GuominYangTemasekLaboratoriesNationalUniversityof.pptVIP

GENERIC TRANSFORMATION Always include a PRF key K in the long-term key, and use Rand’ = PRFK(Rand) as the randomness for the AKE protocol Theorem (FC’11): if an AKE protocol is secure in Case 1, then the new protocol derived using the above transformation is also secure in Case 2. Additional notes: Forward secrecy: possible in Case 1, but not in Case 2 The converted protocol may lose forward secrecy in Case 1 To preserve forward secrecy in Case 1,  {K, PRFK(Rand)} ≈ {K, U}.? PRF must be a Randomness Extractor as well Candidate for PRF: HMAC SECURE ROAMING PROTOCOLS SECURE ROAMING Roaming WLAN Telecommunication ATM/Credit Card …… SECURE ROAMING GSM 3GPP: Server Authentication SECURE ROAMING Deposit-case Attacks (IEEE TWC’07) SECURE ROAMING Deposit-case Attacks (IEEE TWC’07) Attacks against other protocols: more complicated SECURE ROAMING Universal AKE Protocols (IEEE TWC’10) Idea: ID-based Cryptography Home server = Key Generation Center User Authentication: Public Key of the Home Server + Mobile User Identity Advantages: Foreign server does not need to contact home server of a roaming user Foreign server can use the same protocol and signaling flows to authenticate both local and foreign clients Tools: Identity-based Signature Heterogeneous Signcryption (Comp. J.’11) SECURE ROAMING Heterogeneous Signcryption (Comp. J.’11) Identity-Based Signature + Conventional PKE Avoid pairing operation One-pass Universal AKE protocol OTHER AKE PROTOCOLS MULTI-FACTOR AKE PROTOCOLS (JCSS’08) Something you know Something you have Something you are …… s#2j!5 + msg 1 msg 2 msg 3 + GROUP AKE PROTOCOLS (CANS’10) Security Requirements Authentication Insider Security Session Key Secrecy Forward/Backward Security Contributiveness Robustness THANK YOUEMAIL: TSLYG@NUS.EDU.SG * * * * * * * * * * * Guomin Yang Temasek Laboratories National University of Singapore HOW TO BUILD A SECURE COMMUNICATION CHANNEL AUTHENTICATED KEY EXCHANGE (AKE) Security Goals Mu