1 / 37

網路環境中通訊安全技術之研究 Secure Communication Schemes in Network Environments

網路環境中通訊安全技術之研究 Secure Communication Schemes in Network Environments. 博士論文. 指導教授: 張真誠 博士 (Dr. Chin-Chen Chang) 研究生: 李佳穎 ( Chia-Yin Lee ). Outline. Introduction A Mutual Authenticated Key Agreement Scheme A Dynamic ID-based User Authentication Scheme Using Smart Cards

mariemiller
Download Presentation

網路環境中通訊安全技術之研究 Secure Communication Schemes in Network Environments

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 網路環境中通訊安全技術之研究Secure Communication Schemes in Network Environments 博士論文 指導教授:張真誠 博士 (Dr. Chin-Chen Chang) 研究生:李佳穎 (Chia-Yin Lee) Department of Computer Science and Information Engineering National Chung Cheng University, Chia-Yi, Taiwan

  2. Outline • Introduction • A Mutual Authenticated Key Agreement Scheme • A Dynamic ID-based User Authentication Scheme Using Smart Cards • A Secure Single Sign-on Mechanism for Distributed Computer Networks • An Enhanced Authentication Scheme with Anonymity for Roaming Service in GLOMONET • A Secure E-mail Protocol for Mobile Devices • Conclusions and Future Works

  3. Introduction (1/2) • Property of network environments • convenient • efficient • cannot communicate face to face • insecure • Secure communications • user authentication • data confidentiality

  4. Introduction (2/2) • Authentication • user authentication protocols • mutual authentication protocols • Confidentiality • encryption • session key establishment protocols

  5. Mutual Authenticated Key Agreement (1/6) • Login into the server over insecure networks:

  6. Mutual Authenticated Key Agreement (2/6) • Drawbacks of conventional user authentication schemes • suffer from possible attacks, (e.g., forgery attacks) • require high computational costs to provide high security(e.g., modular exponentiation) • extra time-synchronized mechanisms are needed(using timestamp) • do not establish a one-time session key

  7. Mutual Authenticated Key Agreement (3/6) • A secure authenticated key agreement protocol: • direct authentication • no timestamps • perfect forward secrecy

  8. Mutual Authenticated Key Agreement (4/6) • Initialization phase: Ui Server (Secure Channel)

  9. Mutual Authenticated Key Agreement (5/6) • Authentication phase:

  10. Mutual Authenticated Key Agreement (6/6) • Comparison:

  11. A Dynamic ID-based User Authentication Scheme Using Smart Cards (1/5) • Conventional authentication schemes • the log-in identity (ID) is never change • the adversary can trace the source of the sender • Existing dynamic ID-based user authentication schemes • suffer from possible attacks • must maintain a registration table

  12. A Dynamic ID-based User Authentication Scheme Using Smart Cards (2/5) • The characteristic of our method • no registration table • without using timestamps • ensure the privacy of the users • achieve perfect forward secrecy

  13. A Dynamic ID-based User Authentication Scheme Using Smart Cards (3/5) • Registration phase:

  14. Authentication phase:

  15. A Dynamic ID-based User Authentication Scheme Using Smart Cards (5/5) • Comparison of security properties:

  16. A Secure Single Sign-on Mechanism for Distributed Computer Networks (1/6) • Conventional authentication schemes • register with each service provider • keep different identity/password pairs • Existing user identification schemes for distributed networks • suffer from possible attacks • require time-synchronized mechanisms

  17. A Secure Single Sign-on Mechanism for Distributed Computer Networks (2/6) • The characteristic of our method • withstand possible attacks (e.g., impersonation attacks) • without time-synchronized mechanisms • more efficient

  18. A Secure Single Sign-on Mechanism for Distributed Computer Networks (3/6) • Registration phase:

  19. User identification phase:

  20. A Secure Single Sign-on Mechanism for Distributed Computer Networks (5/6) • Computation cost comparison:

  21. A Secure Single Sign-on Mechanism for Distributed Computer Networks (6/6) • Communication cost comparison:

  22. Enhanced Authentication Scheme with Anonymity for Roaming Service in GLOMONET (1/6) • Existing schemes • adopt asymmetric and symmetric cryptosystems • use timestamps • suffer from possible attacks • do not provide the property of anonymity

  23. Enhanced Authentication Scheme with Anonymity for Roaming Service in GLOMONET (2/6) • The characteristic of proposed scheme • use low cost functions • without time-synchronized mechanisms • provide anonymity for mobile users • the session key selected by the mobile user

  24. Enhanced Authentication Scheme with Anonymity for Roaming Service in GLOMONET (3/6) • Registration phase:

  25. Authentication and key establishment phases:

  26. Enhanced Authentication Scheme with Anonymity for Roaming Service in GLOMONET(5/6) • Performance comparisons:

  27. Enhanced Authentication Scheme with Anonymity for Roaming Service in GLOMONET (6/6) • Functionality comparisons:

  28. A Secure E-mail Protocol for Mobile Devices (1/8) • E-mail systems • a popular medium for data transmission • transmit pure text and multimedia • Internet is public and insecure • data might be eavesdropped • If long-term secret key is compromised • all previous mails might be exposed

  29. A Secure E-mail Protocol for Mobile Devices (2/8) • Objectives of our research • reduce the computation cost • achieve Perfect Forward Secrecy (PFS) • work in the inter-domain

  30. A Secure E-mail Protocol for Mobile Devices (3/8) • Registration phase:

  31. A Secure E-mail Protocol for Mobile Devices (4/8) • Login phase:

  32. A Secure E-mail Protocol for Mobile Devices (5/8) • The first sub-phase of the sending phase:

  33. The second sub-phase of the sending phase:

  34. A Secure E-mail Protocol for Mobile Devices (7/8) • The receiving phase:

  35. A Secure E-mail Protocol for Mobile Devices (8/8)

  36. Conclusions and Future Works (1/2) • We have proposed solutions as follows • mutual authenticated key agreement protocol • dynamic ID-based user authentication scheme • secure single sign-on mechanism for distributed computer networks • authentication scheme with anonymity for roaming service • secure e-mail protocol for mobile devices

  37. Conclusions and Future Works (2/2) • In the future, we will extend the result of this study • decrease the overhead of message transmission • design authentication schemes that can provide 1-out-of-∞ deniability • design secure authentication protocols in the RFID systems

More Related