notations

8 8 The proposed scheme (cont.)  System architecture Mobile User Authentication Server Service Access Point 1. Registration 2. Authorization 3. Access Request 4. Authentication Request 5. Authentication Acknowledgement 6. Access/Reject

9 9 The proposed scheme (cont.)  User authorization protocol Credential generation Mobile user U (a certificate CertU) Service provider S 1. Generate two nonces: r’ U and r” U 2. Sign her own ID with a nonce r” U  {U, r” U } PriK U 3. Compute the anchor value C 0  h(r” U, U, {U, r” U } PriK U ) Non-repudiation property 4. Compute the credential chain C n  h n (C 0 ), with length n 5. Blind C n as C U  {r’ U } PubK SID * C n

10 10 The proposed scheme (cont.)  User authorization protocol Credential authorization Mobile user U (a certificate CertU) Service provider S U, C U, CertU, SID authorization request 6. Verify CertU with PubK S 7. Sign C U as C S  {C U } PriK SID = r’ U * {C n } PriK SID CSCS authorization confirmation 8. Compute C S /r’ U  (C n, {C n } PriK SID )

11 11 The proposed scheme (cont.)  User operational protocol Mobile user U Service provider S Access point P 1. Generate a nonce: r U 2. Send {r U, C n, {C n } PriK SID } PubK S 3. Send {r U, C n, {C n } PriK SID } PubK S secure tunnel 4. Decrypt r U, C n 5. Store C n 6. Send r U, C n secure tunnel 7. Generate a nonce: r P 8. Compute K UP =h(C n, r P, r U, 0). K’ UP =h(C n, r P, r U, 1) 9. Send r P, {r U, P} K UP access acknowledgement access request access acknowledgement

12 12 The proposed scheme (cont.)  User operational protocol Mobile user U Service provider S Access point P 10. Compute K UP =h(C n, r P, r U, 0), K’ UP = h(C n, r P, r U, 1). 11. Decrypt and verifies r U, C n, P 12. Encrypt X m 0 = {m 0 } K’ UP 13. Compute h K UP (X m 0 ) 14. Send r P, r U, X m 0, h K UP (X m 0 ) 15. Verify X m 0 using K UP 16. Decrypt m 0 using K’ UP … r P, r U, X m i, h K UP (X m i ) authenticated data traffic

13 13 Analysis

14 14 Comments  Cryptanalysis of anonymity property Service provider S Step 1: Get U, C U = {r’ U } PubK SID * C n in Credential Authorization phase Step 2: Sign C U as C S  {C U } PriK SID = r’ U * {C n } PriK SID Step 3: Store U, C U, C S = {C U } PriK SID = r’ U * {C n } PriK SID in their own DB Step 4: Get C n, {C n } PriK SID in User Operational phase Step 5: Compute C S / {C n } PriK SID to derive r’ U Step 6: Compute C’ U = {r’ U } PubK SID * C n to verify whether C’ U = C U holds or not. Step 7: If it holds, S confirms that mobile user U accesses the service; otherwise, S continually executes the previous Steps from 4 to 6.

15 15 Comments (cont.)  Efficiency improvement in user operational phase compared C j with all C j s stored in S’s DB  Time complexity is O(n) if there are n users in DB solution: User i generates a T ID in access request message and sends it to service provider to store the T ID of user i  Time complexity is O(1)

16 16 Comments (cont.)  Service abuse problem No one can derive the value of C n unless user itself and thus anyone can fabricate an invalid Cn with a valid Cert U to access the service without limits even than a valid user can deny his accesses. Cert U must keep secret for outsiders {U, C U, CertU, SID} PubK S Mobile user U (a certificate CertU) Service provider S

Download ppt "A Novel Privacy Preserving Authentication and Access Control Scheme for Pervasive Computing Environments Authors: Kui Ren, Wenjing Lou, Kwangjo Kim, and."

Similar presentations

Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.

Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.
Anonymity without Sacrificing Performance Enhanced Nymble System with Distributed Architecture CS 858 Project Presentation Omid Ardakanian * Nam Pham *

Anonymity without Sacrificing Performance Enhanced Nymble System with Distributed Architecture CS 858 Project Presentation Omid Ardakanian * Nam Pham *
A hierarchical key management scheme for secure group communications in mobile ad hoc networks Authors: Nen-Chung Wang and Shian-Zhang Fang Sources: The.

A hierarchical key management scheme for secure group communications in mobile ad hoc networks Authors: Nen-Chung Wang and Shian-Zhang Fang Sources: The.
Kerberos Assisted Authentication in Mobile Ad-hoc Networks Authors: Asad Amir Pirzada and Chris McDonald Sources: Proceedings of the 27th Australasian.

Kerberos Assisted Authentication in Mobile Ad-hoc Networks Authors: Asad Amir Pirzada and Chris McDonald Sources: Proceedings of the 27th Australasian.
The Italian Academic Community’s Electronic Voting System Pierluigi Bonetti Lisbon, May 2000.

The Italian Academic Community’s Electronic Voting System Pierluigi Bonetti Lisbon, May 2000.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.

Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
Mutual Authentication and Key Exchange Protocol (MAKEP) Reporter: Jung-Wen Lo ( 駱榮問 ) Date: 2008/4/18.

Mutual Authentication and Key Exchange Protocol (MAKEP) Reporter: Jung-Wen Lo ( 駱榮問 ) Date: 2008/4/18.
Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.

Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.
WAP Public Key Infrastructure CSCI 5939.02 – Independent Study Fall 2002 Jaleel Syed Presentation No 5.

WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.

Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.
Using Internet Information Server And Microsoft ® Internet Explorer To Implement Security On The Intranet HTTP.

Using Internet Information Server And Microsoft ® Internet Explorer To Implement Security On The Intranet HTTP.
Anonymity and Security in Public Internet Forums Ho-fung LEUNG Senior Member, IEEE Dept. of Computer Science & Engineering The Chinese University of Hong.

Anonymity and Security in Public Internet Forums Ho-fung LEUNG Senior Member, IEEE Dept. of Computer Science & Engineering The Chinese University of Hong.
Efficient Multi-server Password Authenticated Key Agreement Using Smart Cards Computer and Information Security 92321509 Ming-Hong Shih.

Efficient Multi-server Password Authenticated Key Agreement Using Smart Cards Computer and Information Security Ming-Hong Shih.
TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.

TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.
Security Management.

Security Management.
1 Authentication Protocols Celia Li Computer Science and Engineering York University.

1 Authentication Protocols Celia Li Computer Science and Engineering York University.
Digital Signature Xiaoyan Guo/102587 Xiaohang Luo/104446.

Digital Signature Xiaoyan Guo/ Xiaohang Luo/
Csci5233 Computer Security1 GS: Chapter 6 Using Java Cryptography for Authentication.

Csci5233 Computer Security1 GS: Chapter 6 Using Java Cryptography for Authentication.

Similar presentations

Ads by Google