1 / 10

Comments on Mutual Authentication and Key Exchange Protocols for Low Power Wireless Communications

This article analyzes the vulnerabilities and limitations of server-specific MAKEP and linear MAKEP protocols for low power wireless communications. It proposes improvements to overcome these limitations, particularly in addressing the unknown key-share attack.

abrenda
Download Presentation

Comments on Mutual Authentication and Key Exchange Protocols for Low Power Wireless Communications

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Comments on Mutual Authentication and Key Exchange Protocols for Low Power Wireless Communications Source: IEEE COMMUNICATIONS LETTERS, Vol.8, No.4, APRIL 2004, pp.262-263 Author: Siaw-Lynn Ng and Chris Mitchell Speaker: Ming-Chai Li Date: 2004/12/27

  2. Outline • Introduction • Server-Specific MAKEP • Linear MAKEP • Conclusion

  3. Introduction • MAKEP (Wong and Chan,2001) • Server-specific MAKEP • Each certificate is server-specific • If there are n distinct server that A wants to communicate, she needs n distinct certificates • Linear MAKEP( ) • Allow each client to communicate with as many servers as it wants without inducing any scalability problems. • Any certificate can be used to communicate with any server

  4. Introduction • Unknown key-share (U K-S) attack (Shim,2003): A – E – B • This paper proposed that: • The attack on linear MAKEP does not achieve • Demonstrate further limitations of the two protocols

  5. Server-Specific MAKEP • A -> B: • B -> A: • A -> B: : A’s long-live symmetric key : nonces chosen by A, B Session key

  6. Server-Specific MAKEP • Problem: the server B can always control the session key by putting • This problem can be avoided by • A -> B: • B -> A: • A -> B: • h is a one-way hash function

  7. Linear MAKEP • Let p be a prime, be a primitive element • A chooses as its secret keys • The corresponding public keys is • For each pair of public keys ,a certificate is obtained from the TA • A -> B: • B -> A: • A -> B: B checks , computes key • B -> A:

  8. Linear MAKEP(U K-S Attack) • The unknown key-share attack proposed by Shim will fail at the last step: A E B

  9. Weakness of the protocol • An eavesdropper E can obtain in the first run, in a subsequent run • Compute to get and then get • After that E can impersonate A to any other servers • In the third step, change to would prevent an eavesdropper from launching such an attack

  10. Conclusions • Point out an error in the U K-S attack proposed by Shim • Show further limitations of these protocols and suggested improvements

More Related