Monday, July 4, 2022 ARCHITECTURE OF A SERVER- AIDED SIGNATURE SERVICE (SASS) FOR MOBILE NETWORKS Source: P. Lorenz and P. Dini (Eds.): ICN 2005, LNCS 3421, pp. 819 – 826, 2005. Author: Liang Cai, Xiaohu Yang, and Chun Chen Presenter: Li-Tzu Chang
Friday, April 21, 2023
ARCHITECTURE OF A SERVER-AIDED SIGNATURE SERVICE(SASS) FOR MOBILE NETWORKS
Source: P. Lorenz and P. Dini (Eds.): ICN 2005, LNCS 3421, pp. 819 – 826, 2005.
Author: Liang Cai, Xiaohu Yang, and Chun ChenPresenter: Li-Tzu Chang
Friday, April 21, 2023
Outline Introduction Background Architecture of SASS Service
Overall Architecture Key Interfaces of SASS Service
Performance Analysis Conclusion
Friday, April 21, 2023
Introduction Traditionally
Asymmetric cryptographic techniques. Computationally expensive.
Currently Limited computational capabilities. Equally limited power(batteries). The RSA cryptosystems is the most widely used PKI cryptosystem for
key exchange and digital signatures. SSL commonly uses RSA-based key exchange, most PKI products use RSA
certificates. On PalmPilot
1024 bit RSA signature - 30 seconds. 1024 bit RSA key - 15 minutes.
Friday, April 21, 2023
Introduction Instead of every mobile device performing computationally
intensive cryptographic operations, we designed a Server-aided Signature Service (SASS) to offload work from clients in mobile networks.
SASS The encryption. Key exchange capabilities of Modadugu's protocol. The digital signature generation capability of the S3 protocol .
Friday, April 21, 2023
Introduction Use of SASS benefits mobile clients
Cryptographic hardware capable of performing single cryptographic operations faster than they can be performed by the client.
Offloading cryptographic operations from the client CPU to these remote accelerators can free the client for other operations.
Friday, April 21, 2023
Outline Introduction Background Architecture of SASS Service
Overall Architecture Key Interfaces of SASS Service
Performance Analysis Conclusion
Friday, April 21, 2023
Background Typical message flow between mobile client and server.
Friday, April 21, 2023
Background In order to reduce the computational load of the mobile clients,
only the server side has the RSA key pair (public key & private key), thus can generate the non-repudiation digital signatures.
The client side can only use the symmetric DES algorithm to achieve information privacy, but not non-repudiation.
Friday, April 21, 2023
Outline Introduction Background Architecture of SASS Service
Overall Architecture Key Interfaces of SASS Service
Performance Analysis Conclusion
Friday, April 21, 2023
Architecture of SASS Service
Friday, April 21, 2023
Architecture of SASS Service Key interfaces
ISASS_KeyGen( ) Help mobile client generate the key used for encryption and key exchange.
ISASS_Cert( ) Help mobile client initialize the key used for generating the digital signature.
ISASS_Sign( ) Help mobile client sign a message.
11
Friday, April 21, 2023
Outline Introduction Background Architecture of SASS Service
Overall Architecture Key Interfaces of SASS Service
Performance Analysis Conclusion
Friday, April 21, 2023
Overall Architecture The overall architecture is made up of three components:
CA
SASS service
Client
13
Friday, April 21, 2023
Overall Architecture Efficient generation of RSA keys on a low power mobile client
with the help of SASS service works as follows.
1.The client must hide the modulus p and the exponent p-1. To hide the modulus p the client intends to multiply it by a random number R and send the resulting N = p ⋅ R to the servers.
14
p is a 512-bit prime R is a 4096-bit random number
Friday, April 21, 2023
Overall Architecture Efficient generation of RSA keys on a low power mobile client
with the help of SASS service works as follows.
2. The server will perform computations modulo N = p ⋅ R .
3. The client will run a probabilistic test to verify that p is prime. This is done to ensure that the servers returned correct values.
15
Friday, April 21, 2023
Overall Architecture SASS based signature could be computed as follows:
16
使用者呼叫 API
1
API- 提供資料進行簽章- 一次性的票券
2
Friday, April 21, 2023
Overall Architecture SASS based signature could be computed as follows:
17
要求 Policy 授權 Alice 操作
3
Policy 決定授權 Aoperation rights revocation status and billing status
3
如果決定授權就會計算資料的half-signature 和其他參數,傳回給 Aliice
3
Friday, April 21, 2023
Overall Architecture SASS based signature could be computed as follows:
18
A 驗證 own half-signature 和SASS’s half-signature 。如果放在一起,兩者符合,驗證成功。產生 SASS 和 Alice 共有的憑證。
4
Friday, April 21, 2023
Overall Architecture Verifying a SASS signature :
Verifier obtains the signature and verifies the two halves using the accompanying certificates.
19
Friday, April 21, 2023
Outline Introduction Background Architecture of SASS Service
Overall Architecture Key Interfaces of SASS Service
Performance Analysis Conclusion
Friday, April 21, 2023
Key Interfaces of SASS Service ISASS_KeyGen(N, g, s) :X
It helps mobile clients offload the expensive exponentiation to SASS Server.
To do that, It calculates X = gs mod N , and returns X.
21
Friday, April 21, 2023
Key Interfaces of SASS Service ISASS_Cert(O, n, PKo , S) :
O choose a SASS server that shall be responsible for generating signatures on O's behalf.
generates a random secret key KO .
Constructs the hash chainKo
n=SHAo(SHAo(···SHAo(Ko) ···))
O submits the root public key PKo = Kon to CA.
CA return the certificate for O's root public key:(O,n, PK , S)SKCA .
22
Mobile client OSASS server S
Friday, April 21, 2023
Key Interfaces of SASS Service ISASS_Sign(O, MD5(m), i, Ko
i ) : (O, MD5(m), i, Koi )SKS
S verifies the received public key based on O's root public key.Checks SHAo
n-i (Koi) = Pko
S has to ensure that only one signature can be created for a given (O, i, Ko
i ).
If a message on behalf of O containing Koi has not yet been
signed, S signs (O, MD5(m), i, Ko
i ), records Koi as consumed, and
sends the signature (O, MD5(m), i, Koi )SKS back to O.
23
Koi is O's current public key.
Friday, April 21, 2023
Outline Introduction Background Architecture of SASS Service
Overall Architecture Key Interfaces of SASS Service
Performance Analysis Conclusion
Friday, April 21, 2023
Performance Analysis
25
Friday, April 21, 2023
Performance Analysis
26
Friday, April 21, 2023
Outline Introduction Background Architecture of SASS Service
Overall Architecture Key Interfaces of SASS Service
Performance Analysis Conclusion
Friday, April 21, 2023
Conclusion A secure “cell phone-banking” application has been
implemented on SASS architecture in CDMA-1X mobile network.
SASS can significantly improve the performance of mobile client's cryptographicoperation;
SASS is a highly scalable service suitable for variant mobileapplications and future critical applications which require longer key length.
28