date : 2012.09.13 reporter : hong ji wei
DESCRIPTION
Cryptanalysis and Improvement of a Secure Authentication Scheme with Anonymity for Wireless Communications. Date : 2012.09.13 Reporter : Hong Ji Wei Authors : Chin-Chen Chang, Wei-Bin Lee, and Chia -Yin Lee - PowerPoint PPT PresentationTRANSCRIPT
多媒體網路安全實驗室
Cryptanalysis and Improvement of a Secure Authentication Scheme
with Anonymity for Wireless Communications
Cryptanalysis and Improvement of a Secure Authentication Scheme
with Anonymity for Wireless Communications
Date: 2012.09.13
Reporter : Hong Ji Wei
Authors : Chin-Chen Chang, Wei-Bin Lee, and Chia-Yin Lee
From : 2009 Fifth International Conference on Intelligent Information Hiding and Multimedia Signal Processing
多媒體網路安全實驗室
OUTLINE
INTRODUCTION1
REVIEW OF WU,LEE AND TSAUR’S SCHEME2
WEAKNESS OF WU,LEE AND TSAUR’S SCHEME33
IMPROVED SCHEME44
35
2
SECURITY ANALYSIS
CONCLUSION46
多媒體網路安全實驗室
INTRODUCTION
3
A good user authentication scheme not only provides high security but also protects user privacy.
Lee, Hwang, and Liao pointed out some security weaknesses in Zhu-Ma’s scheme and presented an improved edition in 2006.
Wu, Lee, and Tsaur pointed out that Lee,Hwang Liao’s scheme doesn’t achieve all security properties.
多媒體網路安全實驗室
This scheme can be divided into three phases1. Initial Phase
HA delivers a password and a smart card for MU through
a secure channel.
2. First PhaseFA authenticates to MU and establishes a session key.
3. Second Phase
MU visits FA , and FA serves for MU.
4
REVIEW OF WU,LEE AND TSAUR’S SCHEME
多媒體網路安全實驗室
5
Symbles
MU : Mobile User
HA : Home Agent of a mobile user
FA : Foreign Agent of the network
IDA: Identity of A
TA : Timestamp of A
CertA : Certificate of A
(X)K : Symmetric Encryption
EK(X) : Asymmetric Encryption
h(X) : Hash X using hash function
PWA : Password of A
APE :Public key of A
ASE :Private key of APA : Public key of A
SA : Private key of A
REVIEW OF WU,LEE AND TSAUR’S SCHEME
多媒體網路安全實驗室
Initial phase
REVIEW OF WU,LEE AND TSAUR’S SCHEME
MU HA
IDMU
PWMU=h(N||IDMU)
PWMU , r , IDHA , h(.)
Secure Channel
Registration
( ) ( )HA MU
HA MU
r h N ID h N ID
ID ID
多媒體網路安全實驗室
7
First phase
REVIEW OF WU,LEE AND TSAUR’S SCHEME
MU FA HA
1. ( )
2.MU MU
MU
Compute
L h T PW
n r PW
0, ( ( ) ) , ,MU L HA MUn h ID x x ID T
0
0
, , ( ( ) ) , , ,
( ( , , ( ) ) , , )FA
MU L MU FA FA
S MU L MU FA
b n h ID x x T T Cert
E h b n h ID x x T Cert
1.
2.MU
FA
Check T and Generate b
Compute signature with S
0
0
1.
2. ( ) '
3. ( ( ) )
4. ( ') ( )
5.
6.C ( ( ( )) )FA
FA FA
HA HA MU
MU
MU MU
HA
P MU
Check Cert and T
Compute h N ID n ID ID
Decrypt h ID x x with L
Check h ID h ID and Generate c
Compute signature with S
ompute W E h h N ID x x
, , ( ( , , ( ( ), ))), ,HA FAS P HA HA HAc W E h b c E h w Cert Cert T
0
1.
2.
( ( ( || )) || || )
FA
MU
Decrypt W with S
Compute session key
k h h h N ID x x
0( ( ))MU kTCert h x x
0
1.
2. ( ( ))MU
Compute k
Decrypt TCert h x x with k
0( )MU kx TCert OtherInfomation
( ) ( )
( )
HA MU
HA MU MU
HA HA
n h N ID h N ID
ID ID PW
h N ID ID
( ) ( )
( )
HA MU
HA MU
MU MU
r h N ID h N ID
ID ID
PW h N ID
多媒體網路安全實驗室
Second phase
8
REVIEW OF WU,LEE AND TSAUR’S SCHEME
In order to enhance the efficiency, while MU stays with the same FA, the new session key ki can be derived from the unexpired previous secret knowledge xi−1 and a fixed secret x as
1 ( ( ( || )) || || ) 1,2,3...i MU ik h h h N ID x x for i n
MU FA
Authentication
, ( )iMU i MU kTCert x TCert OtherInfomation
1
2
1 0
1
2 1
2
( ( ( || )) || || )
( || || )
( ( ( || )) || || )
( || || )
MU
MU
MU
MU
k
k
k h h h N ID x x
x TCert OtherInformations
k h h h N ID x x
x TCert OtherInformations
多媒體網路安全實驗室
WEAKNESS OF WU,LEE AND TSAUR’S SCHEME
9
AnonymityMU FA HA
1. ( )
2.MU MU
MU
Compute
L h T PW
n r PW
0, ( ( ) ) , ,MU L HA MUn h ID x x ID T
0
0
, , ( ( ) ) , , ,
( ( , , ( ) ) , , )FA
MU L MU FA FA
S MU L MU FA
b n h ID x x T T Cert
E h b n h ID x x T Cert
1.
2.MU
FA
Check T and Generate b
Compute signature with S
0
0
1.
2. ( ) '
3. ( ( ) )
4. ( ') ( )
5.
6.C ( ( ( )) )FA
FA FA
HA HA MU
MU
MU MU
HA
P MU
Check Cert and T
Compute h N ID n ID ID
Decrypt h ID x x with L
Check h ID h ID and Generate c
Compute signature with S
ompute W E h h N ID x x
, , ( ( , , ( ( ), ))), ,HA FAS P HA HA HAc W E h b c E h w Cert Cert T
0
1.
2.
( ( ( || )) || || )
FA
MU
Decrypt W with S
Compute session key
k h h h N ID x x
0( ( ))MU kTCert h x x
0
1.
2. ( ( ))MU
Compute k
Decrypt TCert h x x with k
0( )MU kx TCert OtherInfomation
( ) ( )
( )
HA MU
HA MU MU
HA HA
n h N ID h N ID
ID ID PW
h N ID ID
( ) ( )
( )
HA MU
HA MU
MU MU
r h N ID h N ID
ID ID
PW h N ID
2.
( ) ( )
( )
MU
HA MU HA MU
MU
n r PW
h N ID h N ID ID ID
h N ID
1. ( ) ( )HA MU HA MUh N ID r h N ID ID ID
多媒體網路安全實驗室
Impersonate attackIf MU’s smart card is stolen by attacker who can perform
impersonate attack.
WEAKNESS OF WU,LEE AND TSAUR’S SCHEME
1. ' *
2. ker ', ( ), , ,
' ( ) ( ) *
' ( *
*
)
HA MU H
HA H
A MU
MU
A MU
HA HA MU
Compute n r PW
Attac have n
n h N ID h N ID ID ID PW
PW
h N ID ID ID PW
He can get fr n h N ID ID ID Po Wm
多媒體網路安全實驗室
IMPROVED SCHEME
11
First phaseMU FA HA
1. ( )
2 ( ( ) ). MU
MU MU
MU
Compute
L h T PW
n h h Nr P TW
0, ( ( ) ) , ,MU L HA MUn h ID x x ID T
0
0
, , ( ( ) ) , , ,
( ( , , ( ) ) , , )FA
MU L MU FA FA
S MU L MU FA
b n h ID x x T T Cert
E h b n h ID x x T Cert
1.
2.MU
FA
Check T and Generate b
Compute signature with S
0
0
1.
2. ( ) '
3. ( ( ) )
4. ( ') ( )
5.
6.C ( ( (
( (
)
)
)
)
)FA
MU
FA FA
HA HA MU
MU
MU MU
HA
P MU
Check Cert and T
Compute h N ID n ID ID
Decrypt h ID x x with L
Check h ID h ID and Generate c
Compute signature with S
ompute W E h h N ID x x
h h N T
, , ( ( , , ( ( ), ))), ,HA FAS P HA HA HAc W E h b c E h w Cert Cert T
0
1.
2.
( ( ( || )) || || )
FA
MU
Decrypt W with S
Compute session key
k h h h N ID x x
0( ( ))MU kTCert h x x
0
1.
2. ( ( ))MU
Compute k
Decrypt TCert h x x with k
1( )MU kx TCert OtherInfomation
( ) ( )
( )
HA MU
HA MU MU
HA HA
n h N ID h N ID
ID ID PW
h N ID ID
( ) ( )
( )
HA MU
HA MU
MU MU
r h N ID h N ID
ID ID
PW h N ID
1. ( ) ( )HA MU HA MUh N ID r h N ID ID ID
2. ( ( ) )
( ) ( )
( ) ( ( ) )
MU MU
HA MU HA MU
MU MU
n r PW h h N T
h N ID h N ID ID ID
h N ID h h N T
多媒體網路安全實驗室
IMPROVED SCHEME
Initial phase
MU HA
IDMU
PWMU=h(N||IDMU)
PWMU , r , IDHA , h(.),h(N)
Secure Channel
Registration
( ) ( )HA MU
HA MU
r h N ID h N ID
ID ID
多媒體網路安全實驗室
13
IMPROVED SCHEME
Our improved scheme can against the impersonation attack.
Assume that an attacker can intercept n,IDHA,TMU
(h(IDMU)||x0||x)L transmitted from MU and modify
this message as n,IDHA,TMU,(h(IDMU’)||x0’||x’)L
However, the attacker still can’t forge a correct n to
pass the authentication processes without knowing
HA’s secret key N and real IDMU
多媒體網路安全實驗室
CONCLUSION
We demonstrate some security flaws in Wu,Lee
Tsaur’s scheme and propose an improvement to overcome these drawbacks.
The security analysis shows that our proposed scheme can solve these weaknesses by modifying some procedures of original scheme.
14
多媒體網路安全實驗室