CityU Institutional Repository >
3_CityU Electronic Theses and Dissertations >
ETD - Dept. of Computer Science >
CS - Doctor of Philosophy >
Please use this identifier to cite or link to this item:
|Title: ||Research on password authenticated key exchange and secure wireless roaming|
|Other Titles: ||Ji yu kou ling de ke ren zheng mi yue jiao huan he wu xian an quan man you xie yi de yan jiu|
|Authors: ||Jin, Haimin (金海旻)|
|Department: ||Department of Computer Science|
|Degree: ||Doctor of Philosophy|
|Issue Date: ||2010|
|Publisher: ||City University of Hong Kong|
|Subjects: ||Public key infrastructure (Computer security)|
Wireless communication systems -- Security measures.
|Notes: ||CityU Call Number: TK5102.85 .J56 2010|
x, 169 leaves 30 cm.
Thesis (Ph.D.)--City University of Hong Kong, 2010.
Includes bibliographical references (leaves 155-169)
|Abstract: ||In an open network, an Authenticated Key Exchange (AKE) protocol provides two kinds of services for the two communication parties. First, it
allows the two parties to establish a session key which is a pure symmetric
key known by each other only. The established key is used for realizing the
data confidentiality and data integrity in the following data transmission.
Second, it provides a mechanism for the two parties to be convinced that
it is communicating with the intended party. According to the different authentication factors, there are several kinds of AKE, such as Password-only
AKE (PAKE), symmetric key based AKE, public key based AKE and hybrid
AKE. PAKE is widely adopted for many applications due to its high usability, such as applied by ATM and email system. In general, there are two main
types of PAKE that single-server scheme and multi-server scheme. Recently,
a Password-only Two-Server AKE (PTAKE) scheme was proposed in order
to solve the single point of failure problem in the conventional single-server
scheme as well as to overcome the disadvantage of the multi-server scheme
that the expensive system costs. Although there have been some schemes
proposed already, either they cannot achieve the strongest security requirement that the system is secure against o²ine dictionary attacks even if any
one of the two servers is corrupted by an active adversary, or their system
complexity is much higher than that of single-server schemes. In this thesis,
we propose a novel PTAKE. It satis¯es the strongest security requirement
mentioned above. And the protocol requires altogether six communication rounds only while maintaining about the same degree of computational complexity as other most e±cient scheme.
In the mean time, modular multi-exponentiation is an arithmetic operation that on input integers (x1,...,xl), (e1,...,el) and n, computes
(mod n) for l > 1. In this thesis, we focus on the case that l = 2, that is,
given integers A, B, X, Y and N, compute C = AXBY (mod N). The
PTAKE mentioned above and many existing schemes require such efficient
modular multi-exponentiation operations in order to make them fast in practice as multi-exponentiation is one of the most expensive operations for them.
There are many algorithms available for performing this operation. However,
the complexity of some algorithms is not quantified. Therefore, we target to
look into one of the most updated ones and find out the computational complexity of the algorithm.
On the other hand, with the tremendous development of the wireless
communications technology, mobility networks and the ubiquitous wireless
local area network (WLAN) hot spots have become widely available and interconnected. Wireless roaming services allows people to roam around with
their mobile devices without being limited by the geographical area of their
own home networks and access into different WLANs to enjoy the services
provided by different foreign servers rather than his home server. In order to
build a secure channel between the roaming user and the service provider, the
Secure Wireless Roaming (SWR) protocol has been proposed, the core function of which is to provide AKE between the two parties. Furthermore, the
demand for protecting user privacy (i.e., user anonymity and user untraceability) becomes more urgent today, the SWR with providing user privacy is
usually referred to Anonymous SWR. In this thesis, we focus on the proposal
of the all-round security requirements for anonymous SWR and the efficient
design of protocol with the lower communication and computation costs for
the mobile equipments. Besides, a localized anonymous roaming protocol is proposed recently with the motivation of alleviating the communication
burden of the servers. However, the biggest problem of such type protocol is
the huge costs of the user revocation scheme. It is more challenging to design
a secure protocol with the enhanced efficiency.
As described above, we focus on the following problems,
1. In this dissertation, we propose a novel PTAKE. It overcomes the disadvantage of the conventional single-server scheme that the single point
of failure as well as the disadvantage of the multi-server scheme that
the expensive system costs. It not only satisfies the strongest security
requirement for PTAKE that the system is secure against o²ine dictionary attacks even if any one of the two servers is corrupted by an
active adversary, but also it requires six communication rounds only.
Namely, our scheme reduces the number of communication rounds by
40% when compared with other most efficient scheme while maintaining about the same degree of computational complexity. Furthermore,
we propose a generic PTAKE with satisfying the lower security level for
PTAKE that the system is secure against o²ine dictionary attacks even
if the front one of the two servers is corrupted by an active adversary
or the backend server is corrupted by a passive adversary.
2. The PTAKE schemes mentioned above and many other existing crypto
systems require efficient modular duplex-exponentiation operations in
order to make the systems fast in practice as it is the most expensive
operations for them. In this dissertation, we target to examine the
computational complexity of the famous fast algorithms. Particularly,
we provide a formal complexity analysis for WLLC algorithm under
Markov probabilistic model, which was claimed to be the fastest algorithm. The complexity analysis and the experimental results show
that the actual computational complexity of WLLC algorithm should
be 1.556k rather than 1.306k, where k is the larger bit length of the two exponents. It implies that the best modular duplex-exponentiations algorithm based on canonical-sighed-digit technique is still not able to
overcome the 1.5k barrier.
3. In order to build a secure channel between the roaming user and the
service provider with providing user privacy (i.e., user anonymity and
user untraceability), the Anonymous Secure Wireless Roaming protocol has been proposed, the core function of which is to provide AKE
between the two parties. In this dissertation, we focus on the proposal
of the all-round security requirements for Anonymous SWR which captures the following security properties including mutual authentication
between roaming user and foreign server, key establishment and key privacy against backend server, forward secrecy, user anonymity and user
untraceability. And we propose a pure symmetric key based Anonymous SWR protocol using the CK modular approach. To best of our
knowledge, it seems to be the first pure symmetric key based anonymous SWR. Compared with other existing Anonymous SWR protocols,
both of the computation complexity and communication complexity
of our protocol are lowest, since it involves only 4 message °ows and
no PKI (Public Key Infrastructure) but only highly efficient cryptographic operations are needed which include Message Authentication
Code (MAC) and symmetric key encryption.
4. As an important cryptographic tool, group signature has been widely
employed by various crypto systems, especially it is employed to construct a localized anonymous roaming protocol as a core building block.
Although for this roaming protocol, the communication burden of the
servers will be alleviated much, the computational complexity and user
revocation complexity will increase quickly due to the usage of group
signature. In order to overcome this disadvantage, we propose an efficient group signature with forward secure revocation with satisfying constant signing and verifying complexity as well as constant size in
signature public key and signing key.|
|Online Catalog Link: ||http://lib.cityu.edu.hk/record=b3947516|
|Appears in Collections:||CS - Doctor of Philosophy |
Items in CityU IR are protected by copyright, with all rights reserved, unless otherwise indicated.