authors: kui ren, wenjing lou, kwangjo kim, and robert deng

1

A Novel Privacy Preserving Authentication and Access Control Scheme for Pervasive Computing

Environments

Authors: Kui Ren, Wenjing Lou, Kwangjo Kim, and Robert DengSources: IEEE Transactions on Vehicular Technology, 55(4), pp. 1373-1384, July 2006.Reporter: Chun-Ta Li (李俊達 )

222

Outline Pervasive computing environments (PCE) Motivations The proposed scheme Analysis Comments

3

Pervasive computing environments Definition

Integrates digital devices (such as computers, handheld devices, sensors and actuators) seamlessly with everyday physical devices (such as electrical appliances and automobiles).

Three components [James Kurose and Keith Ross, 2004] Nomadic computing: wireless-technology Sensor-based smart spaces: environment-monitoring Mobile computing data management

Sensor network

4

Pervasive computing environments Service-Oriented Architecture

5

Pervasive computing environments Sample PCE

Authentication Server

Authentication Server

Router

PublicInternet

PublicInternet

Gateway

Access PointAccess Point

Printer User

Fax

Scanner Scientific Device

6

Motivations Providing explicit mutual authentication between

mobile user and the service Allowing mobile user to anonymously interact with

the service Enabling differentiated service access control among

different users Providing flexibility and scalability to both user and

service sides Generating fresh session keys to secure the interaction Efficiency of communication, computation and

management overheads

7

The proposed scheme Notations

8

The proposed scheme (cont.) System architecture

Mobile User

Authentication Server

Service Access Point

1. Reg

istra

tion

2. Auth

oriza

tion

3. Access Request

4. Authentication Request

5. Authentication

Acknowledgement

6. Access/Reject

9

The proposed scheme (cont.) User authorization protocol

Credential generation

Mobile user U (a certificate CertU) Service provider S

1. Generate two nonces: r’U and r”U

2. Sign her own ID with a nonce r”U {U, r”U}PriKU

3. Compute the anchor value C0 h(r”U, U, {U, r”U}PriKU)

Non-repudiation property

4. Compute the credential chain Cn hn(C0), with length n

5. Blind Cn as CU {r’U}PubKSID * Cn

10

The proposed scheme (cont.) User authorization protocol

Credential authorizationMobile user U (a certificate CertU) Service provider S

U, CU, CertU, SID

authorization request

6. Verify CertU with PubKS

7. Sign CU as CS {CU}PriKSID = r’U * {Cn}PriKSID

CS

authorization confirmation

8. Compute CS/r’U (Cn, {Cn}PriKSID)

11

The proposed scheme (cont.) User operational protocol

Mobile user U Service provider SAccess point P

1. Generate a nonce: rU

2. Send {rU, Cn, {Cn}PriKSID

}PubKS

3. Send {rU, Cn, {Cn}PriKSID

}PubKS

secure tunnel 4. Decrypt rU, Cn

5. Store Cn

6. Send rU, Cn

secure tunnel7. Generate a nonce: rP

8. Compute KUP=h(Cn, rP, rU, 0). K’UP=h(Cn, rP, rU, 1)9. Send rP, {rU, P}KUP

access acknowledgement

access requestaccess request

access acknowledgement

12

The proposed scheme (cont.) User operational protocol

Mobile user U Service provider SAccess point P

10. Compute KUP=h(Cn, rP, rU, 0), K’UP = h(Cn, rP, rU, 1). 11. Decrypt and verifies rU, Cn, P

12. Encrypt Xm0 = {m0}K’UP

13. Compute hKUP(Xm0

)

14. Send rP, rU, Xm0, hKUP

(Xm0)

15. Verify Xm0 using KUP

16. Decrypt m0 using K’UP… …… …

rP, rU, Xmi, hKUP

(Xmi)

authenticated data traffic

authenticated data traffic

13

Analysis

14

Comments Cryptanalysis of anonymity property

Service provider S

Step 1: Get U, CU = {r’U}PubKSID * Cn in Credential Authorization phase

Step 2: Sign CU as CS {CU}PriKSID = r’U * {Cn}PriKSID

Step 3: Store U, CU, CS = {CU}PriKSID = r’U * {Cn}PriKSID

in their own DB

Step 4: Get Cn, {Cn}PriKSID in User Operational phase

Step 5: Compute CS / {Cn}PriKSID to derive r’U

Step 6: Compute C’U = {r’U}PubKSID * Cn

to verify whether C’U = CU holds or not.

Step 7: If it holds, S confirms that mobile user U accesses the service; otherwise, S continually executes the previous Steps from 4 to 6.

15

Comments (cont.) Efficiency improvement in user operational

phase compared Cj with all Cjs stored in S’s DB

Time complexity is O(n) if there are n users in DB

solution: Useri generates a TID in access request message and sends it to service provider to store the TID of useri Time complexity is O(1)

16

Comments (cont.) Service abuse problem

No one can derive the value of Cn unless user itself and thus anyone can fabricate an invalid Cn with a valid CertU to access the service without limits even than a valid user can deny his accesses.

CertU must keep secret for outsiders

{U, CU, CertU, SID}PubKS

Mobile user U (a certificate CertU) Service provider S