1 / 36

Authentication Protocols for E-Commerce Applications ( 認證協定在電子商務上之應用 )

Authentication Protocols for E-Commerce Applications ( 認證協定在電子商務上之應用 ). 指導教授: Chin-Chen Chang 張真誠博士 博士生 : Jen-Ho Yang 楊仁和 Department of Computer Science and Information Engineering, National Chung Cheng University June 11, 2009. Outline. Introduction

josephnguyen
Download Presentation

Authentication Protocols for E-Commerce Applications ( 認證協定在電子商務上之應用 )

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Authentication Protocols for E-Commerce Applications (認證協定在電子商務上之應用) 指導教授: Chin-Chen Chang張真誠博士 博士生: Jen-Ho Yang楊仁和 Department of Computer Science and Information Engineering, National Chung Cheng University June 11, 2009

  2. Outline • Introduction • An efficient ID-based mutual authentication protocol in mobile environments • An efficient authentication with key agreement protocol for sensor networks • Non-signature authenticated encryption scheme on elliptic curve cryptosystems • An fair electronic payment system based upon non-signature authenticated encryption scheme • Conclusions and future works

  3. Introduction (1/3) User Authentication: • Personal Identification • Authentication Authentication Methods: • Biometrics: fingerprint, hand geometry, voiceprint, etc. • Cryptography: password, symmetric cryptosystems, public key cryptosystems, etc.

  4. Introduction (2/3) Our Research Directions: • Authentication protocols for limited-power and low computational ability devices (mobile devices and sensor networks) • Authentication protocols for e-commerce applications • Practical and efficient electronic payment model

  5. Introduction (3/3) • An efficient ID-based mutual authentication protocol in mobile environments (modular-exponentiation-based) • An efficient authentication with key agreement protocol for sensor networks (hash-function-based) • A non-signature authenticated encryption scheme on elliptic curve cryptosystems (ECC-based) • An fair electronic payment system based upon non-signature authenticated encryption scheme

  6. An Efficient ID-Based Mutual Authentication Protocol in Mobile Environments (1/5) Disadvantages of Public Key Cryptosystems: • Trusted key authentication center • Correctness of user’s public key • Certificate • Additional computations for verifying certificate ID-based Cryptosystems

  7. An Efficient ID-Based Mutual Authentication Protocol in Mobile Environments (2/5) ID-Based Cryptosystem (Shamir, 1984): • Using an unique identification (ID) as a public key • No public key • No public key table • No certificate • No key authentication center

  8. An Efficient ID-Based Mutual Authentication Protocol in Mobile Environments (3/5) Notations of the Proposed ID-Based Protocol: TA: A trusted authority for initializing the system parameters System Parameters: p1, p2, p3, p4: four primes e, N: two public integers, where N = p1.p2.p3.p4 d: a secret integer satisfying IDm / IDb: the identity of mobile device / base station Sm/ Sb : the private keys of the mobile device/base station satisfying T: a time stamp h(·): a secure one-way hash function

  9. An Efficient ID-Based Mutual Authentication Protocol in Mobile Environments (4/5) Mobile Device Base Station

  10. An Efficient ID-Based Mutual Authentication Protocol in Mobile Environments (5/5) The Advantages of Our Protocol: • Preventing well-known attacks • Mutual authentication • Low computation loads for mobile device

  11. An Efficient Authentication with Key Agreement Protocol for Sensor Networks (1/9) Sensor Networks: • A wireless network which is composed of many sensors. • The sensor is characterized by limited power supply, low computation ability, and small memory size. • Sensor networks can be used for battlefield, medical devices, home monitoring, etc.

  12. An Efficient Authentication with Key Agreement Protocol for Sensor Networks (2/9) IEEE 802.15.4 defines two physical devices for sensor networks: • Full-Functional Device (FFD) e.g. a sensor, coordinator, router or security manager • Reduced-Functional Device (RFD) e.g. a sensor (end device) • There is a base station (BS) which initializes and preloads the system parameters for FFD and RFD

  13. An Efficient Authentication with Key Agreement Protocol for Sensor Networks (3/9) The System Model: :FFD :RFD Base Station

  14. An Efficient Authentication with Key Agreement Protocol for Sensor Networks (4/9) Authentication with Key Agreement (AKA) Protocols: • Authentication + session key agreement • Authentication: verifying the validity of the sensors • Session key agreement: encrypting the collected data • AKA can be applied to secure communications on sensor networks.

  15. An Efficient Authentication with Key Agreement Protocol for Sensor Networks (5/9) Previous AKA Protocols for Sensor Networks: • Based upon public key cryptosystems • Heavy computation load and high power overhead for sensor networks The Proposed Protocol: • Based on one-way hash functions and XOR operations • Efficient and practical for the sensor networks

  16. An Efficient Authentication with Key Agreement Protocol for Sensor Networks (6/9) Initializing Phase: Base station selects the following parameter for sensors: • h(.): a secure one-way hash function pre-stored in all sensors • x: a long-term secret key pre-stored in FFD • h(IDi x): a long-term secret key pre-stored in RFD

  17. An Efficient Authentication with Key Agreement Protocol for Sensor Networks (7/9) Authentication with Key Agreement Phase: RFD FFD

  18. An Efficient Authentication with Key Agreement Protocol for Sensor Networks (8/9) Authentication with Key Agreement Phase: RFD FFD

  19. An Efficient Authentication with Key Agreement Protocol for Sensor Networks (9/9) The Advantages of Our Scheme: • Low power requirement • Fast processing time • Small communication overhead

  20. Non-Signature Authenticated Encryption Scheme On Elliptic Curve Cryptosystems (1/6) Message Authentication and Confidentiality Conventional Method: Signature-then-encryption Symmetric encryption Signing Digital signature with message Message Cipher text Decryption-then-verifying Symmetric decryption Verifying Cipher text Message Digital signature Heavy computation cost

  21. Non-Signature Authenticated Encryption Scheme On Elliptic Curve Cryptosystems (2/6) Authenticated Encryption Scheme: Signature + encryption = Signcryption Signcryption Cipher text with digital signature Message Verifying + decryption = Unsigncryption Cipher text with digital signature Unsigncryption Message

  22. Non-Signature Authenticated Encryption Scheme On Elliptic Curve Cryptosystems (3/6) Disadvantages of the Previous Authenticated Encryption Schemes: Requiring the digital signature for authentication Increasing the computation costs Our Solution: Non-signature authenticated encryption scheme on ECC

  23. Non-Signature Authenticated Encryption Scheme On Elliptic Curve Cryptosystems (4/6) System Parameters: q : an odd large prime ECC equation: n : the order of the ECC equation Q : a public base point in ECC * : the point multiplication in ECC Ux / dx :x’s public/private key satisfying Ux = dx*Q m: the message Elliptic Curve Discrete Logarithm Problem (ECDLP): Giventwo points Q and P in Eq(a, b),it’s hard to find k satisfying Q = k * P.

  24. Non-Signature Authenticated Encryption Scheme On Elliptic Curve Cryptosystems (5/6) Alice Bob

  25. Non-Signature Authenticated Encryption Scheme On Elliptic Curve Cryptosystems (6/6) • Authentication and message encryption • Without digital signature scheme • Low computation loads for the sender and the receiver

  26. An Efficient Electronic Payment System Using Non-Signature Authenticated Encryption Scheme(1/9) Electronic Payment Models for E-Commerce: • Electronic cash • Electronic check • Electronic credit card

  27. An Efficient Electronic Payment System Using Non-Signature Authenticated Encryption Scheme(2/9) Synchronization Problem: • The payer wants to send the payment after he receives the goods. • The merchant wants to send the goods after he receives the payment. Who sends it first ?

  28. An Efficient Electronic Payment System Using Non-Signature Authenticated Encryption Scheme(3/9) Solutions of the Synchronization Problem of Previous Researches: • Synchronized transaction online • Additional computations for lots of verification equations Our Solution: A fair electronic payment system using non-signature authenticated encryption scheme

  29. An Efficient Electronic Payment System Using Non-Signature Authenticated Encryption Scheme(4/9) System Parameters: q : an odd large prime ECC equation: n : the order of the ECC equation Q : a public base point in ECC * : the point multiplication in ECC Ux / dx :x’s public/private key satisfying Ux = dx*Q T: a time stamp

  30. An Efficient Electronic Payment System Using Non-Signature Authenticated Encryption Scheme(5/9) Alice Merchant Bank

  31. An Efficient Electronic Payment System Using Non-Signature Authenticated Encryption Scheme(6/9) Alice Bank Record in its database

  32. An Efficient Electronic Payment System Using Non-Signature Authenticated Encryption Scheme(7/9) Alice Merchant Goods

  33. An Efficient Electronic Payment System Using Non-Signature Authenticated Encryption Scheme(8/9) • The Properties of the Propose System: • No synchronization problem • Offline transaction • Privacy of buying information for the bank • Anonymity for the merchant • Low computation and communication loads

  34. Electronic Credit Card Electronic Cash Electronic Check Our System Paying Time Pay-later Pay-before Pay-later Pay-before Online/Offline Online Both Both Offline Anonymity No Yes No Yes SynchronizationProblem Yes Yes Yes No Computation Cost Low High High Low Payment Tools Proprties An Efficient Electronic Payment System Using Non-Signature Authenticated Encryption Scheme(9/9) Comparisons:

  35. Conclusions and Future Works • Reducing the computation load for ID-based authentication protocol • Applying the non-signature authenticated scheme for different applications in e-commerce • Investigating a new electronic payment model for mobile-commerce

  36. Thanks for your listening !

More Related