guomin yang et al. ieee transactions on wireless communication vol. 6 no. 9 september 2007 1
TRANSCRIPT
1
Anonymous and Authenti-cated Key Exchange for Roaming Networks
Guomin Yang et al.IEEE Transactions on Wireless Communication Vol. 6 No. 9 September 2007
2
Agenda
Preliminaries Introduction Security requirements Proposed Scheme : AAKE-R Analysis Conclusion
3
Preliminaries(1/9)Basic requirements of network security
Data Confidentiality – keeping infor-mation secret from all but who are authorized to it
Eavesdropping
A B
C
4
Preliminaries(2/9) Basic requirements of network security
Authentication – corroboration of identity of entity
Impersonation
A B
C
5
Preliminaries (3/9) Symmetric key cryptosystem
a.k.a Secret key cryptosystem Symmetric encryption for data confidentiality
Message Authentication Code (MAC) for Authentication
6
Preliminaries (4/9) Asymmetric key cryptosystem
a.k.a Public key cryptosystem Asymmetric encryption for data confidentiality
Digital signature scheme for Authentication
7
Preliminaries (5/9) Symmetric vs Asymmetric
Symmetric key cryptosystem
Asymmetric key cryptosystem
Computation speed Fast Slow
Key distribution Difficult Easy
The number of entire keys
n(n-1)/2 2n
Comparison table
8
Preliminaries (6/9) Authenticated Key Exchange (AKE)
Key distribution in symmetric setting is a problem
Two different types of key
Long-term key ▪ Set up initial key for each entity▪ Key Pre-distribution System
Session (short-term) key ▪ After long-term key set up, share secret information among 2 or
multi entities▪ Key Establishment System
Authenticated key exchange is a solution to estab-lish session key
9
Preliminaries (7/9) Authenticated key exchange (AKE)
In asymmetric setting, two entities au-thenticate each other and establish ses-sion key using digital signature scheme.
Key transport: one party creates and transfers it to the other(s)
Key exchange: a shared secret is derived by two or more parties as a function of information contrib-uted by. No party can determine the resulting value.
10
Preliminaries (8/9) Diffie-Hellman key exchange
To authenticate each other, these values should be signed using digital signature scheme
11
Preliminaries (9/9) Cryptographic hash function
A cryptographic hash function is a trans-formation that takes an input and returns a fixed-size string, which is called the hash value
One-wayness – calculating H(x) = y is easy, but given y, to find x is difficult
Collision free – Two different x1, x2 cannot have the same hash value y
12
Introduction (1/2) Roaming network
A technology lets a user originally sub-scribed to a network can travel to another network administrated by a different opera-tor and access services provided by this network as a visiting user or a guest
User can enjoy a much broader coverage in terms of services or geographical areas without being limited by that of their own networks
13
Introduction (2/2) Roaming network
Home server Foreign server
Roaming user
Home service area Foreign service
area
14
Security requirements
Server Authentication – The user is sure about the identity of the foreign server
Subscription validation – The foreign server is sure about the iden-tity of the home server of the user
Key Establishment – The user and the foreign server establish a random session key which is known only to them and is derived from contributions of both of them. In particular, the home server should not obtain the session key
User Anonymity – Besides the user and the home server, no one including the foreign serve can tell the identity of the user
User Untraceability – Besides the user and the home server, no one including the foreign server is able to identify any previous protocol runs which have the same user involved
15
Proposed AAKE-R(1/5)Notation
Notation table
16
Proposed AAKE-R (2/5) Building blocks
AKE (Authenticated Key Exchange)
AAKE (Anonymous Authenticated Key Exchange)
AKT (Authenticated Key Transport)
17
Proposed AAKE-R (3/5) Assumption
There is a direct link between roaming user and foreign server and another direct link between home server and foreign server
Roaming user know the public key of foreign server
Each user knows its home server’s public key and each server knows the public keys of all its sub-scribers
All servers know the public keys of all other servers in roaming network
18
Proposed AAKE-R (4/5)Proposed scheme
19
Proposed AAKE-R (5/5) optimized version
20
Security analysis
Server AuthenticationSubscription validation Key EstablishmentUser Anonymity & User traceabil-ity
21
Comparison with other pro-tocols
22
Conclusion
A secure and generic AAKE-R construction using AAKE and AKT as building blocks
It satisfies the security requirements of AAKE-R suggested by the authors
23
Weak points
User privacy violation – The home server can track roaming user
They do not suggest detailed performance evaluation. I think the overhead is big due to several asymmetric computation
24
Future work
Addressing user tracking problem by home server
Study of additional requirements such as supporting differentiated access
Try to find a way to reduce the number of asymmetric computation modifying AAKE-R or design novel AAKE-R that has lower computation overhead even though it satis-fies same requirements