




版權(quán)說(shuō)明:本文檔由用戶提供并上傳,收益歸屬內(nèi)容提供方,若內(nèi)容存在侵權(quán),請(qǐng)進(jìn)行舉報(bào)或認(rèn)領(lǐng)
文檔簡(jiǎn)介
1、1在電腦網(wǎng)路應(yīng)用環(huán)境中的身份認(rèn)證與金在電腦網(wǎng)路應(yīng)用環(huán)境中的身份認(rèn)證與金鑰協(xié)議技術(shù)之研究鑰協(xié)議技術(shù)之研究 Advisor: Dr. Chin-Chen Chang Student: Hao-Chuan Tsai Date: 12.30.2010 Department of Computer Science and Information Engineering, National Chung Cheng University2 Part I: Authentication Scheme with Key Agreement three party authenticated key agreem
2、ent Part II: Anonymous Authentication Scheme for Wireless Networks34 Goal: Convince system of your identity before it can act on your behalf Methods Who you are What you know What you have5 What you have Verify identity based on possession of some object Magnetic Card Smart Card (IC Card)8.56cm5.39c
3、m1.923cm1.025cm6Who you areverify identity based on your physical characteristics or involuntary response patterns known as biometrics characteristics used include: signature (usually dynamic) fingerprinthand geometry face or body profile speech retina pattern always have tradeoff between false reje
4、ction and false acceptance 7What you knowBirthday, School name, Blood type, or Salary ?Meaningful Secrets ?Meaningless Secrets (Passwords) !Traditional Password MechanismProcedure: 1. Prompt user for a login name and password 2. Verify identity by checking that password is correct Passwords in the S
5、ystem: May be stored in clear mode May be stored in cipher mode: Encrypted or One-Way HashedPasswords should be selected with care to reduce risk of exhaustive search One problem with traditional passwords is caused by eavesdropping their transfer over an insecure network 8 Password Practice Passwor
6、d Complexity Criteria At least 7 characters long. Does not contain your User Name, Real Name, or Company Name. Does not contain a complete dictionary word. Is significantly different from previous passwords. Contains characters from each of the following groups: uppercase letters lowercase letters n
7、umerals symbols found on the keyboard.9 Create Session Keys Key transport A session key is selected by one communication party and is distributed to others in some way Key agreement A session key is established by the cooperating of all communication parties10Drawbacks of 2PAKA Given N parties there
8、 are N(N-1)/2 (=nC2) secret keys that should be established each party should securely store N-1 secret keys Awkward for larger-scale networks Inflexible (difficult to add, update, or delete a party)ExampleIf N = 6, then there are 6(6-1)/2 = 15 secret keys should be established in advance.11An authe
9、nticated key agreement protocol is an interactive method for two or more parties to determine session keys based on their secret keys or public/private keys.AuthenticationAuthenticationKey agreement / key exchangeSKSecure communication Trusted server1213 Impersonation attacks Impersonate clients or
10、the server Man-in-the-middle attacks On-line password guessing attacks Off-line password guessing attacks The most powerful attack14 The server needs to authenticate the communication clients explicitly The established session key would not revealed to either the server or others Round efficiency15
11、Initial phase The server computes And then the server computes Server also finds a value rc to satisfy the equationand computes (,)CCHCpw( ,)CH C skm o dCCCrqm o dCrCgp16ABS1.2.1ApwxXgM2(| )xxAXgHgA B1Bp wyYgN2(|)yyBYgHgB A1ApwxXgM2(| )xxAXgHgA B17ABS3compute,(|)xyzABskHABSg/ApwxgX M/BpwygY Nretriev
12、e derive (|)xAHgA B(|)yBHgBA)|(|)|(AyzpwAxyzgHgSBAHgXA)|(|)|(BxzpwByxzgHgSABHgYB4)|(|)|(BxzpwByxzgHgSABHgYBcompute,(|)xyzABskHABSg1819H L R1VLR2VLR3VLRMSMSMSRoaming path20Multiple regional domainEach domain is operated under a different administrationHLR (Home Location Register)HLR is used to denote
13、 the home domain, the home domain server, and the home location register, concurrently.A subscriber has only one home as his administrative domain One who desiring to contact MS must consult his HLR. VLR (Visiting Location Register)VLR is used to denote the visiting domain, the visiting domain serve
14、r, and the visiting location register, concurrently.When a subscriber roams into a visited domain, he should initially establish a residence within that domain.21HLRMSVLRIMSIIMSI, VLRIMSI, (RAND1, SRES1, Kc1), (RAND2, SRES2, Kc2), , (RANDn , SRESn, Kcn).RAND1SRES1 enc_with_ A5(Kc1, TMSI)Computes: SR
15、ES1 = A3(Ki, RAND1), Kc1 = A8(Ki, RAND1) SRES2 = A3(Ki, RAND2), Kc2 = A8(Ki, RAND2) SRESn = A3(Ki, RANDn), Kcn = A8(Ki, RANDn) Computes: (inside SIM) SRES1 = A3(Ki, RAND1) Kc1 = A8(Ki, RAND1) Computes: enc_with_ A5(Kc1, TMSI) Decrypts: enc_with_ A5(Kc1, TMSI)(Unspecified Secure Channel)Multiple on-t
16、he-fly triplets s h o u l d b e o n - l i n e generated and transferred in batch to the VLR. Then, VLR can use them in successive authentication flows with the roaming MS.VLR needs to ensure that MS is currently in good status. MS establishes a temporary residence in the visited domain.22VLRTMSIRAND
17、mSRESm Computes: (inside SIM) SRESm = A3(Ki, RANDm) Kcm = A8(Ki, RANDm) enc_with_A5(Kcm, messages)MSVLRTMSI, RANDmSRESm Computes: (inside SIM) SRESm = A3(Ki, RANDm) Kcm = A8(Ki, RANDm)enc_with_A5(Kcm, messages)MSWhen MS makes a call, the origination protocol is then invoked to authenticate himself t
18、o VLR and establish a session key.23242526 The main problems we suffer Impersonation Attack Attackers can impersonate either MS or FA to obtain secret information Personal Privacy Problem The identity of MS can be revealed to others27 The proposed scheme has the following characteristics Provide mut
19、ual authentication A mobile client and the communicating entities can be authentic An established session key would not revealed to either the uninvolved servers or others Diverting the most complicated operations to either the HLR or VLR The risk of compromising the secret information stored on HLR is reduced Ensure anonymity28 Initial phase Sh choose
溫馨提示
- 1. 本站所有資源如無(wú)特殊說(shuō)明,都需要本地電腦安裝OFFICE2007和PDF閱讀器。圖紙軟件為CAD,CAXA,PROE,UG,SolidWorks等.壓縮文件請(qǐng)下載最新的WinRAR軟件解壓。
- 2. 本站的文檔不包含任何第三方提供的附件圖紙等,如果需要附件,請(qǐng)聯(lián)系上傳者。文件的所有權(quán)益歸上傳用戶所有。
- 3. 本站RAR壓縮包中若帶圖紙,網(wǎng)頁(yè)內(nèi)容里面會(huì)有圖紙預(yù)覽,若沒(méi)有圖紙預(yù)覽就沒(méi)有圖紙。
- 4. 未經(jīng)權(quán)益所有人同意不得將文件中的內(nèi)容挪作商業(yè)或盈利用途。
- 5. 人人文庫(kù)網(wǎng)僅提供信息存儲(chǔ)空間,僅對(duì)用戶上傳內(nèi)容的表現(xiàn)方式做保護(hù)處理,對(duì)用戶上傳分享的文檔內(nèi)容本身不做任何修改或編輯,并不能對(duì)任何下載內(nèi)容負(fù)責(zé)。
- 6. 下載文件中如有侵權(quán)或不適當(dāng)內(nèi)容,請(qǐng)與我們聯(lián)系,我們立即糾正。
- 7. 本站不保證下載資源的準(zhǔn)確性、安全性和完整性, 同時(shí)也不承擔(dān)用戶因使用這些下載資源對(duì)自己和他人造成任何形式的傷害或損失。
最新文檔
- 小學(xué)知識(shí)考試題及答案
- 內(nèi)蒙古自治區(qū)巴彥淖爾市2024-2025學(xué)年高中畢業(yè)班第二次質(zhì)量檢查歷史試題含解析
- 天津?yàn)I海汽車工程職業(yè)學(xué)院《高等微生物學(xué)》2023-2024學(xué)年第二學(xué)期期末試卷
- 工業(yè)互聯(lián)網(wǎng)平臺(tái)2025年異構(gòu)數(shù)據(jù)庫(kù)融合技術(shù)在工業(yè)互聯(lián)網(wǎng)平臺(tái)創(chuàng)新中的應(yīng)用
- 家具設(shè)計(jì)中的社會(huì)功能與環(huán)境適應(yīng)性研究探討及案例分析試題及答案
- 家具行業(yè)的消費(fèi)者行為分析考題試題及答案
- 武漢航海職業(yè)技術(shù)學(xué)院《場(chǎng)地環(huán)境風(fēng)險(xiǎn)評(píng)價(jià)與修復(fù)》2023-2024學(xué)年第二學(xué)期期末試卷
- 教師教育教學(xué)反思的有效方法與策略試題及答案
- 家具設(shè)計(jì)中的空間美學(xué)考題及答案
- 未來(lái)出行領(lǐng)域技術(shù)展望試題及答案
- 登高車安全培訓(xùn)
- 成人重癥患者顱內(nèi)壓增高防控護(hù)理專家共識(shí)(2024版)解讀課件
- 在線監(jiān)測(cè)運(yùn)維管理體系
- 英語(yǔ)課件 外研版(2019)選擇性必修四 Unit6 Developing ideas
- 2025年數(shù)獨(dú)考試試題及答案
- 化工工藝學(xué)知到智慧樹(shù)章節(jié)測(cè)試課后答案2024年秋廣州大學(xué)
- 產(chǎn)后抑郁癥的原因及護(hù)理文獻(xiàn)匯報(bào)
- 湖北省武漢市華中師大一附中2025屆高考數(shù)學(xué)全真模擬密押卷含解析
- 2024年司法考試完整真題及答案
- ARVR在電商設(shè)計(jì)中的應(yīng)用與前景
- 宣傳工作實(shí)務(wù)-形考任務(wù)三-國(guó)開(kāi)(FJ)-參考資料
評(píng)論
0/150
提交評(píng)論