Network security Product Group 2 McAfee Network Security Platform.
[ICE615] Network Security
-
Upload
steven-castaneda -
Category
Documents
-
view
20 -
download
4
description
Transcript of [ICE615] Network Security
1Song-Won Lee, 20022099, 2002.10.10 (Thu)
[ICE615] Network Security[ICE615] Network Security
Mutual Authentication and Key Mutual Authentication and Key ExchangeExchangeFor Wireless CommunicationsFor Wireless Communications
Song-Won Lee 20022099 School of Engineering
[ Term Project Mid-Presentation ]
2002. 10. 10 (Thu)
2Song-Won Lee, 20022099, 2002.10.10 (Thu)
ContentsContents
IntroductionIntroduction
Project GoalProject Goal
PreliminariesPreliminaries
Previous WorksPrevious Works
Future WorksFuture Works
ReferencesReferences
[ICE615] Network Security[ICE615] Network Security
3Song-Won Lee, 20022099, 2002.10.10 (Thu)
Introduction Introduction (1/2)(1/2)
Limited power of wireless devicesLimited power of wireless devices Wireless environment limited in Wireless environment limited in
bandwidthbandwidth Communication mediumCommunication medium Mobility, …Mobility, …
[ICE615] Network Security[ICE615] Network Security
The Wireless Communications are The Wireless Communications are characterized by:characterized by:
These constraints have prevented a These constraints have prevented a adoption of cryptographic protocols to adoption of cryptographic protocols to wireless networks for authentication wireless networks for authentication and security.and security.
CharacteristCharacteristicsics
4Song-Won Lee, 20022099, 2002.10.10 (Thu)
Introduction Introduction (2/2)(2/2)
Verifying an identityVerifying an identity Client(wireless device) Client(wireless device)
authenticationauthentication Host(base station) authenticationHost(base station) authentication
[ICE615] Network Security[ICE615] Network Security
Due to the mobility of a wireless Due to the mobility of a wireless terminal, the network does not have terminal, the network does not have any information about the identity of any information about the identity of the terminal until a connection is made.the terminal until a connection is made.
Why AuthenticationWhy Authentication
5Song-Won Lee, 20022099, 2002.10.10 (Thu)
Project GoalProject Goal
[ICE615] Network Security[ICE615] Network Security
I would like to propose efficient I would like to propose efficient Mutually Authenticated Key Mutually Authenticated Key Exchanged ProtocolsExchanged Protocols, they are , they are suitable for establishing secure suitable for establishing secure communications between a low-communications between a low-power wireless device and a power wireless device and a powerful base station.powerful base station.
In this term-project,In this term-project,
6Song-Won Lee, 20022099, 2002.10.10 (Thu)
Preliminaries Preliminaries (1/3)(1/3)
RequiremeRequirementsnts
Session key establishmentSession key establishment Caller ID confidentialityCaller ID confidentiality Mutual authenticationMutual authentication Non-repudiation of servicesNon-repudiation of services
[ICE615] Network Security[ICE615] Network Security
Desired security features :Desired security features :
Efficiency and effectivenessEfficiency and effectiveness in terms in terms of computational complexity, of computational complexity, memory demand and bandwidth memory demand and bandwidth requirementrequirement
Minimal user interventionsMinimal user interventions
Implementation requirements :Implementation requirements :
7Song-Won Lee, 20022099, 2002.10.10 (Thu)
Preliminaries Preliminaries (2/3)(2/3)
Authentication Authentication ProtocolsProtocols
PasswordPassword Challenge/responseChallenge/response Public KeyPublic Key
[ICE615] Network Security[ICE615] Network Security
One-way :One-way :
Trusted intermediaryTrusted intermediary Public KeyPublic Key
Two-way (mutual authentication) :Two-way (mutual authentication) :
8Song-Won Lee, 20022099, 2002.10.10 (Thu)
Preliminaries Preliminaries (3/3)(3/3)
Abstract Protocol using PKCAbstract Protocol using PKC
[ICE615] Network Security[ICE615] Network Security
AA BB(PKA, SKA) (PKB, SKB)
rA,CertA=<IDA,PKA,SigTA(IDA,PKA)> cB ← {0,1}k
β = EPKA(cB)
SB=ESKB(IDA , rA , β)rB ← {0,1}krB ,β,SB,CertB=<IDB,PKB,SigTA(IDB,PKB)>
cA ← {0,1}k
α = EPKB(cA)
SA=ESKA(IDB , rB , α) α,SA
σ =cA cB σ =cA cB
rA ← {0,1}k
9Song-Won Lee, 20022099, 2002.10.10 (Thu)
Previous Works Previous Works (1/2)(1/2)
Server-specific ProtocolServer-specific Protocol
[ICE615] Network Security[ICE615] Network Security
AA BBKA (PKB, SKB)
rB ← {0,1}k
σ=rA rB σ=rA rB
rA ← {0,1}k EKA(rA), CertA
B
EKA(rA, rB ,IDB )
EKA(rB)
Before running the protocol, A first obtains a certificate from TA, given by
CertAB =< IDA,EPKB
(KA),SigTA(IDA,EPKB(KA))>.
[Proposed by D.Wong and A.Chan]
10Song-Won Lee, 20022099, 2002.10.10 (Thu)
Previous Works Previous Works (2/2)(2/2)
Linear ProtocolLinear Protocol
[ICE615] Network Security[ICE615] Network Security
AA BB{a1,…,a2i-1,a2i,…,a2n} R Zp-1 (PKB, SKB){ga1,…,ga2i-1,ga2i,…, ga2n} Zp
*
rB R Zp-1
σ=rA rB
σ=rA rB
rA ← {0,1}k
x=EPKB(rB)
y= a2i-1(xrB) + a2i mod (p-1)
Cert iA =<IDA,ga2i-1,ga2i,SigTA(IDA, ga2i-1,ga2i)>
rB
x, y
(ga2i-1) x rB ga2i ? g y (mod p)
Eσ (x)
11Song-Won Lee, 20022099, 2002.10.10 (Thu)
ConclusionsConclusions
[ICE615] Network Security[ICE615] Network Security
More efficient protocolsMore efficient protocols The number of times to perform the The number of times to perform the
cryptographic operationscryptographic operations The sizes of the messagesThe sizes of the messages The total number of messages The total number of messages
transmittedtransmitted
Satisfying security goals as well.Satisfying security goals as well.
12Song-Won Lee, 20022099, 2002.10.10 (Thu)
Future WorksFuture Works
Study on Wireless Network in more Study on Wireless Network in more detail, with respect to security issuesdetail, with respect to security issues
Research more of the previous Research more of the previous related works, and figure out related works, and figure out challenging problemschallenging problems
Develop improved Authentication Develop improved Authentication and Key Agreement protocols and Key Agreement protocols focused on efficiency and focused on efficiency and effectiveness, …effectiveness, …
[ICE615] Network Security[ICE615] Network Security
13Song-Won Lee, 20022099, 2002.10.10 (Thu)
ReferencesReferences
[1] M.Bellare and P.Rogaway, Entity Authentication and Key Distribution, Crypto’93, LNCS 773, pp.232-249, 1994
[2] H.Lin and L.Harn, Authentication Protocols for Personal Communication Systems, SIGCOMM’95
[3] D.Wong and A.Chan, Mutual Authentication and Key Exchange for Low Power Wireless Communications, IEEE MILCOM 2001
[4] M.Jakobsson and D.Pointcheval, Mutual Authentication for Low-Power Mobile Devices, FC 2001, LNCS 2339, pp.178-195, 2002
[5] H.Lin, L.Harn and V.Kumar, Authentication Protocols in Wireless Communications, ICAUTO ’95
[6] J.Go and K.Kim, Wireless Authentication Protocol Preserving User Anonymity, SCIS 2001
[ICE615] Network Security[ICE615] Network Security
14Song-Won Lee, 20022099, 2002.10.10 (Thu)
[ICE615] Network Security[ICE615] Network Security
Thanks a lotThanks a lot