Password-based user Password-based user authentication and key authentication and key distribution protocols distribution protocols for client-server for client-server applications applications Authors: Authors: Her-Tyan Yeh and Hung-Min Her-Tyan Yeh and Hung-Min Sun Sun Sources: Sources: The Journal of Systems an The Journal of Systems an d Software, Vol.72, pp.97-103, 200 d Software, Vol.72, pp.97-103, 200 4. 4. Adviser: Adviser: Min-Shiang Hwang Min-Shiang Hwang Speaker: Speaker: Chun-Ta Li Chun-Ta Li Date: Date: 2004/11/04 2004/11/04
Password-based user authentication and key distribution protocols for client-server applications
Dec 30, 2015
Password-based user authentication and key distribution protocols for client-server applications. Authors: Her-Tyan Yeh and Hung-Min Sun Sources: The Journal of Systems and Software, Vol.72, pp.97-103, 2004. Adviser: Min-Shiang Hwang Speaker: Chun-Ta Li Date: 2004/11/04. Outline. - PowerPoint PPT Presentation
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Password-based user authentication Password-based user authentication and key distribution protocols for and key distribution protocols for
client-server applicationsclient-server applications
Authors:Authors: Her-Tyan Yeh and Hung-Min SunHer-Tyan Yeh and Hung-Min SunSources:Sources: The Journal of Systems and Software, Vol.The Journal of Systems and Software, Vol.72, pp.97-103, 2004.72, pp.97-103, 2004.Adviser:Adviser: Min-Shiang HwangMin-Shiang HwangSpeaker:Speaker: Chun-Ta LiChun-Ta LiDate:Date: 2004/11/042004/11/04
2
OutlineOutline
• IntroductionIntroduction
• Description of notations and security requirementsDescription of notations and security requirements
• Key transfer authentication protocol (KTAP)Key transfer authentication protocol (KTAP)
• Key agreement authentication protocol (KAAP)Key agreement authentication protocol (KAAP)
• ConclusionsConclusions
• CommentsComments
3
IntroductionIntroduction
• Password-based mechanismPassword-based mechanism– User authenticationUser authentication– Password guessing attacksPassword guessing attacks– Server can use strong cryptographic secretServer can use strong cryptographic secret
• Session key creationSession key creation– Key transfer protocol (two-party, three-party)Key transfer protocol (two-party, three-party)– Key agreement protocol (two-party, three-Key agreement protocol (two-party, three-
party)party)
three-partythree-party
three-partythree-party
KTAPKTAP
KAAPKAAP
4
Introduction (cont.)Introduction (cont.)
• KKey ey TTransfer ransfer AAuthentication uthentication PProtocol (rotocol (KTAPKTAP))
• KKey ey AAgreement greement AAuthentication uthentication PProtocol (rotocol (KAAPKAAP))
Authentication Server
Client Application Server
Authentication Server
Client Application Server
authenticationauthenticationsession session
key (K)key (K)
session session key (K)key (K)
authenticationauthentication XX11 = g = gxx mod P mod P session session key key
(K)(K)
YY11 = g = gyy mod P mod P,, K = gK = gxy xy mod Pmod P
session session key key (K)(K)
XX11 YY11
5
Description of notations and Description of notations and security requirementssecurity requirements
• NotationsNotations– A: Client A: Client
– B: AP serverB: AP server
– S: Trust authentication serverS: Trust authentication server
– PPAA: Password shared between A and S: Password shared between A and S
– SSBB: Secret key shared between B and S: Secret key shared between B and S
– KKSS: Public key of the trust authentication server: Public key of the trust authentication server
– x, y, x, y, rara, , rbrb: Random numbers: Random numbers
– [info][info]KK : Symmetric encryption with key K : Symmetric encryption with key K
– {info}{info}KK: Asymmetric encryption with the Public key K: Asymmetric encryption with the Public key K
6
Description of notations and Description of notations and security requirements (cont.)security requirements (cont.)
• Security requirementsSecurity requirements– Guessing attacksGuessing attacks
• On-line guessing attackOn-line guessing attack
• Off-line guessing attackOff-line guessing attack
– Replay attacksReplay attacks
– Perfect forward secrecyPerfect forward secrecy
• AssumptionAssumption– All principals know the server’s public key Ks in the systemAll principals know the server’s public key Ks in the system
– A poorly chosen password PA poorly chosen password PAA chosen by A is known to S via a secure chosen by A is known to S via a secure
channelchannel
– The application server’s secret key SThe application server’s secret key SBB is known to S via a secure channel is known to S via a secure channel
7
Key transfer authentication Key transfer authentication protocol (KTAP)protocol (KTAP)
BB (Application server) (Application server)AA (Client) (Client)SS (Trust authentication server)(Trust authentication server)
{A, B, P{A, B, PAA, , rara}}KKSS[A, B, [A, K][A, B, [A, K]rara, K] , K] SSBB
[A, K][A, K]rara,[B, ,[B, rbrb]]KK
rbrb
h(K): session keyh(K): session key
8
Key transfer authentication Key transfer authentication protocol (cont.)protocol (cont.)
• Security analysisSecurity analysis– Guessing attacks --Guessing attacks --
• PPA A in Message 1 is used only to authenticate A’s statusin Message 1 is used only to authenticate A’s status
– Replay attacksReplay attacks• Attacker can get is {[A, B, [A, K]Attacker can get is {[A, B, [A, K]rara, K], K]SSBB
, [A, K], [A, K]rara, [B, rb], [B, rb]KK}}
– Perfect forward secrecyPerfect forward secrecy• Attacker can know PA: doesn’t know server’s private keyAttacker can know PA: doesn’t know server’s private key
unknownunknown
{A, B, P{A, B, PAA, , rara}}KKSS
unknownunknown
9
Key transfer authentication Key transfer authentication protocol (cont.)protocol (cont.)
• Comparison with the related worksComparison with the related works
10
Key agreement authentication Key agreement authentication protocol (KAAP)protocol (KAAP)
BB (Application server) (Application server)AA (Client) (Client)SS (Trust authentication server)(Trust authentication server)
{A, B, P{A, B, PAA, , rara, g, gxx}}KKSS[A, g[A, gxx] ] SSBB
ggyy, [B, , [B, rbrb]]KK
rbrb
K= gK= gxyxy(session key)(session key)
11
Key agreement authentication Key agreement authentication protocol (cont.)protocol (cont.)
• Security analysisSecurity analysis– Guessing attacks -- Guessing attacks --
• PPA A in Message 1 is used only to authenticate A’s statusin Message 1 is used only to authenticate A’s status• The attacker must also guess the value of The attacker must also guess the value of rara
– Replay attacks (forge Replay attacks (forge K`K`))• Attacker can get is {{A, B, PAttacker can get is {{A, B, PAA, , rara, g, gxx}, [A, g}, [A, gxx]]SSBB, [B, , [B, rbrb]]KK}}
– Perfect forward secrecyPerfect forward secrecy• Attacker can know PA: doesn’t know server’s private keyAttacker can know PA: doesn’t know server’s private key
{A, B, P{A, B, PAA, , rara, g, gxx}}KKSS
unknownunknownunknownunknown
unknownunknown
12
Key agreement authentication Key agreement authentication protocol (cont.)protocol (cont.)
• Comparison with the related worksComparison with the related works
13
ConclusionsConclusions
• Authors introduced key distribution protocols: Authors introduced key distribution protocols: KTAPKTAP and and KAAPKAAP
• These two protocols can be applied to various These two protocols can be applied to various communication systems in distributed computing communication systems in distributed computing environmentsenvironments
Thanks for your attentionThanks for your attention
Related Documents
