an authenticated payword scheme without public key cryptosystems author: chia-chi wu, chin-chen...
TRANSCRIPT
![Page 1: An Authenticated Payword Scheme without Public Key Cryptosystems Author: Chia-Chi Wu, Chin-Chen Chang, and Iuon-Chang Lin. Source: International Journal](https://reader035.vdocuments.mx/reader035/viewer/2022062408/56649ead5503460f94bb414f/html5/thumbnails/1.jpg)
An Authenticated Payword Scheme without Public Key Cryptosystems
Author: Chia-Chi Wu, Chin-Chen Chang, and Iuon-Chang Lin.
Source: International Journal of Innovative Computing, Information and Control, 2009, Vol. 5, No. 9, pp. 2881–2891.
Presenter: Tsuei-Hung Sun (孫翠鴻 )
Date: 2011/3/11
![Page 2: An Authenticated Payword Scheme without Public Key Cryptosystems Author: Chia-Chi Wu, Chin-Chen Chang, and Iuon-Chang Lin. Source: International Journal](https://reader035.vdocuments.mx/reader035/viewer/2022062408/56649ead5503460f94bb414f/html5/thumbnails/2.jpg)
Outline
• Introduction
• Motivation
• Scheme
• Security Analysis
• Performance Evaluation
• Advantage vs. Drawback
• Comment
![Page 3: An Authenticated Payword Scheme without Public Key Cryptosystems Author: Chia-Chi Wu, Chin-Chen Chang, and Iuon-Chang Lin. Source: International Journal](https://reader035.vdocuments.mx/reader035/viewer/2022062408/56649ead5503460f94bb414f/html5/thumbnails/3.jpg)
Introduction(1/6)
• Micro Payment Transfer Protocol (MPTP) stipulate some related security risks that need to be consider as follow:– Credit liability– Abused credit– Counterfeiting– Unauthorized withdrawal– Double spending
![Page 4: An Authenticated Payword Scheme without Public Key Cryptosystems Author: Chia-Chi Wu, Chin-Chen Chang, and Iuon-Chang Lin. Source: International Journal](https://reader035.vdocuments.mx/reader035/viewer/2022062408/56649ead5503460f94bb414f/html5/thumbnails/4.jpg)
Introduction(2/6)
• PayWord Scheme Bank (IDB,PKB,SKB) Customer (IDC,SKC) Vendor (IDV)
request
BSKCCCCBC IEPKAIDIDC ),,,,,(
CC
Verify CC
If correct, select random value wn
Generates hash chain (wn,wn-1,...w0) wi = h(wi+1), i = n-1,...,0
CSKCV nDwCIDM ),,,,( 0M
CC: Customer’s certification AC: Customer’s delivery address E: Expiration date PKC: Customer’s public key IC: Other information of the certificate. SKB: Bank’s private key M: Customer’s commitment D: Current date
R. Rivest and A. Shamir, “PayWord and MicroMint: Two sample micropayment schemes,” Lecture Notes in Computer Science, Vol. 1189, pp.69-87, 1997.
![Page 5: An Authenticated Payword Scheme without Public Key Cryptosystems Author: Chia-Chi Wu, Chin-Chen Chang, and Iuon-Chang Lin. Source: International Journal](https://reader035.vdocuments.mx/reader035/viewer/2022062408/56649ead5503460f94bb414f/html5/thumbnails/5.jpg)
Introduction(3/6)
• PayWord Scheme (cont.)
Verify M and CC
Bank (IDB,PKB,SKB) Customer (IDC,SKC) Vendor (IDV)
M
If correct, store Mwi,i
Verify (wi,i)If and ni Store (wi,i)
)(0 ii whw
When i = nwn,n,M
Verify M and )(?
0 nn whw
If correct, store(wn,n) and pay the money into Vendor’s account.
![Page 6: An Authenticated Payword Scheme without Public Key Cryptosystems Author: Chia-Chi Wu, Chin-Chen Chang, and Iuon-Chang Lin. Source: International Journal](https://reader035.vdocuments.mx/reader035/viewer/2022062408/56649ead5503460f94bb414f/html5/thumbnails/6.jpg)
Introduction(4/6)
• The Advantage of PayWord– Using hash chain to lower computational cost– No need to settle with the bank for each transactio
n.
• The Drawback of PayWord– Customer’s consumption is no limited.– No trusted Certificate Authority (CA)– Bank falsification attack– Certificate abuse attack
![Page 7: An Authenticated Payword Scheme without Public Key Cryptosystems Author: Chia-Chi Wu, Chin-Chen Chang, and Iuon-Chang Lin. Source: International Journal](https://reader035.vdocuments.mx/reader035/viewer/2022062408/56649ead5503460f94bb414f/html5/thumbnails/7.jpg)
Introduction(5/6)
• Adachi et al. Scheme
N. Adachi, S. Aoki, Y. Komano, and K. Ohta, “Solutions to security problems of rivest and Shamir’s PayWord scheme,” IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, vol.E88-A, no.1, pp.195-202, 2005.
Bank (IDB,PKB,SKB) Customer (IDC,SKC) Vendor (IDV)Generates hash chain (wn,wn-1,...w0) wi = h(wi+1), i = n-1,...,0
wx: Hash value n: Length of hash chain. M: Customer’s commitment IDV: Vendor ID. E: Expiration date SKC: Customer’s private key CC: Customer’s certificate. I: Any additional information. SKB: Bank’s private key.
CSKV EnwIDM ),,,( 0 IDC,MSelect random none rv
IDC,M,rv
Validation M and customer’s credit.
(Withdraws)
BSKvCC IrYESMIDC ),,,,( CC
Verify CC and MIf correct, store CC
![Page 8: An Authenticated Payword Scheme without Public Key Cryptosystems Author: Chia-Chi Wu, Chin-Chen Chang, and Iuon-Chang Lin. Source: International Journal](https://reader035.vdocuments.mx/reader035/viewer/2022062408/56649ead5503460f94bb414f/html5/thumbnails/8.jpg)
Introduction(6/6)
Bank (IDB,PKB,SKB) Customer (IDC,SKC) Vendor (IDV)
Verify CC and M
Valid message
wi,i
Verify (wi,i)If and ni Store (wi,i)
When i = nwn,n,CC
Verify CC and )(?
0 nn whw
If correct, store(wn,n) and pay the money into Vendor’s account.
)(0 ii whw
• Adachi et al. Scheme (cont.)
If correct, store CC
![Page 9: An Authenticated Payword Scheme without Public Key Cryptosystems Author: Chia-Chi Wu, Chin-Chen Chang, and Iuon-Chang Lin. Source: International Journal](https://reader035.vdocuments.mx/reader035/viewer/2022062408/56649ead5503460f94bb414f/html5/thumbnails/9.jpg)
Motivation
• Adachi et al.’s Drawback– It changes the PayWord scheme to a prepaid type.
– It still need public key signatures– The overhead of build and maintain a CA– It may suffer from an unauthenticated settlement attack.
• Goal– Minimizing the transaction cost– Avoiding credit be abused– Can be applied to the low computational ability enviro
nment.– Reduce the bank settlement risk
![Page 10: An Authenticated Payword Scheme without Public Key Cryptosystems Author: Chia-Chi Wu, Chin-Chen Chang, and Iuon-Chang Lin. Source: International Journal](https://reader035.vdocuments.mx/reader035/viewer/2022062408/56649ead5503460f94bb414f/html5/thumbnails/10.jpg)
Scheme(1/4)
Customer (PWC,IDC,KC,B,n,h(PWC))
Vendor (PWV,IDV,KV,B,n,h(PWV))
PW: Password ID: Identify K: Shared key. N: nonce value r: random numberg: A primitive element with order P−1 in GF(P) P: A large prime number.
Generates hash chain (wn,wn-1,...w0) wi = h(wi+1), i = n-1,...,0
),,,( 0 EnwIDM V
(Using Smart Card)
))((1,BCKVCCCC IDNRMPWIDString
String1
PgR CrC mod
Generate NC
Bank(KC,B,KV,B)
![Page 11: An Authenticated Payword Scheme without Public Key Cryptosystems Author: Chia-Chi Wu, Chin-Chen Chang, and Iuon-Chang Lin. Source: International Journal](https://reader035.vdocuments.mx/reader035/viewer/2022062408/56649ead5503460f94bb414f/html5/thumbnails/11.jpg)
Scheme(2/4)
Bank(KC,B,KV,B)
Customer (PWC,IDC,KC,B,n,h(PWC))
Vendor (PWV,IDV,KV,B,n,h(PWV))
Generate NV PgR Vr
V mod))((2
,BVKVVCVV NRIDPWIDString
21 StringString
(Using Smart Card)
Verify String1If correct, store M, transaction partner, root w0
Verify String2Check PWV, IDC
))1(())1((,, BCBV KCVVCKVCCCV NRIDIDNIRMIDID
![Page 12: An Authenticated Payword Scheme without Public Key Cryptosystems Author: Chia-Chi Wu, Chin-Chen Chang, and Iuon-Chang Lin. Source: International Journal](https://reader035.vdocuments.mx/reader035/viewer/2022062408/56649ead5503460f94bb414f/html5/thumbnails/12.jpg)
Scheme(3/4)
Customer (PWC,IDC,KC,B,n,h(PWC))
Vendor (PWV,IDV,KV,B,n,h(PWV))
BVKVCCC NIRMID,
)1( DecryptCheck NV+1
PRSK VrC mod
Store IDC,SK,M,IC
Generate h(M,SK)
),())1(,
SKMhNRIDIDBCKCVVC
Decrypt ))1(,BCKCVV NRID
Check NC+1PRKS Cr
V mod
Verify ),(),(?
SKMhKSMh If correct, store IDV,SK
Bank(KC,B,KV,B)
![Page 13: An Authenticated Payword Scheme without Public Key Cryptosystems Author: Chia-Chi Wu, Chin-Chen Chang, and Iuon-Chang Lin. Source: International Journal](https://reader035.vdocuments.mx/reader035/viewer/2022062408/56649ead5503460f94bb414f/html5/thumbnails/13.jpg)
Scheme(4/4)
Customer (PWC,IDC,KC,B,n,h(PWC))
Vendor (PWV,IDV,KV,B,n,h(PWV))
WIDC
SKWwi
Check
),( iSKwW i
If , store(wi,i)ni
When i = nBVKnCVV nwIDPWID
,)(
BVKnCV nwIDPW,
)(Decrypt
Check PWV and )(?
0 nn whw
If correct, store(wn,n) and pay the money into Vendor’s account.
)(?
0 ii whw
Bank(KC,B,KV,B)
![Page 14: An Authenticated Payword Scheme without Public Key Cryptosystems Author: Chia-Chi Wu, Chin-Chen Chang, and Iuon-Chang Lin. Source: International Journal](https://reader035.vdocuments.mx/reader035/viewer/2022062408/56649ead5503460f94bb414f/html5/thumbnails/14.jpg)
Security Analysis
• Credit Abuse Attack
• Counterfeiting PayWord
• Bank Falsification Attack
• Unauthorized Withdrawal
• Double Spending
• Replay Attack
![Page 15: An Authenticated Payword Scheme without Public Key Cryptosystems Author: Chia-Chi Wu, Chin-Chen Chang, and Iuon-Chang Lin. Source: International Journal](https://reader035.vdocuments.mx/reader035/viewer/2022062408/56649ead5503460f94bb414f/html5/thumbnails/15.jpg)
Performance Evaluation
Prepaid
No
![Page 16: An Authenticated Payword Scheme without Public Key Cryptosystems Author: Chia-Chi Wu, Chin-Chen Chang, and Iuon-Chang Lin. Source: International Journal](https://reader035.vdocuments.mx/reader035/viewer/2022062408/56649ead5503460f94bb414f/html5/thumbnails/16.jpg)
Advantage vs. Drawback
• Advantage– Low power consumption– It can resist several attack.– All wi are secret over the Internet, and each t
ransmission message has to be authenticated.
• Drawback– Bank has to pre-share the secret keys to cust
omer and the vender.
![Page 17: An Authenticated Payword Scheme without Public Key Cryptosystems Author: Chia-Chi Wu, Chin-Chen Chang, and Iuon-Chang Lin. Source: International Journal](https://reader035.vdocuments.mx/reader035/viewer/2022062408/56649ead5503460f94bb414f/html5/thumbnails/17.jpg)
Comment
• It didn’t consider about the exponentiation cost of session key.
• It may not need the smart card to do this protocol.• It didn’t have comparison of storage.• It is not convenient to used on mobile phone or PDA.• This scheme need additional hardware (ex. smart
card, reader) and middleware to handle the transactions.
![Page 18: An Authenticated Payword Scheme without Public Key Cryptosystems Author: Chia-Chi Wu, Chin-Chen Chang, and Iuon-Chang Lin. Source: International Journal](https://reader035.vdocuments.mx/reader035/viewer/2022062408/56649ead5503460f94bb414f/html5/thumbnails/18.jpg)
Comment (cont.)
PayWord Scheme
Adchi et al.’s Scheme
Proposed Scheme
Bank wi, i wi, i M, IDV, w0, wi, i
Customer wn, hash chain wn, hash chain wn, hash chain
M, NC, rC, RC, ID
V, SK,
Vendor M, wi, i rv,CC, wi, i NV, rV, RV, IDC, SK, M, IC, wi, i
• The comparison of storage of scheme