S P E A K E R : H O N G - J I W E I
D AT E : 2 0 1 2 - 1 2 - 2 8
Secure Anonymous Authentication Scheme with
Roaming for Mobile Networks
2
Outline
1. Introduction
2. Review of Kim et al.’s Scheme
3. Weakness of Kim et al.’s Scheme
4. Our Improved Scheme
5. Security Analysis
6. Conclusion
3
1. Introduction (1/2)
Mun et al. proposed an anonymous authentication scheme with roaming for mobile networks in February, 2012.
Unfortunately, Kim et al. pointed out that Mun et al.'s scheme contains two weaknesses which is replay attack and man-in-the-middle attack in July, 2012.
In order to improve these weaknesses, they proposed an improved roaming authentication scheme with anonymity.
4
1. Introduction (2/2)
In this paper, we analyze Kim et al.’s scheme and point out the weakness in existence.
At the same time, we also propose an enhanced roaming authentication scheme to overcome the weakness of Kim et al.’s scheme.
5
2. Review of Kim et al.’s Scheme (1/5)
Notations of Kim et al.'s schemeMU Mobile User
FA Foreign Agent
HA Home Agent
PWX Password of an entity X
IDX Identity of an entity X
h(.) One-way hash function
N/N' Random nonce of current session / Random nonce of next session
⊕ Exclusive OR operation
|| Concatenation operation
fK MAC generation function by using key K
KXY Session key between entity X and Y
PRNG(.) Pseudo Random Number Generator
6
This scheme contains three main phases
1. Registration
2. Authentication and key establishment
3. Update session key
2. Review of Kim et al.’s Scheme (2/5)
Notations of Kim et al.'s schemeEK/DK Symmetric Encryption/Decryption with key K
P Password of mobile user
x Secret key of HA
y Random nonce generates for each mobile user
7
Registration
2. Review of Kim et al.’s Scheme (3/5)
MU HA
)||(
)||(
.1
NPhCompute
PIDhCompute
NGenerate
MU
)||(),||(,.2 NPhPIDhID MUMU
))||(||)||((
)||()||(
)()(
)||(),||(
)||( .3
NPhIDxhhVCompute
NPhIDxhKCompute
yhxhBCompute
NPhPIDhStore
PIDhCheck
MU
MU
MU
MU
(.)},,,,,,{.4 hyVKBIDIDcardSmart HAMU
(.)},,,,,,,{
.5
hyNVKBIDIDcardSmart
cardsmartinNStore
HAMU
Secure Channel
Secure Channel
8
Authentication and key establishment
2. Review of Kim et al.’s Scheme (4/5)
MU FA HA
))||(||)'||((
)'||(
)||(
)||()(
)||()||(
)()(
'
?.1
5
4
3
2
1
NPhNPhhc
NPhKc
VIDxhc
PIDhxhc
IDxhNPhKc
yhBxhCompute
NGenerate
IDIDCheck
MU
MU
MU
MUMU
5432 ,,,,.4 ccccIDFA
HAIDStore.3
)||(
))||(||)'||(||(
))||(||)'||(||(
?'
))||(||)'||(('
)'||(
)||()||(K
)||(
))||(||)||(('
)||()*,||(
)(2)*||(.5
78
7
6
55
5
4
3
caPEc
NPhNPhIDhc
NPhNPhKhc
aPCompute
aSelect
ccCheck
NPhNPhhc
KcNPh
NPhIDxh
VcIDxh
NPhPIDhhVCompute
NPhPIDhExtract
xhcPIDhCompute
V
FA
MU
MU
MU
MU
MU
aPccIDID FAHA ,,,,.6 86
aPStore
IDIDCheck FAHA
,.7
aPccIDID FAHA ,,,,.8 86
)||(
)(
?'
))||(||)'||(||('
))||((
?'
))||(||)'||(||('
.9
MF
MF
77
7
7
66
6
bPIDfS
abPhK
bPCompute
bSelect
ccCheck
NPhNPhIDhc
caPEDCompute
ccCheck
NPhNPhKhcCompute
IDCheck
FAK
FA
VV
HA
MF
MFSbP,.10?'
)||('
)( .11
MFMF
MF
MF
SSCheck
bPIDfS
abPhKCompute
FAKMF
5432 ,,,,.2 ccccIDHA
9
Update session key
2. Review of Kim et al.’s Scheme (5/5)
MU FAPb i.2
Pb Compute
b Select
i
i.1
)(
)(
.3
Pba||Pbaf SCompute
PbahKP,a Compute
a Select
1i1iiiKMF
iiMFi
i
iMFi
i
iMFi SP,a .4
ii
iMFi
i
MFMF
1i1iiiKMF
iiMF
S with' SCompare
Pba||Pbaf' SCompute
PbahK Compute
)(
)(.5
10
3. Weakness of Kim et al.’s Scheme (1/3)
The weakness of Kim et al.'s scheme can be found in two phases.
1. Authentication and establishment of session key
2. Update session key
11
Authentication and establishment of session key
3. Weakness of Kim et al.’s Scheme (2/3)
MU FA HA
))||(||)'||((
)'||(
)||(
)||()(
)||()||(
)()(
'
?.1
5
4
3
2
1
NPhNPhhc
NPhKc
VIDxhc
PIDhxhc
IDxhNPhKc
yhBxhCompute
NGenerate
IDIDCheck
MU
MU
MU
MUMU
5432 ,,,,.4 ccccIDFA
HAIDStore.3
)||(
))||(||)'||(||(
))||(||)'||(||(
?'
))||(||)'||(('
)'||(
)||()||(K
)||(
))||(||)||(('
)||()*,||(
)(2)*||(.5
78
7
6
55
5
4
3
caPEc
NPhNPhIDhc
NPhNPhKhc
aPCompute
aSelect
ccCheck
NPhNPhhc
KcNPh
NPhIDxh
VcIDxh
NPhPIDhhVCompute
NPhPIDhExtract
xhcPIDhCompute
V
FA
MU
MU
MU
MU
MU
aPccIDID FAHA ,,,,.6 86
aPStore
IDIDCheck FAHA
,.7
aPccIDID FAHA ,,,,.8 86
)||(
)(
?'
))||(||)'||(||('
))||((
?'
))||(||)'||(||('
.9
MF
MF
77
7
7
66
6
bPIDfS
abPhK
bPCompute
bSelect
ccCheck
NPhNPhIDhc
caPEDCompute
ccCheck
NPhNPhKhcCompute
IDCheck
FAK
FA
VV
HA
MF
MFSbP,.10?'
)||('
)( .11
MFMF
MF
MF
SSCheck
bPIDfS
abPhKCompute
FAKMF
5432HA c,c,c,c,ID.2
Replay attack
12
Update session key
3. Weakness of Kim et al.’s Scheme (3/3)
MU FAPb i.2
Pb Compute
b Select
i
i.1
)(
)(
.3
Pba||Pbaf SCompute
PbahKP,a Compute
a Select
1i1iiiKMF
iiMFi
i
iMFi
i
iMFi SP,a .4
ii
iMFi
i
MFMF
1i1iiiKMF
iiMF
S with' SCompare
Pba||Pbaf' SCompute
PbahK Compute
)(
)(.5
Replay attack
13
4. Our Improved Scheme (1/3)
Registration
MU HA
)||(
)||(
.1
0
0
NPhCompute
PIDhCompute
NGenerate
MU
)||(),||(,.2 0NPhPIDhID MUMU
))||(||)||((
)||()||(
)()(
)||(),||(
)||( .3
0
0
0
NPhIDxhhVCompute
NPhIDxhKCompute
yhxhBCompute
NPhPIDhStore
PIDhCheck
MU
MU
MU
MU
(.)},,,,,,{.3 hyVKBIDIDcardSmart HAMU
)}({
.4
.hy,,NV,K,B,,ID,IDcardSmart
cardsmartinN Store
0HAMU
0
Secure Channel
Secure Channel
14
Authentication and establishment of session key
4. Our Improved Scheme (2/3)
MU
)||(
))||(||)||((
)||(
)||(
)||()(
)||()||(
)()(
nifor,NGenerate
?IDIDCheck.1
1i
MUMU
1i
i1i5
1i4
MU3
MU2
MU01
NPh Store
NPhNPhhc
NPhKc
VIDxhc
PIDhxhc
IDxhNPhKc
yhBxhCompute
0
5432 ,,,,.2 ccccIDHA
5432 ,,,,.4 ccccIDFA
HAIDStore.3
sethe databainNPhStore
caPEc
NPhNPhIDhc
NPhNPhKhc
aPCompute
aSelect
ccCheck
NPhNPhhc
KcNPh
NPhIDxh
VcIDxh
NPhPIDhhVCompute
NPhPIDhExtract
xhcPIDhCompute
i
V
iiFA
ii
ii
i
MU
MU
MU
MU
MU
)||(
)||(
))||(||)||(||(
))||(||)||(||(
?'
))||(||)||(('
)||(
)||()||(K
)||(
))||(||)||(('
)||()*,||(
)(2)*||(.5
1
78
17
16
55
15
41
0
3
0
0
aPccIDID FAHA ,,,,.6 86
aPStore
IDIDCheck FAHA
,.7
86 ,,,.8 ccIDID FAHA
)||(
)(
?'
))||(||)||(|('
))||((
?'
))||(||)||(||('
.9
MF
MF
77
17
7
66
16
bPIDfS
abPhK
bPCompute
bSelect
ccCheck
NPhNPhIDhc
caPEDCompute
ccCheck
NPhNPhKhcCompute
IDCheck
FAK
iiFA
VV
ii
HA
MF
MFSbP,.10?'
)||('
)( .11
MFMF
MF
MF
SSCheck
bPIDfS
abPhKCompute
FAKMF
FA HA
15
Update session key
4. Our Improved Scheme (3/3)
MU FA)(. 2 PbE iK
1-iMF
)(
.1
PbaK Compute
Pb Compute
b Select
1i1iMF
i
i
1-i
)(
)(
))( (
)( .3
Pba||Pbaf SCompute
PbaKP,a Compute
a Select
PbED Compute
PbaK Compute
1i1iiiKMF
iiMFi
i
iK
1i1iMF
iMFi
i
1-iMFK1-iMF
1-i
)(.4i1-iMF MFiK SP,aE
ii
iMFi
i
i1-iMFK1-iMF
1-i
MFMF
1i1iiiKMF
iiMF
MFiK
1i1iMF
S with' SCompare
Pba||Pbaf' SCompute
PbaK Compute
SP,aED Compute
PbaK Compute
)(
)(
))( (
)(.5
16
5. Security Analysis (1/3)
Authentication and establishment of session keyMU
5432 ,,,,.2 ccccIDHA
5432 ,,,,.4 ccccIDFA
HAIDStore.3
sethe databainNPhStore
caPEc
NPhNPhIDhc
NPhNPhKhc
aPCompute
aSelect
ccCheck
NPhNPhhc
KcNPh
NPhIDxh
VcIDxh
NPhPIDhhVCompute
NPhPIDhExtract
xhcPIDhCompute
i
V
iiFA
ii
ii
i
MU
MU
MU
MU
MU
)||(
)||(
))||(||)||(||(
))||(||)||(||(
?'
))||(||)||(('
)||(
)||()||(K
)||(
))||(||)||(('
)||()*,||(
)(2)*||(.5
1
78
17
16
55
15
41
0
3
0
0
aPccIDID FAHA ,,,,.6 86
aPStore
IDIDCheck FAHA
,.7
86 ,,,.8 ccIDID FAHA
)||(
)(
?'
))||(||)||(|('
))||((
?'
))||(||)||(||('
.9
MF
MF
77
17
7
66
16
bPIDfS
abPhK
bPCompute
bSelect
ccCheck
NPhNPhIDhc
caPEDCompute
ccCheck
NPhNPhKhcCompute
IDCheck
FAK
iiFA
VV
ii
HA
MF
MFSbP,.10?'
)||('
)( .11
MFMF
MF
MF
SSCheck
bPIDfS
abPhKCompute
FAKMF
FA HA
)||(
))||(||)||((
)||(
)||(
)||()(
)||()||(
)()(
nifor,NGenerate
?IDIDCheck.1
1i
MUMU
1i
i1i5
1i4
MU3
MU2
MU01
NPh Store
NPhNPhhc
NPhKc
VIDxhc
PIDhxhc
IDxhNPhKc
yhBxhCompute
0
Replay
17
5. Security Analysis (2/3)
Update session key
MU FA)(. 2 PbE iK
1-iMF
)(
.1
PbaK Compute
Pb Compute
b Select
1i1iMF
i
i
1-i
)(
)(
))( (
)( .3
Pba||Pbaf SCompute
PbaKP,a Compute
a Select
PbED Compute
PbaK Compute
1i1iiiKMF
iiMFi
i
iK
1i1iMF
iMFi
i
1-iMFK1-iMF
1-i
)(.4i1-iMF MFiK SP,aE
ii
iMFi
i
i1-iMFK1-iMF
1-i
MFMF
1i1iiiKMF
iiMF
MFiK
1i1iMF
S with' SCompare
Pba||Pbaf' SCompute
PbaK Compute
SP,aED Compute
PbaK Compute
)(
)(
))( (
)(.5
Replay
18
5. Security Analysis (3/3)
Comparison table
19
6. Conclusion (1/1)
In this paper, we propose an enhanced anonymous scheme to improve the weakness of replay attack in Kim et al.'s scheme.
From the security analysis, we can know that our scheme indeed can prevent the replay attack in Authentication and establishment of session key and update session key phases.
20
Many thanks for your listening
Q & A