1 / 15

Date : 2012.09.13 Reporter : Hong Ji Wei

Cryptanalysis and Improvement of a Secure Authentication Scheme with Anonymity for Wireless Communications. Date : 2012.09.13 Reporter : Hong Ji Wei Authors : Chin-Chen Chang, Wei-Bin Lee, and Chia -Yin Lee

montana-irwin
Download Presentation

Date : 2012.09.13 Reporter : Hong Ji Wei

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cryptanalysis and Improvement of a Secure Authentication Scheme with Anonymity for Wireless Communications Date:2012.09.13 Reporter : Hong Ji Wei Authors : Chin-Chen Chang, Wei-Bin Lee, and Chia-Yin Lee From : 2009 Fifth International Conference on Intelligent Information Hiding and Multimedia Signal Processing

  2. INTRODUCTION 1 REVIEW OF WU,LEE AND TSAUR’S SCHEME 2 WEAKNESS OF WU,LEE AND TSAUR’S SCHEME 5 3 3 3 IMPROVED SCHEME CONCLUSION 6 4 4 4 OUTLINE SECURITY ANALYSIS

  3. INTRODUCTION • A good user authentication scheme not only provides high security but also protects user privacy. • Lee, Hwang, and Liao pointed out some security weaknesses in Zhu-Ma’s scheme and presented an improved edition in 2006. • Wu, Lee, and Tsaur pointed out that Lee,HwangLiao’s scheme doesn’t achieve all security properties.

  4. REVIEW OF WU,LEE AND TSAUR’S SCHEME This scheme can be divided into three phases • Initial Phase HA delivers a password and a smart card for MU through a secure channel. • First Phase FA authenticates to MU and establishes a session key. • Second Phase MU visits FA , and FA serves for MU.

  5. REVIEW OF WU,LEE AND TSAUR’S SCHEME • Symbles MU : Mobile User HA : Home Agent of a mobile user FA : Foreign Agent of the network IDA: Identity of A TA : Timestamp of A CertA : Certificate of A (X)K : Symmetric Encryption EK(X) : Asymmetric Encryption h(X) : Hash X using hash function PWA : Password of A PA: Public key of A SA: Private key of A

  6. REVIEW OF WU,LEE AND TSAUR’S SCHEME • Initial phase HA MU IDMU PWMU=h(N||IDMU) Registration PWMU , r , IDHA, h(.) Secure Channel

  7. REVIEW OF WU,LEE AND TSAUR’S SCHEME • First phase FA HA MU

  8. REVIEW OF WU,LEE AND TSAUR’S SCHEME • Second phase • In order to enhance the efficiency, while MU stays with the same FA, the new session key ki can be derived from the unexpired previous secret knowledge xi−1 and a fixed secret x as FA MU Authentication

  9. WEAKNESS OF WU,LEE AND TSAUR’S SCHEME • Anonymity FA HA MU

  10. WEAKNESS OF WU,LEE AND TSAUR’S SCHEME • Impersonate attack • If MU’s smart card is stolen by attacker who can perform impersonate attack.

  11. IMPROVED SCHEME • First phase FA HA MU

  12. IMPROVED SCHEME • Initial phase HA MU IDMU PWMU=h(N||IDMU) Registration PWMU , r , IDHA, h(.),h(N) Secure Channel

  13. IMPROVED SCHEME • Our improved scheme can against the impersonation attack. • Assume that an attacker can intercept n,IDHA,TMU • (h(IDMU)||x0||x)L transmitted from MU and modify • this message as n,IDHA,TMU,(h(IDMU’)||x0’||x’)L • However, the attacker still can’t forge a correct n to • pass the authentication processes without knowing • HA’s secret keyNand realIDMU

  14. CONCLUSION • We demonstrate some security flaws in Wu,Lee Tsaur’s scheme and propose an improvement to overcome these drawbacks. • The security analysis shows that our proposed scheme can solve these weaknesses by modifying some procedures of original scheme.

  15. Thank You !

More Related