論文使用權限 Thesis access permission:校內外都一年後公開 withheld
開放時間 Available:
校內 Campus: 已公開 available
校外 Off-campus: 已公開 available
論文名稱 Title |
具巢狀單次祕密結構且可證明安全之快速行動通訊相互認證及金鑰交換機制 Provably Secure Nested One-Time Secret Mechanisms for Fast Mutual Authentication and Key Exchange in Mobile Communications |
||
系所名稱 Department |
|||
畢業學年期 Year, semester |
語文別 Language |
||
學位類別 Degree |
頁數 Number of pages |
113 |
|
研究生 Author |
|||
指導教授 Advisor |
|||
召集委員 Convenor |
|||
口試委員 Advisory Committee |
|||
口試日期 Date of Exam |
2011-01-13 |
繳交日期 Date of Submission |
2011-02-10 |
關鍵字 Keywords |
相互認證、資訊安全、金鑰交換、單次祕密、行動安全 one-time secrets, mobile security, mutual authentication, key exchange, information security |
||
統計 Statistics |
本論文已被瀏覽 5688 次,被下載 728 次 The thesis/dissertation has been browsed 5688 times, has been downloaded 728 times. |
中文摘要 |
由於快速移動和高度可攜的特性, 無線技術在人們通訊時扮演一個非常重要的角色。許多應用於行動通訊的安全機制已在一些文獻中有相關的介紹與討論。 在這些機制中, 認證作業是一項極重要的工作, 並且可以當作是抵擋攻擊的第一道關卡, 因為它能確保每個通訊個體在加入任何通訊活動之前其身份的正確性。 目前的機制有一些缺點, 例如: 區域基地台和主要基地台之間的頻寬浪費、區域基地台的儲存量過載、以及缺少區域基地台的認證等。另一方面, 有些機制的效能較佳, 但卻不是植基於合理的假設上。一個理想的行動認證機制應該達到個體間相互的認證, 而對區域基地台而言,只須要少量的儲存成本, 且對每個個體而言, 也只須少許的計算量和通訊量, 進而提供安全和快速的通訊服務。因此, 為了確保此先進技術的品質,一個有效率(尤其是對使用者) 且安全的認證機制是迫切需要的。 此外, 該機制也應該植基在合理的假設上。 在本篇論文中, 我們提出了一個新穎的認證機制, 命名為巢狀單次祕密機制,並且能適用於行動通訊的環境。在我們所提出的協定中, 透過內層和外層同步地交換祕密, 每個行動通訊用戶可以快速地被區域基地台和主要基地台認證,此外, 我們的機制也植基於合理的假設上。本機制不但達到相互認證, 而且對行動通訊的使用者而言, 與目前同類的認證機制比較, 其大幅減少了通訊成本和計算成本。最後, 我們正規地證明所提出的機制是一個安全相互認證和金鑰交換機制, 其安全性是植基在加密法的語意安全, 虛擬隨機函數和隨機函數的不可分辨性, 以及虛擬隨機排列和隨機排列的不可分辨性。 |
Abstract |
Wireless communication has played a very important role in people communication activities due to the properties of fast mobility and high portability. Many security mechanisms for mobile communications have been introduced in the literature. Among these mechanisms, authentication is a quite important task in the entire mobile network system and acts as the first defense against attackers since it ensures the correctness of the identities of distributed communication entities before they engage in any other communication activity. Some schemes have similar drawbacks, such as high bandwidth consumption between VLR and HLR, storage overhead in VLR, and lack of VLR authentication. On the other hand, some protocols are efficient, but they are not based on rational assumptions. Ideally, a mobile authentication scheme should achieve mutual entity authentication, low storage cost in VLR, and light-weight computation and communication for each entity, to provide secure and fast communication services. Therefore, in order to guarantee the quality of this advanced technology, an efficient (especially, user efficient) and secure authentication scheme is urgently desired, and moreover, it should be under reasonable assumptions. In this dissertation, we come up with a novel authentication mechanism, called the nested one-time secret mechanism, tailored for mobile communication environments. Through maintaining inner and outer synchronously changeable common secrets, respectively, every mobile user can be rapidly authenticated by VLR and HLR, respectively, in the proposed scheme based on rational assumptions. Not only does the proposed solution achieve mutual authentication, but also it greatly reduces the computation and communication cost of the mobile users as compared with the existing authentication schemes. Finally, we formally prove that the proposed scheme is a secure mutual authentication and key exchange scheme under the assumptions of semantic security of encryption, indistinguishability of a pseudorandom function and a random function, and indistinguishability of a pseudorandom permutation and a random permutation. |
目次 Table of Contents |
Contents 論文審定書 i 誌謝 iii 摘要 iv Abstract vi 1 Introduction 1 1.1 The Architecture of GSM . . . . . . . . . . . . . . . . . . . . . . . . 4 1.2 The Architecture of the Third Generation Mobile System . . . . . . . 5 2 Related Works 9 2.1 Hwang and Chang’s Scheme . . . . . . . . . . . . . . . . . . . . . . . 9 2.2 Kumar et al.’s Scheme . . . . . . . . . . . . . . . . . . . . . . . . . . 11 2.3 Ammayappan et al.’s Scheme . . . . . . . . . . . . . . . . . . . . . . 14 2.4 Al-Fayoumi et al.’s Scheme . . . . . . . . . . . . . . . . . . . . . . . . 19 2.5 Tang et al.’s Scheme . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 2.6 Kalaichelvi and Chandrasekaran’s Scheme . . . . . . . . . . . . . . . 27 2.7 Fanian et al.’s Scheme . . . . . . . . . . . . . . . . . . . . . . . . . . 30 2.8 Lee et al.’s Scheme . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 3 Our Idea 38 3.1 An Efficient Hybrid Mechanism for Mutual Authentication . . . . . . 38 3.2 Nested One-Time Secret Mechanisms . . . . . . . . . . . . . . . . . . 44 4 The Proposed Scheme 47 4.1 The Initial Authentication Protocol for Mobile User Ui and the System 49 4.2 The jth Authentication Protocol for Mobile User Ui and the System . 50 4.3 The Initial Authentication Protocol for User Ui and the Current VLR 52 4.4 The kth Authentication Protocol for User Ui and the Current VLR . 52 5 Security Models and Proofs 56 5.1 Security Models and Definitions . . . . . . . . . . . . . . . . . . . . . 56 5.2 Security Proofs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64 5.2.1 The Security of the Protocol in Section 4.1 . . . . . . . . . . . 64 5.2.2 The Security of the Protocol in Section 4.2 . . . . . . . . . . . 71 5.2.3 The Security of the Protocol in Section 4.3 . . . . . . . . . . . 80 5.2.4 The Security of the Protocol in Section 4.4 . . . . . . . . . . . 83 6 Performance Comparisons 89 7 Conclusions and Future Works 93 Bibliography 95 List of Figures Figure 1.1 The architecture of GSM . . . . . . . . . . . . . . . . . . . . . 6 Figure 1.2 The architecture of UMTS . . . . . . . . . . . . . . . . . . . . 8 Figure 2.1 Hwang and Chang’s authentication protocol for Ui and the system (V and H) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 Figure 2.2 Hwang and Chang’s authentication protocol for Ui and V . . . 12 Figure 2.3 The first protocol of Kumar et al.’s scheme . . . . . . . . . . . 14 Figure 2.4 The second protocol of Kumar et al.’s scheme . . . . . . . . . 15 Figure 2.5 The registration protocol of Ammayappan et al.’s scheme . . . 17 Figure 2.6 The first protocol of Ammayappan et al.’s scheme . . . . . . . 18 Figure 2.7 The second protocol of Ammayappan et al.’s scheme . . . . . 19 Figure 2.8 The first protocol of Al-Fayoumi et al.’s scheme . . . . . . . . 22 Figure 2.9 The second protocol of Al-Fayoumi et al.’s scheme . . . . . . . 23 Figure 2.10 The TDI protocol of Tang et al.’s scheme . . . . . . . . . . . 25 Figure 2.11 The EMA protocol of Tang et al.’s scheme . . . . . . . . . . 26 Figure 2.12 The HOA protocol of Tang et al.’s scheme . . . . . . . . . . . 27 Figure 2.13 Kalaichelvi and Chandrasekaran’s scheme . . . . . . . . . . . 29 Figure 2.14 The first protocol of Fanian et al.’s scheme . . . . . . . . . . 32 Figure 2.15 The second protocol of Fanian et al.’s scheme . . . . . . . . . 33 Figure 2.16 The first protocol of Lee et al.’s scheme . . . . . . . . . . . . 34 Figure 2.17 The second protocol of Lee et al.’s scheme . . . . . . . . . . . 35 Figure 2.18 The third protocol of Lee et al.’s scheme . . . . . . . . . . . . 37 Figure 3.1 Mutual authentication based on timestamps . . . . . . . . . . 39 Figure 3.2 Mutual authentication based on nonces . . . . . . . . . . . . . 41 Figure 3.3 Mutual authentication based on one-time secrets . . . . . . . . 42 Figure 3.4 Our idea for the initial authentication between a mobile user and the system (VLR and HLR) . . . . . . . . . . . . . . . . . . . . . 44 Figure 3.5 Our idea for the jth authentication between a mobile user and the system (VLR and HLR) after the initial one where j ≥ 1 . . . . . 44 Figure 3.6 The proposed nested one-time secret mechanism . . . . . . . . 46 Figure 4.1 The initial authentication protocol for a user and the system . 50 Figure 4.2 The jth authentication protocol for a user and the system (VLR and HLR) after the most recent initialization . . . . . . . . . . 51 Figure 4.3 The initial authentication protocol for a user and a VLR . . . 53 Figure 4.4 The kth authentication protocol for a user and the current VLR after the most recent initialization . . . . . . . . . . . . . . . . . 54 Figure 4.5 The execution order and the relationship of the four proposed protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55 List of Tables Table 2.1 The notations used in Hwang and Chang’s scheme . . . . . . . 9 Table 2.2 The notations used in Kumar et al.’s scheme . . . . . . . . . . 12 Table 2.3 The notations used in Ammayappan et al.’s Scheme . . . . . . 16 Table 2.4 The notations used in Al-Fayoumi et al.’s scheme . . . . . . . . 20 Table 2.5 The notations used in Tang et al.’s scheme . . . . . . . . . . . 24 Table 2.6 The notations used in Kalaichelvi and Chandrasekaran’s scheme 28 Table 2.7 The notations used in Fanian et al.’s scheme . . . . . . . . . . 30 Table 2.8 The notations used in Lee et al.’s scheme . . . . . . . . . . . . 33 Table 3.1 The comparisons of the three authentication mechanisms . . . . 43 Table 4.1 The definition of notations in the proposed scheme . . . . . . . 48 Table 6.1 The comparisons of the second protocol of Hwang-Chang scheme and the protocol of Section 4.4 . . . . . . . . . . . . . . . . . . . . . . 91 Table 6.2 The comparisons of the first protocol of Hwang-Chang scheme and the protocol of Section 4.2 . . . . . . . . . . . . . . . . . . . . . .92 |
參考文獻 References |
[1] K. Ahmavaara, H. Haverinen, and R. Pichna, “Interworking architecture between 3GPP and WLAN systems,” IEEE Communications Magazine, Vol. 41 , No. 11 , pp. 74-81, 2003. [2] M. Al-Fayoumi, S. Nashwan, S. Yousef, and A. R. Alzoubaidi, “A new hybrid approach of symmetric/asymmetric authentication protocol for future mobile networks,” Proceedings of Wireless and Mobile Computing, Networking and Communications, pp. 29-34, 2007. [3] K. Al-Tawil, A. Akrami, and H. Youssef, “A new authentication protocol for GSM networks,” Proceedings of LCN'98, pp. 21-30, 1998. [4] K. Ammayappan, A. Saxena, and A. Negi, “Mutual authentication and key agreement based on elliptic curve cryptography for GSM,” Proceedings of AD- COM'06, pp. 183-186, 2006. [5] O. Aydemir and A. Selcuk, “A strong user authentication protocol for GSM,” Proceedings of WETICE 2005, pp. 150-153, 2005. [6] A. Aziz and W. Diffie, “Privacy and authentication for wireless local area networks,” IEEE Personal Communications, Vol. 1, No. 1, pp. 24-31, 1993. [7] M. Bauer, P. Schefczik, M. Soellner, and W. Speltacker, “Evolution of the UTRAN architecture,” Proceedings of 3G Mobile Communication Technologies, pp. 244-248, 2003. [8] M. Bellare and P. Rogaway, “Entity authentication and key distribution, ” In Advances in Cryptology-CRYPTO'93, pp. 232-249, 1993. [9] C. Bettstetter, H. J. Vogel, and J. Eberspacher, “GSM phase 2+ general packet radio service GPRS: architecture, protocols, and air interface,” IEEE Commu- nications Surveys and Tutorials, Vol. 2, No. 3, pp. 2-14, 1999. [10] G. Brasche and B. Walke, “Concepts, services, and protocols of the new GSM phase 2+ general packet radio service,” IEEE Communications Magazine, Vol. 35, No. 8, pp. 94-104, 1997. [11] D. Brown, “Techniques for privacy and authentication in personal communication systems,” IEEE Personal Communications, Vol. 2, No. 4, pp. 6-10, 1995. [12] L. Buttyan, C. Gbaguidi, S. Staamann, and U. Wilhelm, “Extensions to an authentication technique proposed for the global mobility network,” IEEE Trans- actions on Communications, Vol. 48, No. 3, pp. 373-376, 2000. [13] J. Cai and D. J. Goodman, “General packet radio service in GSM, ” IEEE Communications Magazine, Vol. 35, No. 10, pp. 122-131, 1997. [14] C. C. Chang, J. S. Lee, and Y. F. Chang, “Efficient authentication protocol of GSM,” Computer Communications, Vol. 28, No. 8, pp. 921-928, 2005. [15] Y. J. Choi and S. J. Kim, “An improvement on privacy and authentication in GSM,” Proceedings of WISA 2004, pp. 14-26, 2004. [16] A. P. Dominguez, “Cryptanalysis of Parka’s authentication protocol in wireless mobile communication systems,” International Journal of Network Security, Vol. 3, No. 3, pp. 279-282, 2006. [17] A. Fanian, M. Berenjkoub, and T. A. Gulliver, “A new mutual authentication protocol for GSM networks”, Proceedings of CCECE'09, pp. 798-803, 2009. [18] S. Goldwasser and S. Micali, “Probabilistic encryption,” Journal of Computer and System Sciences, Vol. 28, No. 2, pp. 270-299, 1984. [19] G. Hahn, T. Kwon, S. Kim, and J. Song, “Design and analysis of improved GSM authentication protocol for roaming users,” Network and Parallel Computing, Vol. 3222, pp. 451-458, 2004. [20] L. Harn and W. J. Hsin, “On the security of wireless network access with enhancements,” Proceedings of the 2003 ACM workshop on Wireless Security, pp. 88-95, 2003. [21] K. F. Hwang and C. C. Chang, “A self-encryption mechanism for authentication of roaming and teleconference services,” IEEE Transactions on Wireless Communications, Vol. 2, No. 2, pp. 400-407, 2003. [22] M. S. Hwang, C. C. Lee and J. Z. Lee, “A new anonymous channel protocol in wireless communications,” International Journal on Electronics and Commu- nications, Vol. 58, No. 3, pp. 218-222, 2004. [23] M. S. Hwang, Y. L. Tang, and C. C. Lee, “An efficient authentication protocol for GSM networks,” Proceedings of AFCEA/IEEE Euro-Comm'2000, pp. 326-329, 2000. [24] N. Jefferies, “Security in third-generation mobile systems,” IEE Colloquium on Security in Networks, pp. 8/1-8/5, 1995. [25] Y. Jiang, C. Lin, X. Shen, and M. Shi “Mutual authentication and key exchange protocols for roaming services in wireless mobile networks,” IEEE Transactions on Wireless Communications, Vol. 5, No. 9, pp. 2569-2577, 2006. [26] V. Kalaichelvi and R. M. Chandrasekaran, “Secure authentication protocol for mobile,” Proceedings of Computing, Communication and Networking, pp. 1-4, 2008. [27] R. Kuhne, U. Reimer, M. Schlager, F. Dressler, C. Fan, A. Fessi, A. Klenk, and G. Carle “Architecture for a service-oriented and convergent charging in 3G mobile networks and beyond,” Proceedings of IEEE Conference on 3G and Beyond, pp. 1-5, 2005. [28] K. P. Kumar, G. Shailaja, A. Kavitha, and A. Saxena, “Mutual authentication and key agreement for GSM,” Proceedings of ICMB'06, pp. 25-28, 2006. [29] H. Le Bras and M. Moignard, “Distribution of 3G base stations on passive optical network architecture,” Proceedings of IEEE Conference on Microwave Photonics, pp.1-4, 2006. [30] C. C. Lee, M. S. Hwang, and I. E. Liao, “A new authentication protocol based on pointer forwarding for mobile communications”, Wireless Communications and Mobile Computing, Vol. 8, No. 5, pp. 661-672, 2008. [31] C. C. Lee, M. S. Hwang, and W. P. Yang, “Extension of authentication protocol for GSM,” IEE Proceedings-Communications, Vol. 150, No. 2, pp. 91-95, 2003. [32] C. H. Lee, M. S. Hwang, and W. P. Yang, “Enhanced privacy and authentication for the global system for mobile communications,” Wireless Networks, Vol. 5, No. 4, pp. 231-243, 1999. [33] C. C. Lee, I. E. Liao, and M. S. Hwang, “An efficient authentication protocol for mobile communications,” Telecommunication Systems, 2010. [34] C. Liu, and C. Zhou, “An improved interworking architecture for UMTS-WLAN tight coupling,” Proceedings of IEEE Wireless Communications and Networking Conference, pp. 1690-1695, 2005. [35] C. C. Lo, and Y. J. Chen, “A secure communication architecture for GSM networks,” Proceedings of PACRIM'99, pp. 221-224, 1999. [36] C. C. Lo, and Y. J. Chen, “Secure communication mechanisms for GSM networks,” IEEE Transactions on Consumer Electronics, Vol. 45, No.4, pp. 1074- 1080, 1999. [37] B. Mallinder, “An overview of the GSM system,” Proceedings of Third Nordic Seminar on Digital Land Mobile Radio Communication, pp. 12-15, 1988. [38] S. Mohanty, “A new architecture for 3G and WLAN integration and intersystem handover management,” Wireless Networks, Vol. 12, No. 6, pp. 733-745, 2006. [39] K. S. Munasinghe, and A. Jamalipour, “A 3GPP-IMS based approach for converging next generation mobile data networks,” Proceedings of IEEE commu- nications, pp. 5264-5269, 2007. [40] K. S. Munasinghe, and A. Jamalipour, “An architecture for mobility management in interworked 3G cellular and WiMAX Networks,” Proceedings of Wireless Telecommunications Symposium, pp. 291-297, 2008. [41] M. O. Park and D. W. Park, “SUAPLLA scheme: enhanced solution for user authentication in the GSM system,” Proceedings of ICCSA 2006, pp. 883-892, 2006. [42] A. Peinado, “Privacy and authentication protocol providing anonymous channels in GSM,” Computer Communications, Vol. 27, No. 17, pp. 1709-1715, 2004. [43] M. Rahnema, “Overview of the GSM system and protocol architecture,” IEEE Communications Magazine, Vol. 31, No. 4, pp. 92-100, 1993. [44] P. L. Reilly, “GSM network architecture issues for the next century,” Proceed- ings of IEEE conference on Vehicular Technology, pp. 325-329, 1994. [45] M. Rhee, “Global system for mobile communications,” Proceedings of Mobile Communication Systems and Security, pp. 1-25, 2009. [46] D. X. Song, D. Wagner, and A. Perrig, “Practical techniques for searches on encrypted data,” Proceedings of Security and Privacy, pp. 44-55, 2000. [47] J. F. Stach, E. K. Park, and K. Makki, “Performance of an enhanced GSM protocol supporting non-repudiation of service,” Computer Communications, Vo. 22, issue 7, pp. 675-680, 1999. [48] S. Suzuki and K. Nakada, “An authentication technique based on distributed security management for the global mobility network,” IEEE Journal Selected Areas in Communications, Vol. 15, No. 8, pp. 1608-1617, 1997. [49] C. Tang and D. O. Wu, “An efficient mobile authentication scheme for wireless networks,” IEEE Transactions on Wireless Communications, Vol. 7, No. 4, pp. 1408-1416, 2008. [50] 3rd Generation Partnership Project; Technical Specification Group SA; 3G Security, “Security Architecture, version 4.2.0, Release 4,” 3GPP, TS 33.102, 2001. [51] U. S. Department of Commerce/National Institute of Standard and Technology. FIPS PUB 197, Speci cation for the Advanced Encryption Standard (AES), November 2001. Available at http://csrc.nist.gov/encryption/aes. [52] http://www.visualgsm.com/gsm topic03.htm [53] http://www.etsi.org/WebSite/AboutETSI/GlobalRole/3GPP.aspx [54] http://www.networkdictionary.com/Wireless/UMTS-3G-Mobile-Wireless- Network-Architecture.php [55] http://denmasbroto.com/?pilih=news&mod=yes&aksi=lihat&id=2 [56] http://www.sipknowledge.com/IMSGlossary.htm [57] http://www.3g4g.co.uk/Tutorial/ZG/zg camel.html |
電子全文 Fulltext |
本電子全文僅授權使用者為學術研究之目的,進行個人非營利性質之檢索、閱讀、列印。請遵守中華民國著作權法之相關規定,切勿任意重製、散佈、改作、轉貼、播送,以免觸法。 論文使用權限 Thesis access permission:校內外都一年後公開 withheld 開放時間 Available: 校內 Campus: 已公開 available 校外 Off-campus: 已公開 available |
紙本論文 Printed copies |
紙本論文的公開資訊在102學年度以後相對較為完整。如果需要查詢101學年度以前的紙本論文公開資訊,請聯繫圖資處紙本論文服務櫃台。如有不便之處敬請見諒。 開放時間 available 已公開 available |
QR Code |