270 likes | 415 Views
Anonymous Roaming Authentication Protocol with ID-based Signatures. Lih-Chyau Wuu Chi-Hsiang Hung Department of Electronic Engineering National Yunlin University of Science & Technology, Taiwan E-mail: wuulc@yuntech.edu.tw. Outline. Introduction Roaming Authentication Protocol
E N D
Anonymous Roaming Authentication Protocol with ID-based Signatures Lih-Chyau Wuu Chi-Hsiang Hung Department of Electronic Engineering National Yunlin University of Science & Technology, Taiwan E-mail: wuulc@yuntech.edu.tw
Outline • Introduction • Roaming Authentication Protocol • Security Analysis • Performance Analysis • Conclusion
Introduction • The mobile communication environment • Access data at any place and at any time • Security issues • Data privacy • Data integrity • Mutual authentication • Anonymity • Non-repudiation
MS MS Introduction • An authentication server exists in each network • Authenticate roaming users before providing any service Foreign Network Home Network ASFN AS: Authentication Server ASHN Roaming Service Request Accept/Reject Roaming MS: Mobile Station
Introduction • Roaming Authentication Methods: • On-Line Authentication • Off-Line Authentication • The mixture of On-Line and Off-Line Authentication
On-Line Authentication • Authenticate the roaming user each time Foreign Network Home Network ASFN ASHN Yes or No Is the MS valid? Accept/Reject Roaming Service Request Roaming MS MS
MS Off-Line Authentication • Authenticate the roaming user locally Home Network Foreign Network ASFN ASHN pre-shared information Roaming Service Request Accept/Reject Roaming MS
MS The mixture of On-Line and Off-Line Authentication On-line authentication when the roaming user requests service for the first time. Off-line authentication for subsequent service requests Home Network Foreign Network ASFN ASHN shared information shared information Yes or No Is the MS valid? Roaming Service Request Accept/Reject Roaming MS
The roaming authentication protocol • Off-line roaming authentication • Security properties • Anonymity of MS • Mutual Authentication between MS and Foreign Network • Nonrepudiation of MS • Minimizing the number of exchanged messages • Minimizing the computation load at MS • Simple Key Management
The roaming authentication protocol • ID-based signature technique from Weil-pairing • No certificate is needed • Verify the signature by public information of the signer (email address, identity, …) • Secret sharing technique from Lagrange Interpolating polynomial
Lagrange interpolating polynomial - secret sharing ID1 x1=ID1 and y1= f (ID1) y1= f (ID1) y2= f (ID2) ID2 x2=ID2 and y2= f (ID2) yn= f (IDn) … IDn xn=IDn and yn= f (IDn)
Lagrange interpolating polynomial - secret sharing x1=ID1 and y1= f (ID1) ID1 ID2 secret x2=ID2 and y2= f (ID2) … xt=IDt and yt= f (IDt) IDt
ASFN ASHN Sigcharge2 RSFN Accept/Reject RSMSn RSMS2 RSMS1 MSn MS 1 MS 2 K K The Roaming Authentication Protocol Foreign Network Home Network + Roaming Information …
System Initialization-ASHN • System Initialization • ASHN generates • System public parameters {e, G1, G2, P, H1, H2, H3} • System private key s • System public keyPpub = sP • ASHN selects a RSFN RZq, and sends the RSFN to ASFN by secure channel.
PKMS =H1(TID MS|| IDHN || DateMS), SKMS= s PKMS DateMS : the expiration date of the public/secret key pair System Initialization-ASHN • When MS registers at ASHN, the MS will get {IDMS, TIDMS, SKMS, RSMS, Kcomm} Where
ASFN MS {TIDMS, IDHN, DateMS, PKMS, request, T, RSMS, CMS, Sigcharge} {EK[ServiceData, T]} or reject Mutual Authentication • MS roams to the Foreign Network (ASFN): Foreign Network Compute the Sigcharge Verify the Sigcharge Compute the session keyK Compute the session key K
Mutual Authentication-MS • MS executes the following steps: Step A1: MS computes the Sigcharge ={Rcharge, Scharge} Step A2: MS sends the authentication request to ASFN
Mutual Authentication-ASFN • When ASFN receives the request from MS, ASFN will execute the following steps: Step B1: verify the public key PKMS Step B2: check the DateMS thencheck
Mutual Authentication-ASFN Step B3: verify the correctness of Sigcharge Step B4: compute the rMS and the session key K Step B5: send to MS
Mutual Authentication-MS • When MS receives the message from ASFN, • MS computes the session key K’ K’ = Kcomm⊕ CMS • MS decrypts the by using K’ MS gets the ServiceData and T’ • MS checks T’ = T ?
Security Analysis • Anonymity of Roaming User TIDMS • Mutual Authentication between MS and ASFN ASFNMS: Sigcharge MSASFN: Session key K • Nonrepudiation of Roaming User Sigcharge
Security Analysis • Prevention of Attacks • Replay Attack timestamp: T • Impersonating Attack MS Attacker cannot get the SKMS cannot compute the Sigcharge ASFN Attacker cannot get the RSFN cannot compute the K • Dishonest ASFN The ASFN cannot compute the Sigcharge • Disclosure of session key Attacker cannot get the Roaming Share RSFN of ASFN cannot compute the K
Performance analysis [ 7] M. Rahnema, “Overview of the GSM system and protocol architecture,” IEEE Commun. Mag., pp. 92–100, Apr. 1993. [12] J. Zhu, J. Ma, “A new authentication scheme with anonymity for wireless environments,” IEEE Trans. Consumer Electronics, Vol.50, No. 1, pp. 231 – 235, Feb 2004. [ 6] M. Long, C.-H. Wu, J.D. Irwin, “Localized authentication for inter-network roaming across wireless LANs,” IEE Proc. Communications, Vol.151, No5, Oct. 2004. [ 5] W.-B. Lee, C.-K. Yeh, “A New Delegation-Based Authentication Protocol for Use in Portable Communication System”, IEEE Trans. Wireless Communication, Vol.4, No.1, pp. 57-64, Jan. 2005.
Performance Analysis • The Number of Exchanged Messages
Performance Analysis • Comparison of Computation Load at MS
Performance Analysis • Storage Overhead • Each MS: {IDMS, TIDMS, SKMS, RSMS, Kcomm} • ASFN : RSFN
Conclusion • The proposed off-line anonymous roaming authentication • Number of exchanged messages: 2 • Security Issues Anonymity, Mutual authentication, Non-repudiation, data privacy and data integrity • Low computation load at MS • Simple key management