T7

Document Sample
T7 Powered By Docstoc
					 Security Analysis on a Conference
Scheme for Mobile Communications

  IEEE TRANSACTIONS ON WIRELESS COMMUNICATIONS,
                 VOL. 5,NO. 6, JUNE 2006
                  Zhiguo Wan, Feng Bao,
         Robert H. Deng, and Akkihebbal L. Ananda




                                                    1
                Outline
Introduction Yi et al.’s scheme
The weakness of Yi et al.’s scheme
The improvement scheme




                                     2
 Introduction Yi et al.’s scheme
• The background environment




                                   3
     Introduction Yi et al.’s scheme

Conference Bridge have every
conference’s secret key beforehand

                      Request to start a
                      conference with some
                      members




                                             Sk1 Sk2 Sk3 Sk4 Sk5 Sk6



                                                                       4
                                               Sk7 Sk8 Sk9 Sk10 Sk11 Sk12
           Introduction Yi et al.’s scheme
         (1)Initial the conference,
         (2)Member join rekey
         (3)Member depart rekey                                                 ID B
                                                        Request to start a
                                                        conference
                                                                                       K
                                                            Broadcasts the
I1  Ek ( IDB )                                             conference key to
                                                            the conferences
I 2  Ek (t || L)
I 3  [(ID1 ), Ek1 (k ) || ( ID2 ), Ek 2 (k ) ||  || ( IDm ), Ekm (k )]


t=timestamp
L= the life time of the conference key
The conferences do not authenticate the key distribute message
Every conferences can forge the I2
                                                                                       5
              Yi et al.’s scheme’s flaw
              I1  Ek ( IDB )
              I 2  Ek (t || L)
              I 3  [(ID1 ), Ek1 (k ) || ( ID2 ), Ek 2 (k ) ||  || ( IDm ), Ekm (k )]
              I1  Ek ( IDB )
Forge I3      I 2  Ek (t ' || L)
              I 3  [(ID1 ), Ek1 (k ) || ( ID2 ), Ek 2 (k ) ||  || ( IDm ), Ekm (k )]

                                                                                         Time
                            k1                    k2                  K1




The adversary who leave the conference can impersonating the conference bridge
The adversary can use the old K to make a new I2
                                                                                                6
Make the hole members to use key which used before
            The improvement scheme
                                                     Binding the
                                                    timestamp &
                                                   conference key
I1  Ek (t || IDB )
I 2  Ek (t || L)
I 3  [(ID1 , Ek1 (t || k )) || ( ID2 , Ek 2 (t || k )) ||  || ( IDm , Ekm (t || k ))]




               The replay attack element I3 now is protect by timestamp
               Every member can use the timestamp to verify I1 & I2             7
              Conclusions
• Because the timestamp can’t work
  correctly, the original scheme is fail.
• Without mutual authentication, the
  conference key should binding with
  timestamp correctly for prevent the replay
  attack



                                               8

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:1
posted:9/7/2012
language:English
pages:8