1Song-Won Lee, 20022099, 2002.10.10 (Thu)

[ICE615] Network Security[ICE615] Network Security

Mutual Authentication and Key Mutual Authentication and Key ExchangeExchangeFor Wireless CommunicationsFor Wireless Communications

Song-Won Lee 20022099 School of Engineering

[ Term Project Mid-Presentation ]

2002. 10. 10 (Thu)

2Song-Won Lee, 20022099, 2002.10.10 (Thu)

ContentsContents

IntroductionIntroduction

Project GoalProject Goal

PreliminariesPreliminaries

Previous WorksPrevious Works

Future WorksFuture Works

ReferencesReferences

[ICE615] Network Security[ICE615] Network Security

3Song-Won Lee, 20022099, 2002.10.10 (Thu)

Introduction Introduction (1/2)(1/2)

Limited power of wireless devicesLimited power of wireless devices Wireless environment limited in Wireless environment limited in

bandwidthbandwidth Communication mediumCommunication medium Mobility, …Mobility, …

[ICE615] Network Security[ICE615] Network Security

The Wireless Communications are The Wireless Communications are characterized by:characterized by:

These constraints have prevented a These constraints have prevented a adoption of cryptographic protocols to adoption of cryptographic protocols to wireless networks for authentication wireless networks for authentication and security.and security.

CharacteristCharacteristicsics

4Song-Won Lee, 20022099, 2002.10.10 (Thu)

Introduction Introduction (2/2)(2/2)

Verifying an identityVerifying an identity Client(wireless device) Client(wireless device)

authenticationauthentication Host(base station) authenticationHost(base station) authentication

[ICE615] Network Security[ICE615] Network Security

Due to the mobility of a wireless Due to the mobility of a wireless terminal, the network does not have terminal, the network does not have any information about the identity of any information about the identity of the terminal until a connection is made.the terminal until a connection is made.

Why AuthenticationWhy Authentication

5Song-Won Lee, 20022099, 2002.10.10 (Thu)

Project GoalProject Goal

[ICE615] Network Security[ICE615] Network Security

I would like to propose efficient I would like to propose efficient Mutually Authenticated Key Mutually Authenticated Key Exchanged ProtocolsExchanged Protocols, they are , they are suitable for establishing secure suitable for establishing secure communications between a low-communications between a low-power wireless device and a power wireless device and a powerful base station.powerful base station.

In this term-project,In this term-project,

6Song-Won Lee, 20022099, 2002.10.10 (Thu)

Preliminaries Preliminaries (1/3)(1/3)

RequiremeRequirementsnts

Session key establishmentSession key establishment Caller ID confidentialityCaller ID confidentiality Mutual authenticationMutual authentication Non-repudiation of servicesNon-repudiation of services

[ICE615] Network Security[ICE615] Network Security

Desired security features :Desired security features :

Efficiency and effectivenessEfficiency and effectiveness in terms in terms of computational complexity, of computational complexity, memory demand and bandwidth memory demand and bandwidth requirementrequirement

Minimal user interventionsMinimal user interventions

Implementation requirements :Implementation requirements :

7Song-Won Lee, 20022099, 2002.10.10 (Thu)

Preliminaries Preliminaries (2/3)(2/3)

Authentication Authentication ProtocolsProtocols

PasswordPassword Challenge/responseChallenge/response Public KeyPublic Key

[ICE615] Network Security[ICE615] Network Security

One-way :One-way :

Trusted intermediaryTrusted intermediary Public KeyPublic Key

Two-way (mutual authentication) :Two-way (mutual authentication) :

8Song-Won Lee, 20022099, 2002.10.10 (Thu)

Preliminaries Preliminaries (3/3)(3/3)

Abstract Protocol using PKCAbstract Protocol using PKC

[ICE615] Network Security[ICE615] Network Security

AA BB(PKA, SKA) (PKB, SKB)

rA,CertA=<IDA,PKA,SigTA(IDA,PKA)> cB ← {0,1}k

β = EPKA(cB)

SB=ESKB(IDA , rA , β)rB ← {0,1}krB ,β,SB,CertB=<IDB,PKB,SigTA(IDB,PKB)>

cA ← {0,1}k

α = EPKB(cA)

SA=ESKA(IDB , rB , α) α,SA

σ =cA cB σ =cA cB

rA ← {0,1}k

9Song-Won Lee, 20022099, 2002.10.10 (Thu)

Previous Works Previous Works (1/2)(1/2)

Server-specific ProtocolServer-specific Protocol

[ICE615] Network Security[ICE615] Network Security

AA BBKA (PKB, SKB)

rB ← {0,1}k

σ=rA rB σ=rA rB

rA ← {0,1}k EKA(rA), CertA

B

EKA(rA, rB ,IDB )

EKA(rB)

Before running the protocol, A first obtains a certificate from TA, given by

CertAB =< IDA,EPKB

(KA),SigTA(IDA,EPKB(KA))>.

[Proposed by D.Wong and A.Chan]

10Song-Won Lee, 20022099, 2002.10.10 (Thu)

Previous Works Previous Works (2/2)(2/2)

Linear ProtocolLinear Protocol

[ICE615] Network Security[ICE615] Network Security

AA BB{a1,…,a2i-1,a2i,…,a2n} R Zp-1 (PKB, SKB){ga1,…,ga2i-1,ga2i,…, ga2n} Zp

*

rB R Zp-1

σ=rA rB

σ=rA rB

rA ← {0,1}k

x=EPKB(rB)

y= a2i-1(xrB) + a2i mod (p-1)

Cert iA =<IDA,ga2i-1,ga2i,SigTA(IDA, ga2i-1,ga2i)>

rB

x, y

(ga2i-1) x rB ga2i ? g y (mod p)

Eσ (x)

11Song-Won Lee, 20022099, 2002.10.10 (Thu)

ConclusionsConclusions

[ICE615] Network Security[ICE615] Network Security

More efficient protocolsMore efficient protocols The number of times to perform the The number of times to perform the

cryptographic operationscryptographic operations The sizes of the messagesThe sizes of the messages The total number of messages The total number of messages

transmittedtransmitted

Satisfying security goals as well.Satisfying security goals as well.

12Song-Won Lee, 20022099, 2002.10.10 (Thu)

Future WorksFuture Works

Study on Wireless Network in more Study on Wireless Network in more detail, with respect to security issuesdetail, with respect to security issues

Research more of the previous Research more of the previous related works, and figure out related works, and figure out challenging problemschallenging problems

Develop improved Authentication Develop improved Authentication and Key Agreement protocols and Key Agreement protocols focused on efficiency and focused on efficiency and effectiveness, …effectiveness, …

[ICE615] Network Security[ICE615] Network Security

13Song-Won Lee, 20022099, 2002.10.10 (Thu)

ReferencesReferences

[1] M.Bellare and P.Rogaway, Entity Authentication and Key Distribution, Crypto’93, LNCS 773, pp.232-249, 1994

[2] H.Lin and L.Harn, Authentication Protocols for Personal Communication Systems, SIGCOMM’95

[3] D.Wong and A.Chan, Mutual Authentication and Key Exchange for Low Power Wireless Communications, IEEE MILCOM 2001

[4] M.Jakobsson and D.Pointcheval, Mutual Authentication for Low-Power Mobile Devices, FC 2001, LNCS 2339, pp.178-195, 2002

[5] H.Lin, L.Harn and V.Kumar, Authentication Protocols in Wireless Communications, ICAUTO ’95

[6] J.Go and K.Kim, Wireless Authentication Protocol Preserving User Anonymity, SCIS 2001

[ICE615] Network Security[ICE615] Network Security

14Song-Won Lee, 20022099, 2002.10.10 (Thu)

[ICE615] Network Security[ICE615] Network Security

Thanks a lotThanks a lot