1 / 22

A C apability-based P rivacy-preserving Scheme for Pervasive Computing Environments

A C apability-based P rivacy-preserving Scheme for Pervasive Computing Environments. Dyvyan M. Konidala Dang N. Duc Dongman Lee Kwangjo Kim Proceedings of the 3 rd Int’l Conf. on Pervasive Computing and Communications Workshops ( Percom 2005 Workshops). O utline. Introduction

layne
Download Presentation

A C apability-based P rivacy-preserving Scheme for Pervasive Computing Environments

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. A Capability-based Privacy-preserving Scheme for Pervasive Computing Environments Dyvyan M. KonidalaDang N. DucDongman LeeKwangjo KimProceedings of the 3rd Int’l Conf. on Pervasive Computing and Communications Workshops (Percom 2005 Workshops)

  2. Outline Introduction Background Proposed scheme Security analysis Complexity analysis Comparison with related work Conclusion

  3. Outline Introduction Background Proposed scheme Security analysis Complexity analysis Conclusion

  4. Introduction This paper focuses on user authentication , authorization , service access control ,and privacy protection.

  5. Outline Introduction Background Proposed scheme Security analysis Complexity analysis Conclusion

  6. Background Capability-based User Authentication and Authorization. Partially Blind Signature.

  7. Outline Introduction Background Proposed scheme Security analysis Complexity analysis Conclusion

  8. Proposed scheme

  9. Proposed scheme Capability Request Phase A1: Alice generates secret key(SKU) and public key(PKU) pair , and store in the memory. A2: Alice 登入AS的PCE,用他的帳密登入,若是正確無誤,藉由帳號識別Alice的帳號類型之後,判定Alice昰學生,AS回給Alice Cap1 的 PKcap1 ,Alice利用PKcap1 及partially blind signature scheme 將PKU blind為 blind(PKU),之後將其傳送給AS。

  10. Proposed scheme A3:AS用 SKcap1 對blind(PKU)簽章後,Alice即可使用服務{S1,S3,S6,S12},當AS簽完章之後,AS利用partially blind signature scheme來嵌入某些訊息,像是Capability 的發佈時間IssDt與結束時間ExpDt,嵌在簽章訊息中。 A4:Alice 接收 SigSKcap1(Blind( PKu|| IssDt||ExpDt ))後,用PKAS驗證簽章。因為PKU被user blind了,所以AS不知道PKU的值,user unblind訊息後得到capability。CapU= SigSKcap1( PKu|| IssDt||ExpDt ) 當capability的時限到了之後,Alice必須重來一次才可取得服務。

  11. Proposed scheme Service Access Phase B1: Alice 向SP要service S1,SP產生一個亂數R1給Alice B2: Alice用SKU對(R1 + 1)簽章之後,將S1,SigSKU(R1+1),PKU,Capu傳給SP,其中,S1是Alice的service ID B3:SP收到訊息後,先從資料庫取得PKcap1,再用PKcap1來對CapU做verify,接著檢查PKU與CapU中的PKU是否相同,若相同,則繼續verify ExpDt B4: SP繼續使用PKU來verify SigSKU(R1+1)。 B5: SP告知user是accept or reject

  12. Outline Introduction Background Proposed scheme Security analysis Complexity analysis Conclusion

  13. Security analysis 保護使用者隱私 認證,授權,存取控制 replay attack detection capability non-transferability

  14. Security analysis 保護使用者隱私 A4中不包含userID PKU算是一種匿名,在一個capability時限結束後,PKU是可以改變的。 就算AS與SP串通,在CRP中的PKU是被blind過的。

  15. Security analysis 認證,授權,存取控制 B3~B5中,就算user不使用真實的ID,也能做到認證,授權,存取控制 即使攻擊者抓了B2,因為沒有SKU,所以無法假裝成Alice 攻擊者抓了B1無法做任何事,因為那只是一個亂數。

  16. Security analysis replay attack detection 攻擊者抓到B2無法replay attack,因為B2裡不包含R ??

  17. Security analysis capability non-transferability B2的步驟只有Alice可以生成SigSKU(R1+1),所以若是Alice想要把capability轉移給Bob,他必須把SKU告訴Bob,但是一般人不會這麼做,也許Alice還將SKU用在其他重要的地方,比如說財產。為了不讓Alice request同一個capability兩個,我們會設計成同一個capability每天只能生成一份。

  18. Outline Introduction Background Proposed scheme Security analysis Complexity analysis Conclusion

  19. Complexity analysis

  20. Complexity analysis PKU|| IssDt||ExpDt共7byte*3=21*8 = 163bits

  21. Outline Introduction Background Proposed scheme Security analysis Complexity analysis Conclusion

  22. Conclusion Our scheme can be easily ported on airports, train stations , streets, highways, etc. blablabla…

More Related