1 / 28

作者 :Chun-Ta Li,Cgeng -Chi Lee 出處 :Mathematical and Computer Modelling,2012

A novel user authentication and privacy preserving scheme with smartcards for wireless communications. 作者 :Chun-Ta Li,Cgeng -Chi Lee 出處 :Mathematical and Computer Modelling,2012 報告人 : 葉瑞群 日期 : 2012/09/07. Introduction. 1.

chanda-roberts
Download Presentation

作者 :Chun-Ta Li,Cgeng -Chi Lee 出處 :Mathematical and Computer Modelling,2012

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A novel user authentication and privacy preserving scheme with smartcards for wireless communications 作者:Chun-Ta Li,Cgeng-Chi Lee 出處:Mathematical and Computer Modelling,2012 報告人:葉瑞群 日期:2012/09/07

  2. Introduction 1 Review of He et al.’s scheme 2 Three weaknesses in He et al.’s scheme Conclusions Security analusis of the proposed scheme 7 5 3 3 3 3 Functionality features and performance analysis of the proposed scheme The proposed scheme 6 4 4 4 Outline

  3. 1.Introduction(1/3) • Generally speaking, mobile users (MU) can access the services provided by the home agent of the MU (HA) in a visited foreign agent of the MU (FA).

  4. 1.Introduction(2/3) • Recently, He et al. [5] showed that Wu et al.’s scheme is vulnerable to several weaknesses and then proposed a strong user authentication scheme with smart cards for wireless communications.

  5. 1.Introduction(3/3) In this paper we will show that He et al.’s scheme has three weaknesses as follows. • 1. Lack of user friendliness. • 2. Unfairness in key agreement. • 3. Attacks against the user anonymity.

  6. 2.Review of He et al.’s scheme(1/7)

  7. 2.Review of He et al.’s scheme(2/7)

  8. 2.Review of He et al.’s scheme (3/7) – Registration phase [1] MU HA IDMU,H(PWMU⊕d) TKMU = H(IDMU||XHA) SKMU = H(N||IDMU) r = TKMU⊕IDHA⊕EN[(IDMU||m)] {TKMU,SKMU,H(.),r} SK*MU = H(IDMU||H(PWMU))⊕SKMU VMU = TKMU⊕H(IDMU||H(PWMU⊕d)) HMU = H(TKMU) {VMU,HMU,SK*MU,H(.),d,r}

  9. 2.Review of He et al.’s scheme (4/7) – Login phase [2] MU FA Smart card TK*MU=VMU⊕H(IDMU||H(PWMU⊕d)) H*MU=H(TK*MU) check H*MU=HMU SKMU=H(IDMU||H(PWMU))⊕SK*MU L = H(TMU⊕SKMU) F=EL[H(TMU)||IDFA||x0||x] n = r⊕TKMU = IDHA⊕EN[(IDMU||m)] m1{n,F,IDHA,TMU}

  10. 2.Review of He et al.’s scheme (5/7) – Authentication phase [3] - I MU FA HA E{H(b,n,F,TMU,CertFA)} m2 = {b,n,F,TMU,TFA, E {H(b,n,F,TMU,CertFA)},CertFA} n⊕IDHA =EN[IDMU||m] DN[EN] = IDMU,m check IDMU→database L = H(TMU⊕SKMU) DL[F] = H(TMU),IDFA,x0,x Check IDFA 、CertFA W = E{H(H(N||IDMU))||x0||x} E={H(b,c,W,THA,CertHA)} m3 = {c,W,THA, E={H(b,c,W,THA,CertHA)},CertHA}

  11. 2.Review of He et al.’s scheme (6/7) – Authentication phase [3] - II MU FA HA check THA,PHA→E D{W} = H(H(N||IDMU)),x0,x SK = H(H(H(N||IDMU))||x||x0) m4 = {ESK[TCertMU||H(x0||x)]} SK=H(H(SKMU)||x||x0) DSK[m4] = TCertMU,H(x0||x)

  12. 2.Review of He et al.’s scheme (7/7) – Password change phase [4] Smart card TK*MU = VMU⊕H(IDMU||H(PWMU||⊕d)) H*MU=H(TK*MU),Check H*MU = HMU MU Input PWNEWMU Smart card SK’MU = H(IDMU||H(PWNEWMU))⊕SKMU =H(IDMU||H(PWNEWMU))⊕ H(IDMU||H(PWMU))⊕SK*MU,ReplacesSK’MU→SK*MU V’MU = TKMU⊕H(IDMU||H(PWNEWMU⊕dNEW)),Replaces V’MU→VMU {V’MU,HMU,SK’MU,H(.),dNEW,r},PWNEWMU

  13. 3. Three weaknesses in He et al.’s scheme(1/3) 1.Lack of user friendliness • Authors assumed that the bit length of MU’s IDMU is 128 bit and MU has to bear in mind such a 128 bit identity (usually in the form of as many as 32 hexadecimal ASCII characters).

  14. 3. Three weaknesses in He et al.’s scheme(2/3) 2.Unfairness in key agreement • The MU can always choose x0 and x, where x0 and x are two 256 bits random number generated by the MU alone, such that in Step V7,the common session key computed by the FA according to SK = H(H(H(N ‖ IDMU)) ‖ x ‖ x0) is always the MU’s pre-determined x0 and x.

  15. 3. Three weaknesses in He et al.’s scheme(3/3) 3. Attacks against the user’s anonymity • Consider that a mobile user MU roams into the foreign network and sends the login message m1 = {n,F,IDHA,TMU} to the FA to access service, the contents of n and IDHA are for the mobile user MU’s exclusive use and these two values always unchanging in Step L4 of the login phase.

  16. 4.The proposed scheme(1/7)

  17. 4.The proposed scheme(2/7)Registration phase [1] MU HA IDMU,H(IDMU⊕PWMU⊕d) TKMU = H(N||IDMU)⊕H(IDMU⊕PWMU⊕d) r = IDHA⊕EN[(IDMU||m)] TKMU,H(.),r TKMU,H(.),r,d

  18. 4.The proposed scheme(3/7)Login phase [2] MU FA Smart card TK*MU=TKMU⊕H(IDMU⊕PWMU⊕d) =H(N||IDMU) A=ga mod p L = H(TMU⊕TK*MU) , F = EL[TMU||IDFA||A] DH=PHAa mod p = gacmod p , M=EDH[r] MU DH’ = PFAamod p = geamod p m1 = {A,TMU,U=EDH’[M,F,IDHA,TMU]}

  19. 4.The proposed scheme(4/7)Authentication phase [3] I MU FA HA DH’ = Ae mod p =gaemod p DDH’[U] = M,F,IDHA,TMU B = gbmod p V = E{H(A,B,M,F,TMU,TFA,CertFA)} DH’’ = PHAbmod p= gcb m2 = {B,TFA,W=EDH’’[A,B,M, F,TMU,TFA,V,CertFA]} DH’’=Bc mod p = gbc mod p DDH’’[W]=A,B,M,F,TMU,TFA,V,CertFA DH = Ac mod p=gacmod p IDHA⊕DDH[M] = EN[IDMU||m] DN[EN]=IDMU,m

  20. 4.The proposed scheme(5/7)Authentication phase [3] II MU FA HA Check IDMU→database L=H(TMU⊕H(N||IDMU)) MU is not a legal user DL[F] = TMU,IDFA,A D = gd mod p X = E{H(A,B,D,THA,CertHA)} Y = ESK’[H(H(N||IDMU)||D)||A||B||D||X||CertHA] m3 = {D,THA,Y} SK’=Db mod p = gdbmod p DSK’[Y] = H(H(N||IDMU)||D),A,B,D,X,CertHA SK = Ab mod p=gab mod p m4 = {B,Z = ESK[TCertMU||H(H(N||IDMU)||D)||A||B||D]}

  21. 4.The proposed scheme(6/7)Authentication phase [3] III MU FA HA SK=Ba mod p = gba mod p DSK[Z] = TCertMU,H(H(N||IDMU)||D),A,B,D

  22. 4.The proposed scheme(7/7)Password change phase [4] MU、Smart card TK*MU = TKMU⊕H(IDMU⊕PWMU⊕d)=H(N||IDMU) H(IDMU⊕PWNEWMU⊕d’) TKNEWMU = TK*MU⊕H(IDMU⊕PWNEWMU⊕d’) Replaces TKNEWMU,d’

  23. 5.Security analusis of the proposed scheme(1/3) • The proposed scheme is able to provide user anonymity. • m1= {A,TMU,U=EDH’[M,F,IDHA,TMU]} • Step1 DH’ = Ae mod p =gaemod p • Step2 DDH’[U] = M,F,IDHA,TMU

  24. 5.Security analusis of the proposed scheme(2/3) MU FA HA DH’ DH’ DH’’ DH’’ DH DH SK SK

  25. 5.Security analusis of the proposed scheme(3/3) • The proposed scheme meets the security requirement for perfect forward secrecy. (Diffie-Hellman) • Attacker cannot launch any attack to obtain the MU’s real identity IDMU and password PWMU. TK∗MU= H(N‖IDMU)

  26. 6.Functionality features and performance analysis of the proposed scheme(1/1)

  27. More recently, He et al. showed that Wu et al.,’s smart card based authentication scheme with user anonymity is vulnerable to several weaknesses and then proposed a secure and light-weight user authentication scheme.

  28. Thank You !

More Related