Please use this identifier to cite or link to this item:
A Study of Key Agreement Protocols in Wireless Environments
|關鍵字:||金鑰協議協定;Key agreement protocol;金鑰交換協定;認證;網路安全;無線通訊;電信;Key exchange protocol;Authentication;Network security;Wireless communications;Telecommunication||出版社:||資訊科學與工程學系所||引用:||References  3GPP2 N.S0011 v1.0, OTASP and OTAPA. available at: http://www.3gpp2.org, 1999.  3GPP2 C.S0016-C v1.0, Over-the-Air Service Provisioning of Mobile Stations in Spread Spectrum Standards. available at: http://www.3gpp2.org, 2004.  FIPS PUB 197. “Advanced encryption standard,”. federal information processing standards publications, U. S. Department of commerce/N.I.S.T., National Technical, Information Service, Nov. 2001.  3rd Generation Partnership Project (3GPP). UMTS. available at: http://www.3gpp.org/article/umts, 2010.  Ian F. Akyildiz, Xudong Wang, and Weilin Wang, “Wireless mesh networks: a survey,” Computer Networks, vol. 47, no. 4, pp. 445-487, 15 March 2005.  Wi-Fi Alliance. WPA White papers. available at: http://www.wi-fi.org/, 2009.  Feng Bao, “Security analysis of a password authenticated key exchange protocol,” in Proceeding of ISC 2003, Lecture Notes in Computer Science 2851, pp. 208-217, Bristol, UK, 2003.  M. Bellare, D. Pointcheval, and P. Rogaway, “Authenticated key exchange secure against dictionary attack,” in Advances in Cryptology - EUROCRYPT''00, pp. 122-138, 2000.  Mihir Bellare and Phillip Rogaway, “Random oracles are practical: A paradigm for designing efficient protocols,” Proc. 1st ACM Conference on Computer and Communications Security, pp. 62-73, 1993. 73  S. M. Bellovin and M. Merritt, “Encrypted key exchange: Password-based protocols secure against dictionary attacks,” in 1992 IEEE Computer Society Conference on Research in Security and Privacy, pp. 72-84, 1992.  T. Berson, “Differential cryptanalysis mod 232 with applications to MD5,” in Proceedings, EUROCRYPT''92, New York: Springer-Verlag, May 1992.  B. Boer and A. Bosselaers, “Collisions for the compression function of MD5,” in Proceedings, EUROCRYPT''93, New York: Springer-Verlag, 1993.  V. Boyko, P. MacKenzie, and S. Patel, “Provably secure password-authenticated key exchange using Diffie-Hellman,” in Advances in Cryptology - EUROCRYPT''00, pp. 156-171, 2000.  L. Buttyan, C. Gbaguidi, S. Staamann, and U. Wilhelm, “Extensions to an authentication technique proposed for the global mobility network,” IEEE Transactions on Communications, vol. 48, no. 3, pp. 373-376, 2000.  Chin-Chen Chang and Shih-Chang Chang, “An improved authentication key agreement protocol based on elliptic curve for wireless mobile networks,” in 2008 International Conference on Intelligent Information Hiding and Multi- media Signal Processing, pp. 1375-1378, 2008.  Chin-Chen Chang, Kuo-Lun Chen, and Min-Shiang Hwang, “End-to-end security protocol for mobile communications with end-user identification/authentication,” Wireless Personal Communications, vol. 28, no. 2, pp. 95-106, 2004.  Chin-Chen Chang, Jung-San Lee, and Jui-Yi Kuo, “Time-bound based authentication scheme for multi-server architecture,” International Journal of Innovative Computing, Information and Control, vol. 4, no. 11, pp. 2987-2996, 2008.  Ting-Yi Chang, Chou-Chen Yang, and Chia-Meng Chen, “Improvement on pretty-simple password authenticated key-exchange protocol for wireless networks,” Informatica, vol. 15, no. 2, pp. 161-170, 2004. 74  Y. F. Chang, C. C. Chang, and J. H. Yang, “An efficient password authenticated key exchange protocol for imbalanced wireless networks,” Computers standards & Interfaces, vol. 27, pp. 313-322, 2005.  Chien-Chang Chen and Cheng-Shian Lin, “A ga-based nearly optimal image authentication approach,” International Journal of Innovative Computing, In- formation and Control, vol. 3, no. 3, pp. 631-640, 2007.  H. Chen, Q. Ding, L. Ding, and X. Dong, “Experimental study on secure communication of different scroll chaotic systems with identical structure,” ICIC Express Letters, vol. 2, no. 2, pp. 201-206, 2008.  Ji Young Chun, Jung Yeon Hwang, and Dong Hoon Lee, “A note on leakageresilient authenticated key exchange,” IEEE Transactions on Wireless Com- munications, vol. 8, no. 5, pp. 2274-2279, 2009.  Douglas E. Comer, Computer networks and Internets. Pearson Prentice Hall, fifth edition, 2008.  M.S. Corson, J.P. Macker, and G.H. Cirincione, “Internet-based mobile ad hoc networking,” IEEE Internet Computing, vol. 3, no. 4, pp. 63-70, 1999.  W. Diffie and M. E. Hellman, “New directions in cryptography,” IEEE Trans- actions on Information Theory, vol. IT-22, pp. 644-654, Nov. 1976.  Whitfield Diffie and M. Hellman, “New directions in cryptology,” IEEE Tran- sations on Information Theory, vol. IT-22, no. 6, pp. 644-654, 1976.  Whitfield Diffie, Paul C. van Oorschot, and Michael J. Wiener, “Authentication and authenticated key exchanges,” Designs, Codes and Cryptography, vol. 2, no. 2, pp. 107-125, 1992.  H. Dobbertin, “The status of MD5 after a recent attack,” CryptoBytes, vol. 2, no. 2, pp. 1-6, 1996. 75  N. El-Fishway, M. Nofal, and A. Tadros, “An effective approach for authentication of mobile users,” in IEEE 55th Vehicular Technology Conference, VTC Spring 2002, 2, pp. 598-601, May 2002.  ETSI. “Recommendation GSM 03.20: Security related network functions,”. technical report, European Telecommunications Standards Institute ETSI, June 1993.  O. Goldreich and Y. Lindell, “Session-key generation using human passwords only,” in Advances in Cryptology, CRYPTO''01, Lecture Notes in Computer Science 2139, pp. 408-432, 2001.  Andrew Harding, Timothy W. van der Horst, and Kent E. Seamons, “Wireless authentication using remote passwords,” in the _rst ACM conference on Wireless network security, pp. 24-29, 2008.  L. Harn and H. Y. Lin, “Modification to enhance the security of the GSM protocol,” in Proceedings of the 5th National Conference on Information Security, pp. 416-420, Taipei, May 1995.  S. Hirose and S. Yoshida, “An authenticated Diffie-Hellman key agreement protocol secure against active attacks,” Lecture Notes in Computer Science, 1431, vol. 1431, pp. 135-148, 1998.  Chien-Lung Hsu, Wen-Te Lin, and Yen-Chun Chou, “New efficient password authenticated key exchange protocol for imbalanced wireless networks,” Jour- nal of Computers, vol. 18, no. 2, pp. 25-32, 2007.  Hui-Feng Huang andWei-ChenWei, “A new efficient and complete remote user authentication protocol with smart card,” International Journal of Innovative Computing, Information and Control, vol. 4, no. 11, pp. 2803-2808, 2008.  Weili Huang and Jian Yang, “New network security based on cloud computing,” in 2010 Second International Workshop on Education Technology and Computer Science ETCS, 3, pp. 604-609, 2010. 76  K. F. Hwang and C. C. Chang, “A self-encryption mechanism for authentication of roaming and teleconference services,” IEEE Transactions on Wireless Communications, vol. 2, no. 2, pp. 400-407, 2003.  Min-Shiang Hwang, Jung-Wen Lo, and Chia-Hsin Liu, “Enhanced of key agreement protocols resistant to a denial-of-service attack,” Fundamenta Informat- icae, vol. 61, no. 4, pp. 389-398, 2004.  D. P. Jablon, “Strong password-only authenticated key exchange,” ACM SIG- COMM Computer Communication Review, vol. 26, no. 5, pp. 5-26, 1996.  Wen-Shenq Juang and Jing-Lin Wu, “Efficient user authentication and key agreement with user privacy protection,” International Journal of Network Security, vol. 7, no. 1, pp. 120-129, 2008.  Mike Just and Serge Vaudenay, “Authenticated multi-party key agreement,” Lecture Notes in Computer Science 1163, pp. 36-49, 1996.  Jonathan Katz, Rafail Ostrovsky, and Moti Yung, “Efficient password-authenticated key exchange using human-memorable passwords,” in Proceedings of EURO- CRYPT 2001, Lecture Notes in Computer Science 2045, pp. 475-494, Austria, 2001.  L.M. Kaufman, “Data security in the world of cloud computing,” IEEE Secu- rity & Privacy, vol. 7, no. 4, pp. 61-64, 2009.  Kazukuni Kobara and Hideki Imai, “Pretty-simple password-authenticated key-exchange protocol proven to be secure in the standard model,” IEICE Transactions on Fundamentals, vol. E85-A, no. 10, pp. 2229-2237, 2002.  Taekyoung Kwon, “Practical authenticated key agreement using passwords,” Lecture Notes in Computer Science 3225, pp. 1-12, 2004.  Cheng-Chi Lee, Min-Shiang Hwang, and Li-Hua Li, “A new key authentication scheme based on discrete logarithms,” Applied Mathematics and Computation archive, vol. 139, no. 2-3, pp. 343-349, 2003. 77  Cheng-Chi Lee, Chou-Chen Yang, and Min-Shiang Hwang, “A new privacy and authentication protocol for end-to-end mobile users,” International Jour- nal of Communication Systems, vol. 16, no. 9, pp. 799-808, 2003.  Cheng-Chi Lee, Chou-Chen Yang, and Min-Shiang Hwang, “A new privacy and authentication protocol for end-to-end mobile users,” International Jour- nal of Communication Systems, vol. 6, no. 9, pp. 799-808, 2003.  Chii-Hwa Lee, Min-Shiang Hwang, and Wei-Pang Yang, “Enhanced privacy and authentication for the global system of mobile communications,” Wireless Networks, vol. 5, pp. 231-243, July 1999.  Jung-San Lee and Chin-Chen Chang, “Secure communications for clusterbased ad hoc networks using node identities,” Journal of Network and Com- puter Applications, vol. 30, pp. 1377-1396, August 2007.  Yunho Lee, Seungjoo Kim, and Dongho Won, “Enhancement of two-factor authenticated key exchange protocols in public wireless LANs,” Computers & Electrical Engineering, vol. 36, no. 1, pp. 213-223, 2010.  Arjen K. Lenstra and Eric R Verheul, “The XTR public key system,” in Ad- vances in Cryptology - CRYPTO 2000, Lecture Notes in Computer Science 1880, pp. 1-19, Springer Verlag, 2000.  Chun-Li Lin., Hung-Min Sun, and Tzonelih Hwang, “Three-party encrypted key exchange: Attacks and a solution,” ACM Operating Systems Review, vol. 34, no. 4, pp. 12-20, 2000.  Jie Liu and Jianhua Li, “A better improvement on the integrated Diffie- Hellman-DSA key agreement protocol,” International Journal of Network Se- curity, vol. 11, no. 2, pp. 114-117, 2010.  C. C. Lo and Y. J. Chen, “Secure communication mechanisms for GSM networks,” IEEE Transactions on Consumer Electronics, vol. 45, no. 4, pp. 1074- 1080, 1999. 78  Jung-Wen Lo, “The improvement of YSYCT scheme for imbalanced wireless network,” International Journal of Network Security, vol. 3, no. 1, pp. 39-43, 2006.  Eric Jui-Lin Lu and Min-Shiang Hwang, “An improvement of a simple authenticated key agreement algorithm,” Pakistan Journal of Applied Sciences, vol. 2, no. 1, pp. 64-65, 2002.  Eric Jui-Lin Lu, Cheng-Chi Lee, and Min-Shiang Hwang, “Cryptanalysis of some authenticated key agreement protocols,” International Journal of Com- putational and Numerical Analysis and Applications, vol. 3, no. 2, pp. 151-157, 2003.  Rongxing Lu, Zhenfu Cao, and Haojin Zhu, “An enhanced authenticated key agreement protocol for wireless mobile communication,” Computer Standards & Interfaces, vol. 29, pp. 647-652, 2007.  Philip MacKenzie, Sarvar Patel, and Ram Swaminathan, “Password-authenticated key exchange based on RSA,” in Proceedings of ASIACRYPT 2000, Lecture Notes in Computer Science 1976, pp. 599-613, Japan, 2000.  A. J. Menezes, M. Qu, and S. A. Vanstone, “Some key agreement protocols providing implicit authentication,” in Proceedings of 2nd Workshop Selected Areas in Cryptography, pp. 22-32, May 1995.  David L. Mills, “Adaptive hybrid clock discipline algorithm for the network time protocol,” IEEE/ACM Transactions on Networking, vol. 6, no. 5, pp. 1063- 6692, 1998.  C.J. Mitchell, M. Ward, and P. Wilson, “Key control in key agreement protocols,” Electronics Letters, vol. 34, no. 10, pp. 980-981, 1998.  NIST. “Secure hash standard,”. Tech. Rep. FIPS 180-1, NIST, US Department Commerce, April 1995. 79  Hsia-Hung Ou, Iuon-Chang Lin, Min-Shiang Hwang, and Jinn-Ke Jan1, “TKAKA: using temporary key on authentication and key agreement protocol on UMTS,” International journal of network management, vol. 19, pp. 291-303, 2009.  R. Padmavathy, Tallapally Shirisha, M. Rajkumar, and Jayadev Gyani, “Improved analysis on chang and chang password key exchange protocol,” Inter- national Conference on Advances in Computing, Control, and Telecommuni- cation Technologies, pp. 781-783, 2009.  R. Rivest. “The MD5 message digest algorithm,”. Tech. Rep. RFC 1321, IETF, April 1992.  G. M. Sacco and D. E. Denning, “Timestamps in key distribution protocols,” Communications of the ACM, vol. 24, no. 8, pp. 533-536, 1981.  B. Schneier, Applied cryptography, 2nd Edition. John Wiley & Sons, Inc.  D. Seo and P. Sweeney, “Simple authenticated key agreement algorithm,” IEE Electronics Letters, vol. 35, no. 13, pp. 1073-1074, 1999.  SeongHan SHIN, Kazukuni KOBARA, and Hideki IMAI, “RSA-based passwordauthenticated key exchange, revisited,” IEICE TRANSACTIONS on Informa- tion and Systems, vol. E91-D, no. 5, pp. 1424-1438, 2008.  Ai-Fen Sui, Lucas C.K. Hui, S.M. Yiu, K.P. Chow, W.W. Tsang, C.F. Chong, K.H. Pun, and H.W. Chan, “An improved authenticated key agreement protocol with perfect forward secrecy for wireless mobile communication,” 2005 IEEE Wireless Communications and Networking Conference, vol. 4, pp. 2088- 2093, 2005.  Shigefusa Suzuki and Kazuhiko Nakada, “Authentication technique based on distributed security management for the global mobility network,” IEEE Jour- nal on Selected Areas in Communications, vol. 15, no. 8, pp. 1608-1617, Oct. 1997. 80  Naoya Torii and Kazuhiro Yokoyama, “Elliptic curve cryptosystem,” Fujitsu Scienti_c and Technical Journal, vol. 36, no. 2, pp. 140-146, 2000.  S. A. Vanstone, “Next generation security for wireless: Elliptic curve cryptography,” Computers and Security, vol. 22, no. 5, pp. 412-415, 2003.  S. Wang, F. Bao, and J. Wang, “Security analysis on an improvement of RSAbased password authenticated key exchange,” IEICE Fundamental Theories for Communications, vol. E88-B, no. 4, pp. 1641-1646, 2005.  Shengbao Wang, Zhenfu Cao, and Haiyong Bao, “Efficient certificateless authentication and key agreement CL-AK for grid computing,” International Journal of Network Security, vol. 7, no. 3, pp. 342-347, 2008.  Shengbao Wang, Zhenfu Cao, and Feng Cao, “Efficient identity-based authenticated key agreement protocol with PKG forward secrecy,” International Journal of Network Security, vol. 7, no. 2, pp. 181-186, 2008.  Duncan S. Wong, Agnes H. Chan, and Feng Zhu, “More efficient password authenticated key exchange based on RSA,” in Proceedings of INDOCRYPT 2003, Lecture Notes in Computer Science 2904, pp. 375-387, New Delhi, India, 2003.  Wan-An Xiong, Ming-Yu Fan, and Chun-Xiang Xu, “Identity-based and secret share ECC key management scheme for MANET,” in 2010 4th International Conference on New Trends in Information Science and Service Science (NISS), p. 113, 2010.  K. Yamada, K. Kimura, H. Yuki, and K. Yoshida, “The home network system by mutual complement of wireless and wired communications,” ICIC Express Letters, vol. 2, no. 1, pp. 73-79, 2008.  C.C. Yang and R.C. Wang, “Cryptanalysis of improvement of password authenticated key exchange based on RSA for imbalanced wireless networks,” IEICE Transactions on Communications, vol. E88-B, no. 11, pp. 4370-4372, 2005. 81  Chou-Chen Yang, Ting-Yi Chang, and Min-Shiang Hwang, “A new anonymous conference key distribution system based on the elliptic curve discrete logarithm problem,” Computer Standards & Interfaces, vol. 25, no. 2, pp. 141- 145, 2003.  Her-Tyan Yeh, Hung-Min Sun, Cheng-Ta Yang, and Bing-Cheng Chen, “The improvement of password authenticated key exchange scheme based on RSA for imbalanced wireless networks,” IEICE Transactions on Communications, vol. E86-B, no. 11, pp. 3278-3282, 2003.  Liu Yongliang, Wen Gao, Hongxun Yao, and Xinghua Yu, “Elliptic curve cryptography based wireless authentication protocol,” International Journal of Network Security, vol. 5, no. 3, pp. 327-337, 2007.  Eun-Jun Yoon and Kee-Young Yoo, “Cryptanalysis of password authenticated key exchange scheme based on RSA for imbalanced wireless networks,” IEICE Transactions on Communications, vol. E88-B, no. 6, pp. 2627-2628, 2005.  Taek-Young Youn, Young-Ho Park, Changhan Kim, and Jongin Lim, “Weakness in a RSA-based password authenticated key exchange protocol,” Infor- mation Processing Letters, vol. 108, no. 6, pp. 339-342, 2008.  M. Zhang, “Breaking an improved password authenticated key exchange based on RSA for imbalanced wireless networks,” IEEE Communications Letters, vol. 9, no. 3, pp. 276-278, 2005.  Feng Zhu, Duncan S. Wong, Agnes H. Chan, and Robbie Ye, “Password authentication key exchange based on RSA for imbalance wireless networks,” in The 5th International Information Security Conference, Lecture Notes in Computer Science 2433, pp. 150-161, Brazil, 2002.||摘要:||
在雲端計算的時代，對行動用戶而言，無線網路提供了非常方便的方式來發送和接收資料， 但是此資料流卻是非常容易受攻擊的，特別是在不安全的網路上傳遞。 兩個通信方之間使用一個共同的金鑰來進行資料的加密和解密是最好的解決辦法， 因為對稱式加密系統比非對稱密碼系統快。然而對稱式加密系統存在一個問題： 如何在一個不安全的網路中（如Internet），為溝通雙方產生成一把共享的秘密金鑰。 Diffie-Hellman金鑰協議協定能夠解決這個問題，但其解決的辦法卻產生了Man-in-the- middle 攻擊，主要是因為缺乏互相認證。所以一個好的金鑰協議協定不僅要產生金鑰， 也需要達成彼此驗證的目標。
在本研究中共提出了四個金鑰協議協定，它們可應用於無線電腦網路和電信環境。 第一個提出的協定是當低功耗行動用戶與一個強大的服務器進行連線時，依其所需要的環境所特別設計， 這是一般最常見的環境。提出的方案是利用RSA的加密系統和金鑰交換的概念來設計。 它雖然減少了用戶端的計算負擔，來適應低功耗特性的客戶，但不會造成任何安全上的問題。 通過與其他協定的比較，證明該方案更適合應用在不平衡的無線通訊環境。
第二個提出的金鑰協議協定係採用並行處理概念來設計以提高性能。 由於Chang等學者提出的協定非常適合用於無線通信，植基於該協定所 提出的新型平行式金鑰協議協定可以有效地縮短溝通時的等候時間，進而減低電力的消耗。
在第三個提出的協定中，提出新的認證協定，解決2G/3G認證協定的幾個缺點， 其中包括：在本籍位置記錄器（HLR）/本籍環境（HE）和客籍位置記錄器（VLR）/服務網路（SN）的傳輸負載、 在 VLR/SN 的儲存開銷、當行動用戶進行身份驗證時的計算負載。 最重要的是為HLR/HE提出一個強韌和有效的密鑰管理方案。 這個想法背後所使用的方法是採用簡單的公開單向雜湊函數來實現上述要求。此外，此協定不僅適用於2G/3G網路系統，而且也適用於其他無線通信系統，如WiMAX，SIP等。
最後一個協定是使用橢圓曲線密碼系統來設計，並以3GPP2的環境為例子來介紹其應用。 考慮到性能，一般而言，當以橢圓曲線密碼系統為基礎來設計的密碼系統與 使用RSA密碼系統為基礎來設計的系統相比較時，在二者具有相同的安全等級要求下， 以橢圓曲線密碼系統為基礎來設計的密碼系統遠比使用RSA密碼系統為基礎來設計的系統更有效率。 這一有效率的協定，不僅可以應用在3GPP2規範的網路，也可以使用在其它的無線環境。
到目前為止，我們發展出四個簡易但不失安全的協定，使其適用於電腦的無線環境與電信的無線環境， 這些金鑰協定也都滿足金鑰協議協定的所有要求，同時經由適切的分析與比較， 也都分別展現出它們的優越性。
In the era of the cloud computing environment, wireless networks are very convenient for mobile users to send out and receive their data, but the message flow is vulnerable especially in an unsecured network. Using a common key shared between two communicating parties to encrypt and decrypt data is the best solution because the symmetric cryptosystem is faster than the asymmetric cryptosystem. However, one of the problems of symmetric cryptosystem is to generate a shared key over an insecure network, such as Internet, for the communicating parties. The Diffie-Hellman key agreement protocol can solve this problem, but it suffers from the main-in-the-middle attacker. The best solution of this attack is mutual authentication. Therefore, a best key agreement protocol not only generates a session key but also satisfies the property of mutual authentication.
In this research, four major key agreement protocols are proposed. They can be applied in wireless computer networks and telecom environments. The first proposed protocol is designed for the low-power mobile client to communicate with a powerful server. This is the most common environment. The proposed scheme is based on the RSA cryptography and the concept of key exchange. It reduces the computation loading on clients to fit the low-power property of clients without causing any security issue. Through the comparisons with other protocols, the proposed scheme is more suitable to apply in the imbalanced wireless communication environment.
The second proposed protocol takes in considerations of the implementation of the key agreement with the parallel processing concept to improve the performance. Based on the Chang et al.''s protocol, the novel parallel key exchange protocol can effectively reduce the waiting time in the communication so the electronic power can be saved.
In the third proposed protocol, a new authentication protocol is presented to resolve several drawbacks of 2G/3G authentication protocol including: transmission overloading between Home Location Register (HLR)/Home Environment (HE) and Visitor Location Register (VLR)/Service Network (SN); storage overhead in VLR/SN; calculation overloading when authenticating a mobile user. Most importantly, a robust and efficient secret key management scheme for HLR/HE has been proposed. The idea behind the proposed method is to introduce a simple public one-way hash function to achieve the above requirements. In addition, this protocol not only applies to the 2G/3G system, but also applies to other wireless communication systems, such as WiMax, SIP, etc.
The last proposed protocol is implemented by the elliptic curve cryptosystem and gives an example to apply to the 3GPP2 environment. Considering the performance, the EC-based cryptosystem is more efficient than the RSA-based cryptosystem when it has the same security level as the RSA-based cryptosystem. This efficient protocol can be applied not only in 3GPP2 specification but also in the other wireless environments.
The four efficient and secure protocols are introduced in this dissertation. Their efficiency make them suit to the computer wireless environment and telecom environment. All of them satisfy the requirements of key agreement and prevent from the most well-known attacks. With the analyses and comparisons, the advantages of these protocols are proofed.
|Appears in Collections:||資訊科學與工程學系所|
Show full item record
TAIR Related Article
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.