authors: kui ren, wenjing lou, kwangjo kim, and robert deng
DESCRIPTION
A Novel Privacy Preserving Authentication and Access Control Scheme for Pervasive Computing Environments. Authors: Kui Ren, Wenjing Lou, Kwangjo Kim, and Robert Deng Sources: IEEE Transactions on Vehicular Technology, 55(4), pp. 1373-1384, July 2006. Reporter: Chun-Ta Li ( 李俊達 ). Outline. - PowerPoint PPT PresentationTRANSCRIPT
1
A Novel Privacy Preserving Authentication and Access Control Scheme for Pervasive Computing
Environments
Authors: Kui Ren, Wenjing Lou, Kwangjo Kim, and Robert DengSources: IEEE Transactions on Vehicular Technology, 55(4), pp. 1373-1384, July 2006.Reporter: Chun-Ta Li (李俊達 )
222
Outline Pervasive computing environments (PCE) Motivations The proposed scheme Analysis Comments
3
Pervasive computing environments Definition
Integrates digital devices (such as computers, handheld devices, sensors and actuators) seamlessly with everyday physical devices (such as electrical appliances and automobiles).
Three components [James Kurose and Keith Ross, 2004] Nomadic computing: wireless-technology Sensor-based smart spaces: environment-monitoring Mobile computing data management
Sensor network
4
Pervasive computing environments Service-Oriented Architecture
5
Pervasive computing environments Sample PCE
Authentication Server
Authentication Server
Router
PublicInternet
PublicInternet
Gateway
Access PointAccess Point
Printer User
Fax
Scanner Scientific Device
6
Motivations Providing explicit mutual authentication between
mobile user and the service Allowing mobile user to anonymously interact with
the service Enabling differentiated service access control among
different users Providing flexibility and scalability to both user and
service sides Generating fresh session keys to secure the interaction Efficiency of communication, computation and
management overheads
7
The proposed scheme Notations
8
The proposed scheme (cont.) System architecture
Mobile User
Authentication Server
Service Access Point
1. Reg
istra
tion
2. Auth
oriza
tion
3. Access Request
4. Authentication Request
5. Authentication
Acknowledgement
6. Access/Reject
9
The proposed scheme (cont.) User authorization protocol
Credential generation
Mobile user U (a certificate CertU) Service provider S
1. Generate two nonces: r’U and r”U
2. Sign her own ID with a nonce r”U {U, r”U}PriKU
3. Compute the anchor value C0 h(r”U, U, {U, r”U}PriKU)
Non-repudiation property
4. Compute the credential chain Cn hn(C0), with length n
5. Blind Cn as CU {r’U}PubKSID * Cn
10
The proposed scheme (cont.) User authorization protocol
Credential authorizationMobile user U (a certificate CertU) Service provider S
U, CU, CertU, SID
authorization request
6. Verify CertU with PubKS
7. Sign CU as CS {CU}PriKSID = r’U * {Cn}PriKSID
CS
authorization confirmation
8. Compute CS/r’U (Cn, {Cn}PriKSID)
11
The proposed scheme (cont.) User operational protocol
Mobile user U Service provider SAccess point P
1. Generate a nonce: rU
2. Send {rU, Cn, {Cn}PriKSID
}PubKS
3. Send {rU, Cn, {Cn}PriKSID
}PubKS
secure tunnel 4. Decrypt rU, Cn
5. Store Cn
6. Send rU, Cn
secure tunnel7. Generate a nonce: rP
8. Compute KUP=h(Cn, rP, rU, 0). K’UP=h(Cn, rP, rU, 1)9. Send rP, {rU, P}KUP
access acknowledgement
access requestaccess request
access acknowledgement
12
The proposed scheme (cont.) User operational protocol
Mobile user U Service provider SAccess point P
10. Compute KUP=h(Cn, rP, rU, 0), K’UP = h(Cn, rP, rU, 1). 11. Decrypt and verifies rU, Cn, P
12. Encrypt Xm0 = {m0}K’UP
13. Compute hKUP(Xm0
)
14. Send rP, rU, Xm0, hKUP
(Xm0)
15. Verify Xm0 using KUP
16. Decrypt m0 using K’UP… …… …
rP, rU, Xmi, hKUP
(Xmi)
authenticated data traffic
authenticated data traffic
13
Analysis
14
Comments Cryptanalysis of anonymity property
Service provider S
Step 1: Get U, CU = {r’U}PubKSID * Cn in Credential Authorization phase
Step 2: Sign CU as CS {CU}PriKSID = r’U * {Cn}PriKSID
Step 3: Store U, CU, CS = {CU}PriKSID = r’U * {Cn}PriKSID
in their own DB
Step 4: Get Cn, {Cn}PriKSID in User Operational phase
Step 5: Compute CS / {Cn}PriKSID to derive r’U
Step 6: Compute C’U = {r’U}PubKSID * Cn
to verify whether C’U = CU holds or not.
Step 7: If it holds, S confirms that mobile user U accesses the service; otherwise, S continually executes the previous Steps from 4 to 6.
15
Comments (cont.) Efficiency improvement in user operational
phase compared Cj with all Cjs stored in S’s DB
Time complexity is O(n) if there are n users in DB
solution: Useri generates a TID in access request message and sends it to service provider to store the TID of useri Time complexity is O(1)
16
Comments (cont.) Service abuse problem
No one can derive the value of Cn unless user itself and thus anyone can fabricate an invalid Cn with a valid CertU to access the service without limits even than a valid user can deny his accesses.
CertU must keep secret for outsiders
{U, CU, CertU, SID}PubKS
Mobile user U (a certificate CertU) Service provider S