Authentication protocol providing useranonymity and untraceability in wirelessmobile communication systemsAuthentication protocol providing useranonymity and untraceability in wirelessmobile communication systems
Computer Networks Volume: 44, Issue: 2, February 5, 2004, pp. 267-273
Park, Chang-Seop
2007/6/6 H.-H. Ou
2007/6/6 H.-H. Ou
2
Summary (1/2)
•Goals
–Authentication protocol for wireless mobilecommunication systems
•Anonymity
•Untraceability
•Situation
–Low computational power of mobile stations
•Computation overhead must be low
–Lower bandwidth and higher channel error rate
•Minimize the message sizes and number of messagesexchanged
2007/6/6 H.-H. Ou
3
Summary (2/2)
•Skills
–Anonymity
•Alias
•Encrypting the real identity
–Untraceability
•Alias should be changed at each session
•Proposed
–Authentication key exchange based on secret keycertificate
•Hash chain
–Untraceability and secure channel
•Error-correcting codes
2007/6/6 H.-H. Ou
4
Error-correcting codes (1/2)
•A linear algebraic structure
–Denoted by (N, K, D)
•N : length, K : dimension, D : minimum distance
–G : K by N generator matrix
–H : (N-K) by N parity check matrix
•G‧HT = 0
–Binary K tuple m can be encoded to an N bit codewordc = m‧G
–Error vector e added to the codeword c results in avector r = c + e
–If the Hamming weight of e is less than or equal to t =(D-1)/2 , r can be decoded into c based on thesyndrome vector s = r‧HT
2007/6/6 H.-H. Ou
5
S
Error-correcting codes (2/2)
r
C
M
G
‧
e
+
HT
‧
2007/6/6 H.-H. Ou
6
Proposed
MSMS
ASAS
Random select xi
xi-1 = h0(Xi) for i = s,s-1,..1
id, x0
f(KAS, [id || x0])
f(KAS, [id || x0])
Store
Register
m= f(KAS, [id || x0]) , c=m‧G
zi=[i || xi] <Alg.1> ej(i)
r = c+ ej(i)
r
r‧HT = [ m, ej(i) ]
ej(i) <Alg.2> zi =[ i|| xi]
Check xi with h0i(x0)
Session key Ki=h1(xi)
One to one correspondence between error vectors and integers
2007/6/6 H.-H. Ou
7
Our Proposed
MSMS
ASAS
SIDM , TIDM , RM
GA , GM, HM
Register
mM= SIDM⊕RA’ || RM, cm=mm‧GA
zM = TIDM = TIDM’⊕RM’ <Alg.1> eM
rM = cM+ eM
rM
rM‧HAT = [ mM, eM ]
eM <Alg.2> zM = TIDM
Look database
Check SIDM⊕RA’
mA= SIDA⊕RM || RA, cA=mA‧GM
zA = TIDA = TIDA’⊕RA’ <Alg.1> eA
rA = cA+ eA
Session key K = RM⊕RA
SIDA , TIDA , RA
GM , GMA, HA
rA
rA‧HMT = [ mA, eA ]
eA <Alg.2> zA = TIDA
Look database
Check SIDA⊕RM
Store TIDMnew = TIDM⊕RA , RA
TIDAnew = TIDA⊕RM
Store TIDMnew = TIDM⊕RA
TIDAnew = TIDA⊕RM, RM
2007/6/6 H.-H. Ou
8
Our Proposed (simple mode)
MSMS
ASAS
SIDM , TIDM , RM
GA , GM, HM
Register
SIDM⊕RA’ || RM + TIDM
Session key K = RM⊕RA
SIDA , TIDA , RA
GM , GA, HA
SIDA⊕RM || RA + TIDA
TIDM = TIDM’⊕RA’
TIDA = TIDA’⊕RM’
TIDM, SIDM, TIDA, SIDA, RA, GM
Database
TIDA, SIDA, TIDM, SIDM, RA, GA
Database