an improvement on authenticated key agreement schem.pptVIP

An Improvement on Authenticated Key Agreement Scheme Authors: Chin-Chen Chang and Shih-Yi Lin Speaker: Chin-Chen Chang Outline Introduction Authenticated key agreement Notations Alice, Bob: two communication parties g : a generator in GF(p) p : a large prime PW: a pre-shared password by A and B Q: a value derived from PW by a predetermined way 　: secure one-way hash function 　: symmetric encryption of the message m with key K 　: symmetric decryption of the message m with key K 　: exclusive-or operation Lee-Lee’s scheme (1/4) Key establishment phase Lee-Lee’s scheme (2/4) Key validation phase Lee-Lee’s scheme (3/4) Weakness : Off-line password guessing attack Lee-Lee’s scheme (4/4) The proposed scheme(1/2) The proposed scheme(2/2) Security analysis Replay attack Timestamp Password guessing attack On-line password guessing attack Off-line password guessing attack Perfect forward secrecy Discrete logarithm problem Conclusions Mount an off-line password guessing attack on Lee-Lee’s scheme Propose an improved version * 1 1. Introduction 2. Review and Analysis of Lee-Lee’s scheme 3. The proposed scheme 4. Security analysis 5. Conclusions 2 Client Alice Client Bob Pre-shared Password Session Key 3 ⊕ 4 Bob Alice Generate random number a Generate random number b 5 Alice Bob 6 Attacker Alice Bob 7 Attacker Compare Alice Bob 8 Alice Bob ga mod p 9 Check r Alice Bob r = r = gb mod p 10 11 12 *Attacker 攔截X_a 和 Y_b ，並計算 X’_a =g mod p 和 Y’_b=g mod p，且將其分別送至A 和 B A 收到Y’_b之後，計算K’_a 和 h(ID_a,X_a,K’_a) ，並將 h(ID_a,X_a,K’_a) 送至B Attacker 攔截由A送出的 h(ID_a,X_a,K’_a)之後 ，進行off-line password guessing attack。 首先，attacker (1) 猜測一個PW’，利用PW’推算出Q’( 推算的方法是 事先決定好的 ) 。 (2) 計算h(ID_a,X_a,(X_a)_Q’_-2) ，並比對 其 與 A送的訊息。若相同，則off-line password guessing attack成功。 (對B送的訊息，也可以進行off-line password guessing attack。此張投影片只針對A訊息說明。) Lee-Lee’s scheme ( Applied Mathematics and Computation, 2005 ) 分成兩個ph