Three-Party Authenticated Key Agreements and Its Applications- PCSs Roaming Protocol

1

Three-Party Authenticated Key Agreements and Its Applications- PCSs Roaming Protocol

李添福 (Tian-Fu Lee)國立成功大學資訊工程博士

Cryptography/ Network security/ Wireless networks communication/ Algorithmic graph theory/ Dat

abase and data engineering

2

Outlines

Three-Party Authenticated Key Agreements (3PAKA) Applications

Portable Communication Systems (PCSs) Roaming Protocol RFID Protocol E-Payment Protocol Electronic Medical Record Security and Privacy Vehicular Mobile Network

Proposed PCSs Roaming Protocol Delegation-Based Authentication Protocol for PCSs Security discussion Computational comparison & Experimental Results

Conclusions

3

Three-Party Authenticated Key Agreements

An authenticated key agreement protocol is an interactive method for two or more parties to determine session keys based on their secret keys or public/private keys.

AuthenticationAuthentication

Key agreement / key exchangeSK

Secure communication

Trusted server

4

Portable Communication Systems Roaming Protocol

Mobile Station

Visited Network Home NetworkPDA

cellular phone

notebook

5

RFID Protocol

Tag Reader Database Server

6

E-Payment Protocol

BuyerSeller

E-Bank

7

醫療資訊安全 - 電子病歷安全與隱私(Electronic Medical Record Security and Privacy)

IC card

Hospital

政府衛生行政單位電子病歷 Database

健保機關

一般民眾

8

Vehicular Mobile Network

9

Proposed PCSs Roaming Protocol

Delegation-Based Authentication Protocol for PCSs

10

Delegation-Based Authentication Protocol for PCSs

RegistrationOn-line authentication processi-th Off-line authentication process

11

Delegation-Based Authentication Protocol for PCSs

MS VN

HN

Delegation ((x),K)

(x,v=gx)

Public key (v)

Proxy signature

Verify the signature by v

12

On-line authentication process

Sing(msg.),K

VerifyK

MS (,K) VN (KVH; pk:v) HN (,KVH)

KIDMS

SK,h(token)

SK, token

Obtain SK Obtain SK

13

i-th Off-line authentication process

ESKi(tokeni,h(tokeni+1))

Verify tokeni

Keep h(tokeni+1) Compute SKi+1

MS (SKi, tokeni) VN (SKi, h(tokeni)) HN

Compute SKi+1

14

comparison

Previous Scheme: tokeni and tokeni+1 are independent. HN can forge tokeni Have not non-repudiation Charge Problem :

Mobile users deny has used services and refuse to pay. Overcharge mobile users for services that he did not request.

[IEEE Trans. Wireless Commun. 2005] Proposed Scheme:

All tokeni are chained by backward hash-chain and are decided by MS. HN cannot forge tokeni Have non-repudiation Pre-Compute and reduce the computational cost in MS.

[IEEE Trans. Wireless Commun. 2009]

15

i-th Off-line authentication process

ESKi(tokeni)Verify tokeni

Keep tokeni = h(tokeni+1) Compute SKi+1

MS (SKi, tokeni) VN (SKi, h(tokeni)) HN

Compute SKi+1

Pre-compute and store h(1)(n1),

h(2)(n1) (=tokenn),

…, h(n)(n1)(=token2),

h(n+1)(n1)(=token1) token1

16

Security Discussion

GSM MGSM Public-keybased scheme

Lee & Yeh'sScheme

ProposedScheme

Identity privacy No No No Yes Yes

Non-repudiation No No Yes No Yes

Mutual-authen.(MS-VN)

No No Yes Yes Yes

Easy key management

Yes Yes No Yes Yes

Low computational load

Yes Yes No Yes Yes

Good commu. efficiency

Yes Yes No Yes Yes

17

Computational comparison of MS

*: Can be pre-computed in this entry.

hash function secret-key computation(encryption/decryption)

public-key computation(signature/verification)

GSM 2(n+1) 1(n+1) 0

MGSM 1(n+1) 1(n+1) 0

Public-key based scheme 0 0 2n

Lee & Yeh's scheme

On-line 2 1 1Pre.*

Off-line 3n n 0

Proposed scheme On-line (n+1)Pre.*+2 1 1Pre.*

Off-line n n 0

18

Experimental Results

0

0.02

0.04

0.06

0.08

0.1

0.12

0.14

0.16

0.18

0.2

Pre-comp.

on-line off-line1 off-line2 off-line3 off-line4 off-line5

period

time(

ms)

Lee and Yeh's Protocol

Proposed Protocol

19

Experimental Results

84.2

84.22

84.24

84.26

84.28

84.3

84.32

84.34

84.36

84.38

84.4

Pre-comp.

on-line off-line1 off-line2 off-line3 off-line4 off-line5(Total)

period

time(

ms)

Lee and Yeh'sProtocol

Proposed Protocol

20

Conclusions

Three-party authenticated key agreements and its applications

Proposed secure and efficient delegation-based authentication protocol for PCSs

Future researchesVehicular Mobile NetworkElectronic Medical Record Security and Privacy

21

References

Lee, T.-F., Hwang, T. and Lin C.-L. “Enhanced Three-Party Encrypted Key Exchange without Server Public Keys,” Computers & Security, Volume: 23, Issue: 7, pp. 571-577, October, 2004.

Wen, H.-A., Lee, T.-F. and Hwang, T. “A Provably Secure Three-Party Password-based Authenticated Key Exchange Protocol Using Weil Pairing,” IEE Proc. Communications, Vol. 152, No. 2, pp. 138-143, April 2005.

Lee, T.-F., Liu, J.-L., Sung, M.-J., Yang, S.-B. and Chen, C.-M., “Communication-Efficient Three-Party Protocols for Authentication and Key Agreement”, Computers and Mathematics with Applications, Vol. 58, No, 4, pp.641-648, August, 2009.

Lee, T.-F., Chang, C.-C. and Hwang, T. “Private Authentication Techniques for the Global Mobility Network,” Wireless Personal Communications, Vol. 35,Issue: 4, pp. 329-336, December 2005.

Lee, W.-B. and Yeh, C.-K., “A new delegation-based authentication protocol for use in portable communication systems,” IEEE Trans. Wireless Commun., vol. 4, no.1, pp.57-64, January 2005.

Lee, T.-F., Chang, S.-H., Hwang, T. and Chong, S.-K., “Enhanced Delegation-Based Authentication Protocol for PCSs”, IEEE Trans. Wireless Commun., Vol.8, No. 5, pp. 2166-2171, May 2009.