secure anonymous authentication scheme with roaming for mobile networks
DESCRIPTION
Secure Anonymous Authentication Scheme with Roaming for Mobile Networks. sPEAKER : Hong- Ji Wei Date: 2012-12-28. Outline. Introduction Review of Kim et al.’s Scheme Weakness of Kim et al.’s Scheme Our Improved Scheme Security Analysis Conclusion. 1. Introduction (1/2). - PowerPoint PPT PresentationTRANSCRIPT
S P E A K E R : H O N G - J I W E I
D AT E : 2 0 1 2 - 1 2 - 2 8
Secure Anonymous Authentication Scheme with
Roaming for Mobile Networks
2
Outline
1. Introduction
2. Review of Kim et al.’s Scheme
3. Weakness of Kim et al.’s Scheme
4. Our Improved Scheme
5. Security Analysis
6. Conclusion
3
1. Introduction (1/2)
Mun et al. proposed an anonymous authentication scheme with roaming for mobile networks on February, 2012.
Unfortunately, Kim et al. pointed out that Mun et al.'s scheme contains two weaknesses which is replay attack and man-in-the-middle attack on July, 2012.
In order to improve these weaknesses, they proposed an improved roaming authentication scheme with anonymity.
4
1. Introduction (2/2)
In this paper, we analyze Kim et al.’s scheme and point out the weakness in existence.
At the same time, we also propose an enhanced roaming authentication scheme to overcome the weakness of Kim et al.’s scheme.
5
2. Review of Kim et al.’s Scheme (1/5)
Notations of Kim et al.'s schemeMU Mobile UserFA Foreign AgentHA Home AgentPWX Password of an entity XIDX Identity of an entity X
h(.) One-way hash functionN/N' Random nonce of current session / Random nonce of next session⊕ Exclusive OR operation|| Concatenation operationfK MAC generation function by using key K
KXY Session key between entity X and Y
PRNG(.) Pseudo Random Number Generator
6
This scheme contains three main phases1. Registration2. Authentication and key establishment3. Update session key
2. Review of Kim et al.’s Scheme (2/5)
Notations of Kim et al.'s schemeEK/DK Symmetric Encryption/Decryption with key K
P Password of mobile userx Secret key of HAy Random nonce generates for each mobile user
7
Registration
2. Review of Kim et al.’s Scheme (3/5)
MU HA
)||(
)||( .1
NPhCompute
PIDhComputeNGenerate
MU
)||(),||(,.2 NPhPIDhID MUMU
))||(||)||((
)||()||(
)()(
)||(),||()||( .3
NPhIDxhhVCompute
NPhIDxhKCompute
yhxhBCompute
NPhPIDhStorePIDhCheck
MU
MU
MU
MU
(.)},,,,,,{.4 hyVKBIDIDcardSmart HAMU
(.)},,,,,,,{
.5
hyNVKBIDIDcardSmart
cardsmartinNStore
HAMU
Secure Channel
Secure Channel
8
Authentication and key establishment
2. Review of Kim et al.’s Scheme (4/5)
MU FA HA
))||(||)'||((
)'||(
)||(
)||()(
)||()||(
)()(
'
?.1
5
4
3
2
1
NPhNPhhc
NPhKc
VIDxhc
PIDhxhc
IDxhNPhKc
yhBxhCompute
NGenerate
IDIDCheck
MU
MU
MU
MUMU
5432 ,,,,.4 ccccIDFA
HAIDStore.3
)||(
))||(||)'||(||(
))||(||)'||(||(
?'
))||(||)'||(('
)'||(
)||()||(K
)||(
))||(||)||(('
)||()*,||(
)(2)*||(.5
78
7
6
55
5
4
3
caPEc
NPhNPhIDhc
NPhNPhKhc
aPCompute
aSelect
ccCheck
NPhNPhhc
KcNPh
NPhIDxh
VcIDxh
NPhPIDhhVCompute
NPhPIDhExtract
xhcPIDhCompute
V
FA
MU
MU
MU
MU
MU
aPccIDID FAHA ,,,,.6 86
aPStore
IDIDCheck FAHA
,.7aPccIDID FAHA ,,,,.8 86
)||(
)(
?'
))||(||)'||(||('
))||((
?'
))||(||)'||(||('
.9
MF
MF
77
7
7
66
6
bPIDfS
abPhK
bPCompute
bSelect
ccCheck
NPhNPhIDhc
caPEDCompute
ccCheck
NPhNPhKhcCompute
IDCheck
FAK
FA
VV
HA
MF
MFSbP,.10?'
)||('
)( .11
MFMF
MF
MF
SSCheck
bPIDfS
abPhKCompute
FAKMF
5432 ,,,,.2 ccccIDHA
9
Update session key
2. Review of Kim et al.’s Scheme (5/5)
MU FAPb i.2
Pb Compute b Select
i
i.1
)(
)(.3
Pba||Pbaf SCompute
PbahKP,a Compute a Select
1i1iiiKMF
iiMFi
i
iMFi
i
iMFi SP,a .4
ii
iMFi
i
MFMF
1i1iiiKMF
iiMF
S with' SCompare
Pba||Pbaf' SCompute
PbahK Compute
)(
)(.5
10
3. Weakness of Kim et al.’s Scheme (1/3)
The weakness of Kim et al.'s scheme can be found in two phases.
1. Authentication and establishment of session key
2. Update session key
11
Authentication and establishment of session key
3. Weakness of Kim et al.’s Scheme (2/3)
MU FA HA
))||(||)'||((
)'||(
)||(
)||()(
)||()||(
)()(
'
?.1
5
4
3
2
1
NPhNPhhc
NPhKc
VIDxhc
PIDhxhc
IDxhNPhKc
yhBxhCompute
NGenerate
IDIDCheck
MU
MU
MU
MUMU
5432 ,,,,.4 ccccIDFA
HAIDStore.3
)||(
))||(||)'||(||(
))||(||)'||(||(
?'
))||(||)'||(('
)'||(
)||()||(K
)||(
))||(||)||(('
)||()*,||(
)(2)*||(.5
78
7
6
55
5
4
3
caPEc
NPhNPhIDhc
NPhNPhKhc
aPCompute
aSelect
ccCheck
NPhNPhhc
KcNPh
NPhIDxh
VcIDxh
NPhPIDhhVCompute
NPhPIDhExtract
xhcPIDhCompute
V
FA
MU
MU
MU
MU
MU
aPccIDID FAHA ,,,,.6 86
aPStore
IDIDCheck FAHA
,.7aPccIDID FAHA ,,,,.8 86
)||(
)(
?'
))||(||)'||(||('
))||((
?'
))||(||)'||(||('
.9
MF
MF
77
7
7
66
6
bPIDfS
abPhK
bPCompute
bSelect
ccCheck
NPhNPhIDhc
caPEDCompute
ccCheck
NPhNPhKhcCompute
IDCheck
FAK
FA
VV
HA
MF
MFSbP,.10?'
)||('
)( .11
MFMF
MF
MF
SSCheck
bPIDfS
abPhKCompute
FAKMF
5432HA c,c,c,c,ID.2
Replay attack
12
Update session key
3. Weakness of Kim et al.’s Scheme (3/3)
MU FAPb i.2
Pb Compute b Select
i
i.1
)(
)(.3
Pba||Pbaf SCompute
PbahKP,a Compute a Select
1i1iiiKMF
iiMFi
i
iMFi
i
iMFi SP,a .4
ii
iMFi
i
MFMF
1i1iiiKMF
iiMF
S with' SCompare
Pba||Pbaf' SCompute
PbahK Compute
)(
)(.5
Replay attack
13
4. Our Improved Scheme (1/3)
Registration
MU HA
)||(
)||( .1
0
0
NPhCompute
PIDhComputeNGenerate
MU
)||(),||(,.2 0NPhPIDhID MUMU
))||(||)||((
)||()||(
)()(
)||(),||()||( .3
0
0
0
NPhIDxhhVCompute
NPhIDxhKCompute
yhxhBCompute
NPhPIDhStorePIDhCheck
MU
MU
MU
MU
(.)},,,,,,{.3 hyVKBIDIDcardSmart HAMU
)}({
.4
.hy,,NV,K,B,,ID,IDcardSmart
cardsmartinN Store
0HAMU
0
Secure Channel
Secure Channel
14
Authentication and establishment of session key
4. Our Improved Scheme (2/3)
MU
)||(
))||(||)||((
)||(
)||(
)||()(
)||()||(
)()(
nifor,NGenerate
?IDIDCheck.1
1i
MUMU
1i
i1i5
1i4
MU3
MU2
MU01
NPh Store
NPhNPhhc
NPhKc
VIDxhc
PIDhxhc
IDxhNPhKc
yhBxhCompute
0
5432 ,,,,.2 ccccIDHA
5432 ,,,,.4 ccccIDFA
HAIDStore.3
sethe databainNPhStore
caPEc
NPhNPhIDhc
NPhNPhKhc
aPCompute
aSelect
ccCheck
NPhNPhhc
KcNPh
NPhIDxh
VcIDxh
NPhPIDhhVCompute
NPhPIDhExtract
xhcPIDhCompute
i
V
iiFA
ii
ii
i
MU
MU
MU
MU
MU
)||(
)||(
))||(||)||(||(
))||(||)||(||(
?'
))||(||)||(('
)||(
)||()||(K
)||(
))||(||)||(('
)||()*,||(
)(2)*||(.5
1
78
17
16
55
15
41
0
3
0
0
aPccIDID FAHA ,,,,.6 86
aPStore
IDIDCheck FAHA
,.786 ,,,.8 ccIDID FAHA
)||(
)(
?'
))||(||)||(|('
))||((
?'
))||(||)||(||('
.9
MF
MF
77
17
7
66
16
bPIDfS
abPhK
bPCompute
bSelect
ccCheck
NPhNPhIDhc
caPEDCompute
ccCheck
NPhNPhKhcCompute
IDCheck
FAK
iiFA
VV
ii
HA
MF
MFSbP,.10?'
)||('
)( .11
MFMF
MF
MF
SSCheck
bPIDfS
abPhKCompute
FAKMF
FA HA
15
Update session key
4. Our Improved Scheme (3/3)
MU FA)(. 2 PbE iK 1-iMF
)(
.1
PbaK Compute
Pb Compute b Select
1i1iMF
i
i
1-i
)(
)(
))( (
)( .3
Pba||Pbaf SCompute
PbaKP,a Computea Select
PbED Compute
PbaK Compute
1i1iiiKMF
iiMFi
i
iK
1i1iMF
iMFi
i
1-iMFK1-iMF
1-i
)(.4i1-iMF MFiK SP,aE
ii
iMFi
i
i1-iMFK1-iMF
1-i
MFMF
1i1iiiKMF
iiMF
MFiK
1i1iMF
S with' SCompare
Pba||Pbaf' SCompute
PbaK Compute
SP,aED Compute
PbaK Compute
)(
)(
))( (
)(.5
16
5. Security Analysis (1/3)
Authentication and establishment of session keyMU
5432 ,,,,.2 ccccIDHA
5432 ,,,,.4 ccccIDFA
HAIDStore.3
sethe databainNPhStore
caPEc
NPhNPhIDhc
NPhNPhKhc
aPCompute
aSelect
ccCheck
NPhNPhhc
KcNPh
NPhIDxh
VcIDxh
NPhPIDhhVCompute
NPhPIDhExtract
xhcPIDhCompute
i
V
iiFA
ii
ii
i
MU
MU
MU
MU
MU
)||(
)||(
))||(||)||(||(
))||(||)||(||(
?'
))||(||)||(('
)||(
)||()||(K
)||(
))||(||)||(('
)||()*,||(
)(2)*||(.5
1
78
17
16
55
15
41
0
3
0
0
aPccIDID FAHA ,,,,.6 86
aPStore
IDIDCheck FAHA
,.786 ,,,.8 ccIDID FAHA
)||(
)(
?'
))||(||)||(|('
))||((
?'
))||(||)||(||('
.9
MF
MF
77
17
7
66
16
bPIDfS
abPhK
bPCompute
bSelect
ccCheck
NPhNPhIDhc
caPEDCompute
ccCheck
NPhNPhKhcCompute
IDCheck
FAK
iiFA
VV
ii
HA
MF
MFSbP,.10?'
)||('
)( .11
MFMF
MF
MF
SSCheck
bPIDfS
abPhKCompute
FAKMF
FA HA
)||(
))||(||)||((
)||(
)||(
)||()(
)||()||(
)()(
nifor,NGenerate
?IDIDCheck.1
1i
MUMU
1i
i1i5
1i4
MU3
MU2
MU01
NPh Store
NPhNPhhc
NPhKc
VIDxhc
PIDhxhc
IDxhNPhKc
yhBxhCompute
0
Replay
17
5. Security Analysis (2/3)
Update session key
MU FA)(. 2 PbE iK 1-iMF
)(
.1
PbaK Compute
Pb Compute b Select
1i1iMF
i
i
1-i
)(
)(
))( (
)( .3
Pba||Pbaf SCompute
PbaKP,a Computea Select
PbED Compute
PbaK Compute
1i1iiiKMF
iiMFi
i
iK
1i1iMF
iMFi
i
1-iMFK1-iMF
1-i
)(.4i1-iMF MFiK SP,aE
ii
iMFi
i
i1-iMFK1-iMF
1-i
MFMF
1i1iiiKMF
iiMF
MFiK
1i1iMF
S with' SCompare
Pba||Pbaf' SCompute
PbaK Compute
SP,aED Compute
PbaK Compute
)(
)(
))( (
)(.5
Replay
18
5. Security Analysis (3/3)
Comparison table
19
6. Conclusion (1/1)
In this paper, we propose an enhanced anonymous scheme to improve the weakness of replay attack in Kim et al.'s scheme.
From the security analysis, we can know that our scheme indeed can prevent the replay attack in Authentication and establishment of session key and update session key phases.
20
Many thanks for your listening
Q & A
21
Registration
Hong-Ji's Scheme (1/3)
MU HA
MUP 1.Select MUMU P,2.ID
database the into PWU, Store
PPWVCompute
P||IDhPWCompute
N||PhUCompute
P Select N Generate 3.
MU
HAMU
MUMUMU
MUHA
MU
i
i
)(
)(
and
)}({ .hV,P,,N,PW,IDcard Smart4.iMUMUHA
Secure Channel
Secure Channel
22
Authentication and key establishment
Hong-Ji's Scheme (2/3)
MU FA HA
))||()||((
)||(
)||(
)||(
Compute
.1
2
1
1iMUHAiMUHA4
FA1iMU3
1iMUMUMU
iMUHA
MUHA
1iMU
MUMU
NPhNPhh S
IDNh S
NPIDh S
NPh S
VPWP
NGenerate
?PWPWCheck
4321FA S,S,S,S,ID 4.
HAIDStore.3
NPh NPh Replace
aPS S
NPhaPh S
NPhIDh S
NPhIDh S
aPCompute
a Select
?S' Sand S'SCheck
NPhNPhh'S
IDNh' S
PIDhSNCompute
NPhbyPIDhExtract
1ii
1i
1i
1i
1ii
1i
1i
i
MUHAMUHA
58
MUHA7
MUHAFA6
MUHAHA5
4433
MUHAMUHA4
FAMU3
MUMU2MU
MUHAMUMU
)||(with)||(
))||(||(
))||(||(
))||(||(
))||()||((
)||(
)||(
)||()||(.5
aP,S,S,S,ID 876HA.6
aP Store
IDCheck HA.7876FA S,S,S,ID .8
bPaP S
bPKhC
abPhK
bPCompute
b Select
?S'SCheck
NPhaPh'SCompute
NPhIDhSaPCompute
?S'SCheck
NPhIDh'SCompute
9
MFMF
MF
77
MUHA7
MUHAHA8
66
MUHAFA6
1i
1i
1i
)||(
)(
))||(||(
))||(||(
))||(||(.9
MF9 ,C S.10
aP C Store
?C'CCheck
bPKh'C
abPhK
SaPbP Compute
MF,
MFMF
MFMF
MF
9
)||(
)(
.11
4321HA S,S,S,S,ID .2
23
Update session key
Hong-Ji's Scheme (3/3)
MU FAiMFC M, .2
aPPbM Compute Pb Compute
b Select
i
i
i
.1
)(
)(
.3
Pa||KhC Compute PbPaF Compute
PbahKP,a Compute a Select
aPMPb Compute Cby aP Extract
iMF
ii
iiMFi
i
i
iMF
1iMF1i
1i
1iMFC F,
.4
1i1i
1i1i
1i
MFMF
iMFMF
iiMF
ii
C with'C Compare
Pa||Kh'C Compute
PbahK Compute PbFPa Compute
)(
)(.5
24
Authentication and key establishment
Hong-Ji's Scheme (2/3)
MU FA HA
))||()||((
)||(
)||(
)||(
Compute
.1
2
1
1iMUHAiMUHA4
FA1iMU3
1iMUMUMU
iMUHA
MUHA
1iMU
MUMU
NPhNPhh S
IDNh S
NPIDh S
NPh S
VPWP
NGenerate
?PWPWCheck
aPS,S,S,S,ID 4321FA ,.4
aPand ID Store
aPCompute
a Select
HA
.3
NPh NPh Replace
NPhaPh S
NPhIDh S
NPhIDh SCompute
?S' Sand S'SCheck
NPhNPhh'S
IDNh' S
PIDhSNCompute
NPhbyPIDhExtract
1ii
1i
1i
1i
1ii
1i
1i
i
MUHAMUHA
MUHA7
MUHAHA6
MUHAFA5
4433
MUHAMUHA4
FAMU3
MUMU2MU
MUHAMUMU
)||(with)||(
))||(||(
))||(||(
))||(||(
))||()||((
)||(
)||(
)||()||(.5
aP,S,S,S,ID 765HA.6
aPandIDCheck HA.7aPS,S,S,ID 765FA ,.8
)||(
)(
))||(||(
))||(||(
))||(||(.9
bPKhC
abPhK
bPCompute
b Select
?S'SCheck
NPhaPh'SCompute
?S'SCheck
NPhIDh'SCompute
?S'SCheck
NPhIDh'SCompute
MFMF
MF
77
MUHA7
66
MUHAHA6
55
MUHAFA5
1i
1i
1i
MFbP,C .10
MF
MFMF
MFMF
MF
C Store
?C'CCheck
bPKh'C
abPhKCompute
)||(
)(.11
4321HA S,S,S,S,ID .2
25
Update session key
Hong-Ji's Scheme (3/3)
MU FA
iMFi C P,b .2
Pb Compute b Select
i
i.1
1i
1iMF1i
1i
MFiMF
iMF
iiMFi
i
iMF
CwithCReplace
Pa||KhC Compute
PbahKP,a Compute a SelectC Check
)(
)(
.3
1iMFi C P,a
.4
1i
1i1i
1i1i
1i
MF
MFMF
iMFMF
iiMF
C Store
C with'C Compare
Pa||Kh'C Compute
PbahK Compute
)(
)(.5