key establishment protocols for secure mobile communications
DESCRIPTION
Key Establishment Protocols for Secure Mobile Communications. A. Aziz and W. Diffie, “Privacy and Authentication for Wireless Local Area Networks”, IEEE Personal Communications Presented by Yanxia Zhao. Content. Introduction Public-key cryptosystems Secret-key cryptosystems - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Key Establishment Protocols for Secure Mobile Communications](https://reader035.vdocuments.net/reader035/viewer/2022062411/568167e8550346895ddd55ec/html5/thumbnails/1.jpg)
Key Establishment Protocols for Secure Mobile Communications
A. Aziz and W. Diffie, “Privacy and Authentication for Wireless Local Area Networks”, IEEE Personal Communications
Presented by Yanxia Zhao
![Page 2: Key Establishment Protocols for Secure Mobile Communications](https://reader035.vdocuments.net/reader035/viewer/2022062411/568167e8550346895ddd55ec/html5/thumbnails/2.jpg)
Content
Introduction Public-key cryptosystems Secret-key cryptosystems Aziz-Diffie protocol Conclusions
![Page 3: Key Establishment Protocols for Secure Mobile Communications](https://reader035.vdocuments.net/reader035/viewer/2022062411/568167e8550346895ddd55ec/html5/thumbnails/3.jpg)
Introduction Mobile applications have special
vulnerabilities. the wireless medium introduces new
opportunities for eavesdropping on wireless data communications.
Active intrusions through the wireless medium are made easier.
Security is a critical issue in mobile application, both for the users and providers of such system.
![Page 4: Key Establishment Protocols for Secure Mobile Communications](https://reader035.vdocuments.net/reader035/viewer/2022062411/568167e8550346895ddd55ec/html5/thumbnails/4.jpg)
Introduction (contd.) Design goals of authentication and key
management Protocols:
Prevent unauthorized access to mobile network.
Provide the mutual authentication between a base station and a mobile station.
![Page 5: Key Establishment Protocols for Secure Mobile Communications](https://reader035.vdocuments.net/reader035/viewer/2022062411/568167e8550346895ddd55ec/html5/thumbnails/5.jpg)
Introduction (contd.) Types of Key Establishment Protocols for mobile
communication Secret-key cryptosystems: GSM(Global System for Mobile
Communications) U.S. Digital Cellular System
Public-key cryptosystems: MSR+DH Protocol Beller and Yacobi’s Protocol Aziz-Diffie Protocol
![Page 6: Key Establishment Protocols for Secure Mobile Communications](https://reader035.vdocuments.net/reader035/viewer/2022062411/568167e8550346895ddd55ec/html5/thumbnails/6.jpg)
Secret Key Cryptography
Secret Key Cryptography involves the use of a single key. The same key is used for Encryption and Decryption.
Plain text Cipher textEncryption
Plain textCipher textDecryption
Key
Figure 1 A secret key cryptographic system
![Page 7: Key Establishment Protocols for Secure Mobile Communications](https://reader035.vdocuments.net/reader035/viewer/2022062411/568167e8550346895ddd55ec/html5/thumbnails/7.jpg)
Secret Key Cryptography (Contd.) Secret Key Systems provide Strong Authentication
functionality. This implies that someone can prove knowledge of a secret without revealing it. Authentication is generally implemented using a Challenge-Response mechanism.
ArA
Challenge B
Response
Challenge
Response
rA encrypted with KAB
rB
rB encrypted with KAB
Figure 2 Challenge –Response MechanismA and B share a secret key KAB
![Page 8: Key Establishment Protocols for Secure Mobile Communications](https://reader035.vdocuments.net/reader035/viewer/2022062411/568167e8550346895ddd55ec/html5/thumbnails/8.jpg)
Advantage of Secret-key based protocol
The Secret-key based protocol supports inexpensive mobile stations of low power and light weight. So the Secret-key based protocol is suitable for high dynamic mobile system.
![Page 9: Key Establishment Protocols for Secure Mobile Communications](https://reader035.vdocuments.net/reader035/viewer/2022062411/568167e8550346895ddd55ec/html5/thumbnails/9.jpg)
Disadvantage of Secret-key based protocol The key management of the secret-key based
protocol is more complicated and more dangerous than that of public-key based one. Each mobile station must keep its secret
information, which of all should be stored in Authentication Center (AC).
AC becomes the critical component in the system because it should participate in all key establishment protocol executions.
The communication overhead of AC is increased and one must replicate the AC to reduce the overhead. However, the replication of AC increases the risk of the system.
![Page 10: Key Establishment Protocols for Secure Mobile Communications](https://reader035.vdocuments.net/reader035/viewer/2022062411/568167e8550346895ddd55ec/html5/thumbnails/10.jpg)
Public Key Cryptography In Public Key Cryptography, each individual user
has two keys: a Private Key (that is not revealed to anyone else) and a Public Key (that is open to the public). Encryption is done using the Public Key and Decryption is done using the Private Key.
Plain text
Plain textCipher text
Cipher textEncryption
Decryption
Public KeyPrivate Key
Figure 3. A Public Key Cryptographic System
![Page 11: Key Establishment Protocols for Secure Mobile Communications](https://reader035.vdocuments.net/reader035/viewer/2022062411/568167e8550346895ddd55ec/html5/thumbnails/11.jpg)
Public Key Cryptography (contd.)
Encrypt mA
using eB
Encrypt mB
using eA
Decrypt to mB using dA
Decrypt to mA using dB
A B
Figure 4. Information transfer in a Public Key Cryptographic System.
A’s <Public Key, Private Key> pair is <eA,dA> and B’s pair is <eB,dB>
![Page 12: Key Establishment Protocols for Secure Mobile Communications](https://reader035.vdocuments.net/reader035/viewer/2022062411/568167e8550346895ddd55ec/html5/thumbnails/12.jpg)
Public Key Cryptography (contd.)
Digital signatures : Public Key Cryptography also facilitates digital signatures, whereby a person can “sign” a plain-text using his Private Key and anyone can verify the person’s identity by using the Public Key of that person.
Plain text
Plain textSigned Message
Signed Message
Signing
Private KeyPublic Key
Figure 5. Digital Signatures in Public Key System
![Page 13: Key Establishment Protocols for Secure Mobile Communications](https://reader035.vdocuments.net/reader035/viewer/2022062411/568167e8550346895ddd55ec/html5/thumbnails/13.jpg)
Advantage of Public-key based protocol
The public-key based protocols only need CA (Certificate Authority) which certifies the public-keys of mobile stations and base stations.
CA is less critical than AC (in secret-key based protocol) because CA only certifies public-keys, whereas AC should manage all secret information.
![Page 14: Key Establishment Protocols for Secure Mobile Communications](https://reader035.vdocuments.net/reader035/viewer/2022062411/568167e8550346895ddd55ec/html5/thumbnails/14.jpg)
Disadvantage of Public-key based protocol
Public-key based protocol is not fully utilized because of the poor computing power and the small battery capacity of a mobile station. Consequently, many researches for key establishment protocols focus on minimizing computational overhead of a mobile station without loss of security.
![Page 15: Key Establishment Protocols for Secure Mobile Communications](https://reader035.vdocuments.net/reader035/viewer/2022062411/568167e8550346895ddd55ec/html5/thumbnails/15.jpg)
Overview of Aziz-Diffie protocol The protocol proposed by Aziz and Diffie uses
public-key cryptographic techniques in order to secure the wireless link. Public-key cryptography is used to do session key setup and authentication.
Each participant in the protocol generates a public key/private key pair. The private key is kept securely by the owner of the key pair. The public key is submitted, over an authenticated channel, to a trusted certification authority (CA).
![Page 16: Key Establishment Protocols for Secure Mobile Communications](https://reader035.vdocuments.net/reader035/viewer/2022062411/568167e8550346895ddd55ec/html5/thumbnails/16.jpg)
Overview of Aziz-Diffie protocol (Contd.) The participant submits the information. The CA will
then issue a certificate to the participant. The certificate will contain a binding between the public key and a logical identifier of the participant , in the form of a document digitally signed using the CA’s private key.
Having obtained a certificate for each participant, as well as secure backup of the private keys, the mobile and base exchange certificates and engage in a mutual challenge-response protocol. The protocol allows negotiation of the shared-key algorithm.
![Page 17: Key Establishment Protocols for Secure Mobile Communications](https://reader035.vdocuments.net/reader035/viewer/2022062411/568167e8550346895ddd55ec/html5/thumbnails/17.jpg)
Notes on Nomenclature Public key of certification authority: Pub_CA Private key of certification authority: Priv_CA Public key of mobile host: Pub_Mobile Private key of mobile host: Priv_Mobile Public key of base station: Pub_Base Private key of base station: Priv_Base Certificate of mobile host: Cert_Mobile Certificate of base station: Cert_Base E(X,Y): the encryption of Y under key X MD(X): the message digest function value on contents X Sig(X,Y)=E(X,MD(Y)): the signature of Y with key X
![Page 18: Key Establishment Protocols for Secure Mobile Communications](https://reader035.vdocuments.net/reader035/viewer/2022062411/568167e8550346895ddd55ec/html5/thumbnails/18.jpg)
Initial connection setup between mobile host and base station using Aziz-Diffie protocol Message #1. MobileBase {Cert_Mobile, CH1, List of
SKCSs}
Message #2. BaseMobile {Cert-Base, E(Pub_Mobile,RN1), Chosen SKCS, Sig(Priv_Base, {E(Pub_Mobile, RN1), Chosen SKCS, CH1, List of SKCSs}) }
Message #3. MobileBase {E(Pub_Base,RN2), Sig(Priv_Mobile, {E(Pub_Base, RN2), E(Pub_Mobile,RN1}) }
![Page 19: Key Establishment Protocols for Secure Mobile Communications](https://reader035.vdocuments.net/reader035/viewer/2022062411/568167e8550346895ddd55ec/html5/thumbnails/19.jpg)
Figure 6. Aziz-Diffie protocol for wireless networksCA-Certificate of A KA-Public key of A KA
-1-Private key of A RA, NA-random # generated by A RB-random # generated by B
![Page 20: Key Establishment Protocols for Secure Mobile Communications](https://reader035.vdocuments.net/reader035/viewer/2022062411/568167e8550346895ddd55ec/html5/thumbnails/20.jpg)
Description of Initial connection setup process At connection initiation time, a mobile requesting to
connect to the wired network would send message #1 to the base. It includes mobile’s host certificate, a 128 –bit randomly chosen challenge value (CH1), and a list of supported shared-key cryptosystem (SKCS) to the base.
Certificate = Sig(Priv_CA, {Serial Number, Validity Period, Machine Name, Machine Public Key, CA name})
The list of SKCSs is intended to allow for negotiation of SKCS with the base. The SKCS will be used to encrypt subsequent data packets.
![Page 21: Key Establishment Protocols for Secure Mobile Communications](https://reader035.vdocuments.net/reader035/viewer/2022062411/568167e8550346895ddd55ec/html5/thumbnails/21.jpg)
Description of Initial connection setup process(Contd.)
After receiving message #1, the base will attempt to verify the signature on Cert_Mobile. If the certificate is invalid, the base rejects the connection attempt. If the certificate is valid (the public key in the certificate belongs to a certified mobile host), the base will send Message #2 to the mobile:
Cert_Base a random number RN1 encrypted under the pub_Mobile the SKCS that the base chose out of the list of SKCSs the signature on some message using Priv_Base.
![Page 22: Key Establishment Protocols for Secure Mobile Communications](https://reader035.vdocuments.net/reader035/viewer/2022062411/568167e8550346895ddd55ec/html5/thumbnails/22.jpg)
Description of Initial connection setup process
(Contd.)Method of choosing shared-key cryptosystem (SKCS):
The SKCS is chosen from the intersection of the set of SKCSs proposed in message #1 by the mobile and the set the base supports. The base will choose the one it deems the most secure from the intersection of the two sets.
The selected algorithm is subsequently employed for encipherment of the call data once the initial connection is setup and a session key is established.
![Page 23: Key Establishment Protocols for Secure Mobile Communications](https://reader035.vdocuments.net/reader035/viewer/2022062411/568167e8550346895ddd55ec/html5/thumbnails/23.jpg)
Description of Initial connection setup process
(Contd.) After receiving message #2, the mobile validates the
certificate of the base (Cert_Base). If the certificate is valid, then the mobile will verify the signature on the message. If the signature doesn’t match, the base is deemed an imposter and the mobile will abort the connection attempt. Otherwise, the base is deemed authentic and the mobile will send Message #3:
a random number RN2 encrypted under the pub_Base the signature on the encrypted RN1 and RN2 using
Priv_Base.
![Page 24: Key Establishment Protocols for Secure Mobile Communications](https://reader035.vdocuments.net/reader035/viewer/2022062411/568167e8550346895ddd55ec/html5/thumbnails/24.jpg)
Description of Initial connection setup process
(Contd.) After receiving message #3, the base will verify the
signature in the message. If the signature verifies, the mobile is deemed an authentic host. Otherwise, the mobile is deemed an intruder and the base will reject the connection attempt.
If the connection attempt succeeds, then at this point mutual authentication has been setup. The mobile and base use (RN1 RN2) as the session key. Since both halves of the key are completely random, knowing either RN1 or RN2 tells an attacker nothing about the session key.
![Page 25: Key Establishment Protocols for Secure Mobile Communications](https://reader035.vdocuments.net/reader035/viewer/2022062411/568167e8550346895ddd55ec/html5/thumbnails/25.jpg)
Advantage of Aziz-Diffie Protocol
The protocol provides good forward secrecy. This approach requires the compromise of both the base’s and the mobile’s private keys in order for preceding traffic between that base and mobile to be compromised.
![Page 26: Key Establishment Protocols for Secure Mobile Communications](https://reader035.vdocuments.net/reader035/viewer/2022062411/568167e8550346895ddd55ec/html5/thumbnails/26.jpg)
Disadvantage of Aziz-Diffie Protocol
The protocol is computationally expensive. The expensive portions of public key cryptosystems are typically the private key operations. In this protocol, the mobile has to perform two operations using its private key. The base also performs two private key operations.
This protocol is also vulnerable to a man-in-the middle attack.
![Page 27: Key Establishment Protocols for Secure Mobile Communications](https://reader035.vdocuments.net/reader035/viewer/2022062411/568167e8550346895ddd55ec/html5/thumbnails/27.jpg)
Conclusions Aziz-Diffie Protocol provides good forward secrecy,
but it is computationally expensive and vulnerable to a man-in-the-middle attack.
The problem of designing correct protocols for authentication and key management is difficult to solve in any environment. In the mobile system, the extra constraints and requirements make this problem all the harder.
More suitable key establishment protocol needs to be developed for mobile communication.
![Page 28: Key Establishment Protocols for Secure Mobile Communications](https://reader035.vdocuments.net/reader035/viewer/2022062411/568167e8550346895ddd55ec/html5/thumbnails/28.jpg)
Any Question?