COPY THIS CODE 8JTKLAT7 FOR 5% OFF! ON ALL CUSTOM WORKS FROM OUR PARTNER ESSAYBOX.ORG

Efficient Mutual Authentication And Key Exchange Computer Science

Essay add: 24-11-2017, 18:09   /   Views: 22

Many security mechanisms for mobile communications have been introduced in the literature. Among these mechanisms, authentication plays a quite important role in the entire mobile network system and acts as the first defence against attackers since it ensures the correctness of the identities of distributed communication entities before they engage in any other communication activity. Therefore, in order to guarantee the quality of this advanced service, an efficient and secure authentication scheme is urgently desired. In this paper, we come up with a novel authentication mechanism, called the nested one-time secret mechanism, tailored for mobile communication environments. Through maintaining inner and outer synchronously changeable common secrets, respectively, every mobile user can be rapidly authenticated by visited location register (VLR) and home location register (HLR), respectively, in the proposed scheme. Not only does the proposed solution achieve mutual authentication, but it also greatly reduce the computation and communication cost of the mobile users as compared to the existing authentication schemes. Finally, the security of the proposed scheme will be demonstrated by formal proofs.

INTRODUCTION

Due to the fast progress of communication technologies, many popular services have been developed to take advantage of the advanced technologies. One of these popular services is wireless communication. Ubiquitous wireless networks make it possible for distributed entities to remotely and efficiently communicate with each other anytime and anywhere, even in mobile status. Furthermore, tiny and exquisite handsets greatly raise the portability of mobile devices. Owing to the features of fast mobility and high portability, wireless communication has played an extremely important role in personal communication activities. Most of the current mobile communication services are based on the Global System for Mobile Communications (GSM) architecture, and some novel applications based on the third generation (3G) of mobile communication systems have also deployed. However, the messages transmitted in wireless communication networks are exposed in the air, so malicious parties in wireless environments have more opportunities than those in wire-line environments to eavesdrop or intercept these transmitted messages. It will seriously threaten the security of wireless communication systems if no protection mechanism is considered. Although some security aspects of current mobile communication systems have been concerned, there still exist security problems in some GSM-based systemsâ€"for example, the impersonating attack works because of the lack of mutual authentication in the GSM system. Mutual authentication and other related security issues have been considered in the GSM-based authentication protocols, but their performance should be improved as much as possible to further meet the low-computation requirement for mobile users and guarantee the quality of the communication services. Among all security mechanisms in the GSM-based systems, authentication schemes are key techniques to ensure the correctness of the identities of all communication entities before they are about to perform other communication activities. These schemes form robust defences to withstand the replay attack and the impersonating attack in the GSM system. We make deep research on the performance of secure mutual authentication schemes and come up with an efficient solution to further simplify and speed up the authentication processes through synchronously changeable secrets, which form a nested structure shared by each mobile user and the system. The outer one-time secret is a temporal common key of the user and the HLR for initial authentication or authentication when the user roams around the service area of a new VLR. The inner one-time secret is shared by the user and some VLR for mutual authentication between the user and the same VLR. Furthermore, the proposed scheme is formally demonstrated as being immune to both the replay attack and the impersonating attack.

In the GSM system, two authentication actions must be performed, they are the mutual authentication between a VLR and the HLR and the mutual authentication between the system (VLR and HLR) and each user. In order to guarantee the quality of mobile communication, the authentication mechanisms we adopt should be as efficient as possible. Each VLR and the HLR are both located in the interior wired network of the GSM system, so they can authenticate each other through the timestamp-based authentication mechanism without suffering from the problem of clock synchronization. Since the clocks of each VLR and the HLR can be easily synchronized and the time consumed by transmitting a message between them is stable, we can make use of the timestamp-based solution to build up the mutual authentication protocol between each VLR and the HLR. On the other hand, it is difficult to synchronize the clocks of the system (VLRs and the HLR) and all mobile users. Hence, we cannot utilize the timestamp-based solution to construct the authentication protocol between the system and every mobile user even though the solution is the most efficient one among the three authentication mechanisms. Owing to the assumption of the mechanism based on one-time secrets, it cannot form the authentication protocol for the initial authentication between the system and each mobile user. Thus, we adopt the nonce-based mechanism to establish the authentication protocol for the initial authentication between the system and every user (and the following authentication processes will be accomplished through the technique of one-time secrets).

Nested One-Time Secret Mechanisms

Consider a sequence of mutual authentication processes based on our proposed hybrid mechanism between mobile user and the system (a VLR and the HLR). In the initial authentication, the user and the system authenticate each other by performing a nonce-based authentication protocol, and then they negotiate an initial value of a one-time secret. Thus, they make use of the one-time secret, called the outer one-time secret, to complete the following authentication processes .In fact, the cost of the authentication can be further reduced again if the user does not leave the service area of the current VLR. In this case, the user performs an initial mutual authentication protocol with the VLR only, and they set an initial value of another one-time secret, called the inner one-time secret, shared by them. They can perform the following authentication actions via the inner one-time secret until the user leaves the service. The proposed nested one-time secret mechanism. area of the VLR. Once the user enters the service area of another VLR, the outer one-time secret will be resumed to serve as the key parameter for the next round of authentication between the user and the system. In the proposed idea, mobile user shares the outer one-time secret with the HLR and shares the inner one-time secret with the current VLR. This is referred to as the nested one-time secret mechanism.

THE PROPOSED SCHEME

Based on the ideas, we propose a fast mutual authentication and key exchange scheme for mobile communications. Our scheme consists of two parts and each of the two parts contains two protocols. The first part of the scheme is designed for mutual authentication between a mobile user and the system (a VLR and the HLR) where it includes two protocols: 1) an initial authentication protocol for mutual authentication and the initialization or reinitialization of the outer one-time secret and 2) an authentication protocol based on the outer one-time secret for the jth authentication after the most recent performance of the initial authentication protocol between the user and the system where j is a positive integer. The second part of the scheme is tailored for mutual authentication between a mobile user and a VLR when the user does not leave the service area of the VLR. Similarly, the second part contains two protocols: 1) an initial authentication protocol for mutual authentication and the initialization or reinitialization of the inner one-time secret and 2) an authentication protocol based on the inner one-time secret for the kth authentication after the most recent performance of the initial authentication protocol between the user and the VLR where k is a positive integer. The initial authentication protocol for the user and the system is based on nonce. In addition to the functionality of mutual authentication, the initial authentication protocol can initialize or reinitialize a new value of a common one-time secret, i.e., the outer one-time secret, between the user and the system for the next authentication. Once the outer one-time secret has been shared by the system and the mobile user, they can perform the first mutual authentication based on the secret and also negotiate a new value of the secret for the next authentication. The jth authentication based on the outer one-time secret can be performed as long as the (j-1)th authentication is successfully finished, where j≥2. Especially, if the user stays in the same service area of the same VLR, the following authentication processes can be simplified as an initial authentication process and a sequence of authentication processes based on the inner one-time secret between the user and the VLR only. The details of the four protocols are described in the following four subsections, respectively.

Mutual authentication between VLR and HLR

Two protocols used for this process

a. Initial Authentication Protocol for outer one time secret.

b. Authentication protocol based on outer one time secret for the jth authentication.

A. The Initial Authentication Protocol for Mobile User Ui and the System

Step 1: Ui randomly generates a string r, and then forms A=EKuh(r+1) and sends {A,Ui} to Vc.

Step 2: Vc computes B=EKvh (A,Ui,tv) and sends{B,Vc} to HLR.

Step 3: HLR decrypts B and checks if tv is not expired.

Step4: Computes D=EKuh(r,x,y,w) and C=EKvh(x,y,w,th,D).

Step 5: HLR sends C to Vc.

Step 6: Vc decrypts C to obtain (x,y,w,th,D) and sends D to Ui.

Step 7: Ui decrypts D and checks (r+1).If true,Ui sends x to Vc.

Step 8: Vc verifies whether x is identical.

Step 9: If true Ui and the system (Vc and the HLR) have mutually authenticated.

B. The jth Authentication Protocol for Mobile User Ui and the System

Step 1: Ui randomly generates two strings y and w and computes Rj=FKuh(Rj-1,w).

Step 2: Ui forms A=EKuh(y,w,Rj) and sends {A,Ui} to Vc.

Step 3: Vc computes B=EKvh(A,Ui,tv) and sends {B,Vc) to HLR.

Step 4: HLR decrypts B to check tv is not expired and A to obtain y,w and Rj.

Step 5: HLR sends C=EKvh(y,w,Rj,th) to Vc.

Step 6: Vc decrypts C and checks th and sends Rj to Ui.

Step 7: Ui checks if Rj is identical, if true Ui and the system have mutually authenticated.

Mutual authentication between the system and each user

Two protocols used for this process

a. Mutual Authentication between user and the VLR.

b. Authentication protocol based on inner one time secret for the kth authentication.

A. The Initial Authentication Protocol for User Ui and the Current VLR

Step 1: Ui randomly generates a string s and computes A=Ew(s+1) and sends {A,Ui} to Vc.

Step 2: Vc decrypts A to get (s+1).

Step 3: Vc randomly chooses two strings x and y and then computes D=Ew(x,y,s) and sends D to Ui.

Step 4: Ui decrypt D to obtain x,y and s.

Step 5: Ui checks (s+1) is identical. If true, Ui sends x to Vc and sets S0 to s.

Step 6: Vc gets x and checks if it is identical. If true, set S0 to s.

Step 7: Ui and Vc authenticate each other.

B. The kth Authentication Protocol for User Ui and the Current VLR

Step 1: Ui randomly chooses a string y and compute Sk=Fw(Sk-1,y) and A=Ew(y,Sk) and sends {A,Ui} to Vc.

Step 2: Vc decrypt A and gets y and Sk. It checks if Sk is identical and sends Sk to Ui.

Step 3: Ui gets Sk and checks if Sk is identical.

Step 4: If true, Ui and Vc authenticated each other and share a session key y successfully.

CONCLUSION

We have proposed a secure mutual authentication and key exchange scheme for mobile communications based on a novel mechanism, i.e., nested one-time secrets. The proposed scheme can withstand the replay attack and the impersonating attack on mobile communications and speed up authentication. The proposed scheme reduce the communication and computation cost, but also the security of our scheme has been formally proved.

Article name: Efficient Mutual Authentication And Key Exchange Computer Science essay, research paper, dissertation