1 / 29

Enhanced secure anonymous authentication scheme for roaming service in global mobility networks

Enhanced secure anonymous authentication scheme for roaming service in global mobility networks. Hyeran Mun , Kyusuk Han, Yan Sun Lee, Chan Yeob Yeun , Hyo Hyun Choi Mathematical and Computer Modelling Volume 55, Issues 1–2, January 2012, Pages 214–222 Citation: 3 Presenter: 林致良

tocho
Download Presentation

Enhanced secure anonymous authentication scheme for roaming service in global mobility networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Enhanced secure anonymous authentication scheme for roaming service in global mobility networks HyeranMun, KyusukHan, Yan Sun Lee, Chan YeobYeun, Hyo Hyun Choi Mathematical and Computer Modelling Volume 55, Issues 1–2, January 2012, Pages 214–222 Citation:3 Presenter: 林致良 Date: 2012/11/26

  2. Outline • Introduction • Wu–Lee–Tsaur’s scheme • Weaknesses of Wu–Lee–Tsaur’sscheme • New enhancement for anonymous authentication scheme • Analysis • Conclusion

  3. Outline • Introduction • Wu–Lee–Tsaur’s scheme • Weaknesses of Wu–Lee–Tsaur’sscheme • New enhancement for anonymous authentication scheme • Analysis • Conclusion

  4. Introduction • The GLOMONETprovides global roaming service that permits mobile users to use the services provided by the home agent in a foreign agent. • Many security problems such as user’s privacy are brought into attention GLOMONET:Global mobility network

  5. Introduction You will see : • Security weaknesses in Wu–Lee–Tsaur’s schemesuch as disclosing of the legitimate user and failing to achieve perfect forward secrecy. • A new novel scheme that also achieves mutual authentication and resistance to a man-in-the-middle attack.

  6. Outline • Introduction • Wu–Lee–Tsaur’s scheme • Weaknesses of Wu–Lee–Tsaur’sscheme • New enhancement for anonymous authentication scheme • Analysis • Conclusion

  7. Wu–Lee–Tsaur’s scheme Wu–Lee–Tsaur’sauthentication scheme consists of three phases:  1. Initial phase 2. first phase 3. second phase

  8. Wu–Lee–Tsaur’sscheme Initial phase PWMU = h(N ǁIDMU) rMU= h(Nǁ IDHA) ⊕h(N ǁ IDMU)⊕IDHA⊕IDMU whereN is a secret random number that is kept by HA

  9. Wu–Lee–Tsaur’s scheme First phase 1.nMU, (h(IDMU) ǁx0 ǁx)L, IDHA,TMU 2.b, nMU, (h(IDMU) ǁx0 ǁx)L,TMU, CertFA,TFA ESFA (h(b, nMU, (h(IDMU) ǁx0 ǁx)L, TMU, CertFA)) nMU= rMU⊕PWMU L=h(TMU⊕PWMU) HA computes IDMU = h(N ǁ IDHA) ⊕nMU⊕IDHA h’= h(IDMU) compare with (h(IDMU) ǁx0ǁx)L MU can be authenticated session key k = h(h(h(N ǁ IDMU)) ǁx0ǁx) MU check h(x0ǁx) is equal to original FA can be authenticated 3. c,CertHA, THA,EPFA (h(h(N ǁIDMU)ǁx0 ǁx) ESHA(h(b, c, EPFA(h(h(N ǁIDMU)) ǁx0ǁx), CertHA)) 4. (TCertMUǁh(x0 ǁx))k

  10. Wu–Lee–Tsaur’s scheme Second phase (update session key) • When MU accesses FA at ith session, MU requests FA to update the session key. Step 1: MU → FA : TCertMU, (xiǁTCertMU)ki New ith session key kican be computed by using An unexpired previous secret random number xi−1 Fixed the secret random number x ki= h(h(h(N ǁIDMU)ǁ x ǁxi−1), (i = 1, 2, 3, . . . , n).

  11. Outline • Introduction • Wu–Lee–Tsaur’s scheme • Weaknesses of Wu–Lee–Tsaur’sscheme • New enhancement for anonymous authentication scheme • Analysis • Conclusion

  12. Weaknesses of Wu–Lee–Tsaur’s scheme Weakness 1 : Failing to achieve the anonymity Weakness 2: Disclosure password of legitimate user Weakness 3: Perfect forward secrecy Assume : A legitimate user and an attacker Aregister the same HA. A is able to intercept all messages between FA and MU. Because anyone can overhear all sent and received packets within range of a wireless devices in wireless environment

  13. Weaknesses of Wu–Lee–Tsaur’s scheme • Failing to achieve the anonymity (Zeng et al.) Step 1: A requests registration of HA, and obtains h(.) , IDHA , PWA= h(N ǁIDA) rA= h(NǁIDHA) ⊕h(N ǁIDA) ⊕IDHA⊕IDA. Step 2: A can compute h(NǁIDHA) as follows: rA⊕h(NǁIDA) ⊕IDHA⊕IDA = h(NǁIDHA) ⊕ h(NǁIDA) ⊕IDHA⊕IDA⊕h(NǁIDA) ⊕IDHA ⊕IDA= h(NǁIDHA). Step 3: A is able to intercept messages nMU, (h(IDMU) ǁx0ǁx)L, IDHA, and TMU. Step 4: A can obtain IDMU by using nMU , IDHA, and h(NǁIDHA) nMU⊕h(NǁIDHA) ⊕IDHA= h(NǁIDHA) ⊕h(NǁIDMU) ⊕IDcHA⊕IDMU⊕h(NǁIDMU) ⊕ h(NǁIDHA) ⊕IDHA = IDMU. 利用 XOR特性 A⊕B=CC⊕B=A A⊕A =0 nMU= rMU⊕PWMU

  14. Weaknesses of Wu–Lee–Tsaur’s scheme 2. Disclosure password of legitimate user A can obtain legitimate user’s password PWMU. Acan compute PWMU as follows: (1) A can guess composition of rMU by using rA. Composition of rA is h(N ǁIDHA) ⊕h(N ǁIDMU) ⊕IDHA⊕IDMU. IDMU iscomposition of rMU instead of IDA. • A can compute legitimate user MU’s password PWMU by using intercepted nMUand guessed rMU. nMU⊕rMU = h(NǁIDMU) ⊕ h(N ǁIDHA) ⊕IDHA⊕IDMU⊕h(N ǁIDMU)⊕ h(N ǁIDHA) ⊕h(N ǁIDMU) ⊕IDHA⊕IDMU = h(N ǁIDMU) = PWMU rMU

  15. Weaknesses of Wu–Lee–Tsaur’s scheme 2. Disclosure password of legitimate user

  16. Weaknesses of Wu–Lee–Tsaur’s scheme 2. Disclosure password of legitimate user Question: How can A guess composition of rMUby using rA. rA = h(Nǁ IDHA) ⊕h(N ǁIDA)⊕IDHA⊕IDA rMU = h(Nǁ IDHA) ⊕h(N ǁ IDMU)⊕IDHA⊕IDMU

  17. Weaknesses of Wu–Lee–Tsaur’s scheme 3. Perfect forward secrecy

  18. Outline • Introduction • Wu–Lee–Tsaur’s scheme • Weaknesses of Wu–Lee–Tsaur’sscheme • New enhancement for anonymous authentication scheme • Analysis • Conclusion

  19. New enhancement for anonymous authentication scheme The proposed scheme consists of three phases: 1. registration 2. Authentication and establishment of session key 3.update session key

  20. New enhancement for anonymous authentication scheme First phase: registration 1. NMU, IDMU 2. Generate NHA Compute PWMU = h(NMUǁNHA) Compute rMU= h(IDMUǁPWMU) ⊕IDHA 3. rMU,IDHA ,NHA, PWMU, h(.)

  21. New enhancement for anonymous authentication scheme Second phase: Authentication and establishment of session key 1. IDHA,NHA, rMU 2.Generate NFA 3. IDFA,NFA, rMU 4. Compare rMUwith r’MU= h(IDMUǁPWMU) ⊕IDHA (Authenticate MU) Compute PHA= h(PWMUǁNFA) Compute SHA= h(IDFAǁNFA) ⊕rMU⊕PHA PWMU = h(NMUǁNHA) rMU= h(IDMUǁPWMU) ⊕IDHA 5. SHA, PFA

  22. New enhancement for anonymous authentication scheme 6. Verify SHA (i)Compute S’HA= h(IDFAǁNFA) ⊕rMU ⊕ PHA (ii)Compare SHA with S’HA Compute SFA= h(SHA ǁ NFA ǁ NHA) and aP 7.SFA, aP, PFA = (SHAǁIDFAǁNFA) 8. Verify SFA(Authenticate HA andFA) 1. S’HA = h(IDFAǁNFA) ⊕rMU⊕ h(PWMUǁ NFA) 2. Compare SFA with S’FA = h(SHA ǁ NFA ǁ NHA) 算 bP, KMF= h(abP), SMF = fKMF(NFA ǁbP) 10. Computes KMF = h(abP) Verify SMF (Authenticate MU) 9. bP , SMF

  23. New enhancement for anonymous authentication scheme Third phase: update session key : KMFi(i = 1.2.3……n) 1. Select bi, compute biP 1. biP 2.Select ai, compute aiP New session key : h(aibiP) SMFi=fKMFi(aibiPǁ ai−1bi−1P) 3.aiP , SMFi 4.Compute KMFi= h(abP) Compare S’MFi= fKMFi(aibiPǁai−1bi−1P) with SMFi

  24. Outline • Introduction • Wu–Lee–Tsaur’s scheme • Weaknesses of Wu–Lee–Tsaur’sscheme • New enhancement for anonymous authentication scheme • Analysis • Conclusion

  25. Security Analysis Achieve anonymity FA receives rMU = h(IDMU ǁ PWMU) ⊕IDHAinstead of IDMU Thus, FA has no way of guessing IDMU without PWMU = h(NMU ǁ NHA) and IDHA Provide perfect forward secrecy Prevent disclose of legitimate user’s password To obtain user’s password, an attacker should know two noncesNMUand NHA. rMU = h(IDMU ǁ PWMU) ⊕IDHA, PHA= h(PWMUǁNFA) and SFA= h(SHAǁNFAǁNHA) Prevent replay attack The scheme can resist a replay attack by using nonces. Provide mutual authentication between MU and HA Provide mutual authentication between MU and FA

  26. Security Analysis

  27. Performance analysis No need for time synchronization: Previous scheme use timestamps for resisting a replay attack. Use Elliptic Curve Diffie–Hellman (ECDH): New scheme uses ECDH instead of using public key cryptosystem with certificates to reduce communication overhead.

  28. Outline • Introduction • Wu–Lee–Tsaur’s scheme • Weaknesses of Wu–Lee–Tsaur’sscheme • New enhancement for anonymous authentication scheme • Analysis • Conclusion

  29. Conclusion • There are security weaknesses in Wu–Lee–Tsaur’sscheme such as failing to provide anonymity, disclosing of user’s password and perfect forward secrecy. • This paper proposes a novel enhanced scheme that uses Elliptic Curve Diffie–Hellman (ECDH). • This scheme is efficient, provides mutual authentication, and resists the man-in-the-middle attack.

More Related