1 / 18

Mutual Authentication and Key Exchange Protocol (MAKEP)

Mutual Authentication and Key Exchange Protocol (MAKEP). Reporter: Jung-Wen Lo ( 駱榮問 ) Date: 2008/4/1 8. Outline. Introduction ES-MAKEP: Efficient & Secure MAKEP Fuw-Yi Yang and Jinn-Ke Jan (2004) ES-MAKEP-Forward Secret Attack F-MAKEP He Yijun, Xu Nan and Li Jie (2007) Comment.

duante
Download Presentation

Mutual Authentication and Key Exchange Protocol (MAKEP)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Mutual Authentication and Key Exchange Protocol (MAKEP) Reporter: Jung-Wen Lo (駱榮問) Date: 2008/4/18

  2. Outline • Introduction • ES-MAKEP: Efficient & Secure MAKEP • Fuw-Yi Yang and Jinn-Ke Jan (2004) • ES-MAKEP-Forward Secret Attack • F-MAKEP • He Yijun, Xu Nan and Li Jie (2007) • Comment

  3. Introduction • MAKEP: Mutual authentication and key exchange protocol • L-MAKEP: Linear MAKEP • Author: D. S. Wong and A. H. Chan • Title: Mutual authentication and key exchange for low power wireless communications • Src: Military Communications Conference, 2001. MILCOM 2001. Communications for Network-Centric Operations: Creating the Information Force, IEEE, Vol. 1, 2001, pp. 39-43 • IL-MAKEP: Improved L-MAKEP • Author: K. Shim • Title: Cryptanalysis of mutual authentication and key exchange for low-power wireless communications • Src: IEEE Communications Letters, Vol. 7, No. 5, pp.248-250, 2003. • I-MAKEP • Authors: Jinn-Ke Jan and Yi-Hwa Chen • Title: A new efficient MAKEP for wireless communications • Src: In Proceedings of the 18th International Conference on Advanced Information Networking and Application (AINA’04), IEEE, Volume 2, pp. 347-350, 2004 • ES-MAKEP: Efficient & Secure MAKEP • Authors: Fuw-Yi Yang and Jinn-Ke Jan • Title: A Secure and Efficient Key Exchange Protocol for Mobile Communications • Src: Cryptology ePrint Archive 2004/167, July 2004, http://eprint.iacr.org • F-MAKEP: Perfect forward secrecy • Improved ES-MAKEP

  4. A Secure and Efficient Key Exchange Protocol for Mobile Communications Authors: Fuw-Yi Yang and Jinn-Ke Jan Src: Cryptology ePrint Archive 2004/167, July 2004, http://eprint.iacr.org

  5. Notation • εpk(): an asymmetric encryption functionδSK(): an asymmetric decryption function • EK(): a symmetric encryption functionDK(): a symmetric decryption function • SKS: a private key of server SPKS: a public key of server S • IDU: the identification of a client entity UIDS: the identification of a server S • p, q: a private key pair of Ug ,n: a public key pair of U • x || y: string x concatenates string y • |n|: bit length of n • rUK, rUF, rUR:three random numbers selected by UrSK: a random number selected by Sr∈RG : r is a random number selected from the set G • l: the length of session keys

  6. ES-MAKEP Server S User U (PKS,SKS) rUK,rUR,rUFC1rUK=εPKS(rUK)CMT=grUF||rUF mod n M1={C1rUK,CMT,IDU} rUK = δSKS(C1rUK)Random rskσSU=rSKrUKC2rUK=EσSU(rUK) σUS=rUKrSKr’UK=DσUS(C2rUK) =DσUS(EσSU(rUK))r’UK?= rUKSF=h(rUK,rSK,IDU,IDS)C3=EσSU(IDU)SR=2|n|(rUF-SF)+rUR mod λ(n) M2={rSK,C2rUK} SF=h(rUK,rSK,IDU,IDS)CMT’=gSF||SR mod nCMT’?=CMT M3={C3,SR} ※n=pq ;λ(n)=lcm(p-1, q-1)

  7. A Secure Key Exchange and Mutual Authentication Protocol for Wireless Mobile Communications Authors: He Yijun, Xu Nan and Li Jie Src: The Second International Conference on Availability, Reliability and Security, 2007. ARES 2007, 10-13 April 2007 pp. 558 – 563

  8. ES-MAKEP-Forward Secret Attack Attacker Server S User U Conceal SKS (PKS,SKS) rUK,rUR,rUFC1rUK=εPKS(rUK)CMT=grUF||rUF mod n M1={C1rUK,CMT,IDU} rUK = δSKS(C1rUK)Random rskσSU=rSKrUKC2rUK=EσSU(rUK) σUS=rUKrSKr’UK=DσUS(C2rUK) =DσUS(EσSU(rUK))r’UK?= rUKSF=h(rUK,rSK,IDU,IDS)C3=EσSU(IDU)SR=2|n|(rUF-SF)+rUR mod λ(n) M2={rSK,C2rUK} SF=h(rUK,rSK,IDU,IDS)CMT’=gSF||SR mod nCMT’?=CMT M3={C3,SR}

  9. F-MAKEP Server S User U (PKS,SKS) rUK,rUR,rUFC1rUK=εPKS(grUK)CMT=grUF||rUF mod n M1={C1rUK,CMT,IDU} rUK = δSKS(C1rUK)Random rskσSU=grSKrUKC2rUK=EσSU(rUK) M2={rSK,C2rUK} σSU=grSKrUKr’UK=DσUS(C2rUK) =DσUS(EσSU(rUK))r’UK?= rUKSF=h(rUK,rSK,IDU,IDS)C3=EσSU(IDU)SR=2|n|(rUF-SF)+rUR mod λ(n) SF=h(rUK,rSK,IDU,IDS)CMT’=gSF||SR mod nCMT’?=CMT M3={C3,SR} ※n=pq ;λ(n)=lcm(p-1, q-1)

  10. Comment • Conceal secret key is difficult • ES-MAKEP & F-MAKEP: PKI system=> Inefficient=> Not suitable for wireless devices

  11. DoS-Resistance Protocol Server A(pw1,pw2) Client B(pw1,pw2) IDA,IDB,X, H(IDA,IDB,X) 1. rBX=pwi⊕rB 2. Try pwi 3. rAY= rA⊕rBσ=H(rA,rB,IDA,IDB) Y⊕H(pwj),σ⊕H(pwi) 4. r’A =Y⊕rBσ’=H(r’A,rB,IDA,IDB)H(σ’) ?= H(σ) 5. H(σ’) 4.H(σ’) ?= H(σ)

  12. PK-based MAKEP

  13. Server-specific MAKEP

  14. Linear MAKEP

  15. y’=cy Unknown key-share attack on L-MAKEP(?) σ’ =rAy’Eσ’(x)

  16. IL-MAKEP Eσ(x,IDA,IDB)

  17. A new efficient MAKEP for wireless communications Authors: Jinn-Ke Jan and Yi-Hwa Chen Src: In Proceedings of the 18th International Conference on Advanced Information Networking and Application (AINA’04), IEEE, Volume 2, pp. 347-350, 2004

  18. I-MAKEP Server S User U RegisterPhase ID,v xv=g-x mod N y=(v-ID)d mod N SessionKey GenerationPhase ID,Y v= ye+ID mod N Random rs rs Random w,ku=gw mod Nt=EPKS(k)s=w+xH(rs||t||u)σ=ks u,t,s gsvH(rs||t||u) ?≡u mod Nk’=D(t)σ=k’s H(k’) H(k’)?=H(k)

More Related