1 A Novel Privacy Preserving Authentication and Access Control Scheme for Pervasive Computing Environments Authors: Kui Ren, Wenjing Lou, Kwangjo Kim, and Robert Deng Sources: IEEE Transactions on Vehicular Technology, 55(4), pp. 1373-1384, July 2006. Reporter: Chun-Ta Li ( 李李李 )
16
Embed
Authors: Kui Ren, Wenjing Lou, Kwangjo Kim, and Robert Deng
A Novel Privacy Preserving Authentication and Access Control Scheme for Pervasive Computing Environments. Authors: Kui Ren, Wenjing Lou, Kwangjo Kim, and Robert Deng Sources: IEEE Transactions on Vehicular Technology, 55(4), pp. 1373-1384, July 2006. Reporter: Chun-Ta Li ( 李俊達 ). Outline. - PowerPoint PPT Presentation
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
1
A Novel Privacy Preserving Authentication and Access Control Scheme for Pervasive Computing
Environments
Authors: Kui Ren, Wenjing Lou, Kwangjo Kim, and Robert DengSources: IEEE Transactions on Vehicular Technology, 55(4), pp. 1373-1384, July 2006.Reporter: Chun-Ta Li (李俊達 )
Integrates digital devices (such as computers, handheld devices, sensors and actuators) seamlessly with everyday physical devices (such as electrical appliances and automobiles).
Three components [James Kurose and Keith Ross, 2004] Nomadic computing: wireless-technology Sensor-based smart spaces: environment-monitoring Mobile computing data management
The proposed scheme (cont.) User operational protocol
Mobile user U Service provider SAccess point P
10. Compute KUP=h(Cn, rP, rU, 0), K’UP = h(Cn, rP, rU, 1). 11. Decrypt and verifies rU, Cn, P
12. Encrypt Xm0 = {m0}K’UP
13. Compute hKUP(Xm0
)
14. Send rP, rU, Xm0, hKUP
(Xm0)
15. Verify Xm0 using KUP
16. Decrypt m0 using K’UP… …… …
rP, rU, Xmi, hKUP
(Xmi)
authenticated data traffic
authenticated data traffic
13
Analysis
14
Comments Cryptanalysis of anonymity property
Service provider S
Step 1: Get U, CU = {r’U}PubKSID * Cn in Credential Authorization phase
Step 2: Sign CU as CS {CU}PriKSID = r’U * {Cn}PriKSID
Step 3: Store U, CU, CS = {CU}PriKSID = r’U * {Cn}PriKSID
in their own DB
Step 4: Get Cn, {Cn}PriKSID in User Operational phase
Step 5: Compute CS / {Cn}PriKSID to derive r’U
Step 6: Compute C’U = {r’U}PubKSID * Cn
to verify whether C’U = CU holds or not.
Step 7: If it holds, S confirms that mobile user U accesses the service; otherwise, S continually executes the previous Steps from 4 to 6.
15
Comments (cont.) Efficiency improvement in user operational
phase compared Cj with all Cjs stored in S’s DB
Time complexity is O(n) if there are n users in DB
solution: Useri generates a TID in access request message and sends it to service provider to store the TID of useri Time complexity is O(1)
16
Comments (cont.) Service abuse problem
No one can derive the value of Cn unless user itself and thus anyone can fabricate an invalid Cn with a valid CertU to access the service without limits even than a valid user can deny his accesses.
CertU must keep secret for outsiders
{U, CU, CertU, SID}PubKS
Mobile user U (a certificate CertU) Service provider S