on the use of continued fraction for mutual authentication
TRANSCRIPT
OutlineIntroduction
Continued FractionsContinued Fraction’s Authentication
Questions
Presentation: On the use of continued fractionsfor mutual authentication
Amadou Moctar Kane
May 4, 2015
Amadou Moctar Kane Presentation: On the use of continued fractions for mutual authentication
OutlineIntroduction
Continued FractionsContinued Fraction’s Authentication
Questions
1 Introduction
2 Continued Fractions
3 Continued Fraction’s AuthenticationThe Needham-Schroeder protocolOur Contribution
4 Questions
Amadou Moctar Kane Presentation: On the use of continued fractions for mutual authentication
OutlineIntroduction
Continued FractionsContinued Fraction’s Authentication
Questions
Goals
After Diffie-Hellman: Fermat’s little theorem, LinearizationXL, graph theory. . .
Continued Fraction
How to use?Quadratic irrational?Γ?
Amadou Moctar Kane Presentation: On the use of continued fractions for mutual authentication
OutlineIntroduction
Continued FractionsContinued Fraction’s Authentication
Questions
Goals
After Diffie-Hellman: Fermat’s little theorem, LinearizationXL, graph theory. . .
Continued Fraction
How to use?Quadratic irrational?Γ?
Amadou Moctar Kane Presentation: On the use of continued fractions for mutual authentication
OutlineIntroduction
Continued FractionsContinued Fraction’s Authentication
Questions
Goals
After Diffie-Hellman: Fermat’s little theorem, LinearizationXL, graph theory. . .
Continued Fraction
How to use?
Quadratic irrational?Γ?
Amadou Moctar Kane Presentation: On the use of continued fractions for mutual authentication
OutlineIntroduction
Continued FractionsContinued Fraction’s Authentication
Questions
Goals
After Diffie-Hellman: Fermat’s little theorem, LinearizationXL, graph theory. . .
Continued Fraction
How to use?Quadratic irrational?
Γ?
Amadou Moctar Kane Presentation: On the use of continued fractions for mutual authentication
OutlineIntroduction
Continued FractionsContinued Fraction’s Authentication
Questions
Goals
After Diffie-Hellman: Fermat’s little theorem, LinearizationXL, graph theory. . .
Continued Fraction
How to use?Quadratic irrational?Γ?
Amadou Moctar Kane Presentation: On the use of continued fractions for mutual authentication
OutlineIntroduction
Continued FractionsContinued Fraction’s Authentication
Questions
Continued Fractions
An expression of the form
α := a0 +b0
a1 +b1
a2 +b2
. . .
is called a generalized continued fraction. Typically, the numbersa1, . . . , b1, . . . may be real or complex, and the expansion may befinite or infinite.
Amadou Moctar Kane Presentation: On the use of continued fractions for mutual authentication
OutlineIntroduction
Continued FractionsContinued Fraction’s Authentication
Questions
Preliminaries
It is not possible to find an irrational number α simply on thebasis of knowledge of the partial quotients [am+1, . . . , am+n].
The knowledge of a = [am+1, . . . , am+n] does not allow toknow any other partial quotients of continued fractionexpansion.r√
log(A) is transcendental.
Amadou Moctar Kane Presentation: On the use of continued fractions for mutual authentication
OutlineIntroduction
Continued FractionsContinued Fraction’s Authentication
Questions
Preliminaries
It is not possible to find an irrational number α simply on thebasis of knowledge of the partial quotients [am+1, . . . , am+n].
The knowledge of a = [am+1, . . . , am+n] does not allow toknow any other partial quotients of continued fractionexpansion.
r√
log(A) is transcendental.
Amadou Moctar Kane Presentation: On the use of continued fractions for mutual authentication
OutlineIntroduction
Continued FractionsContinued Fraction’s Authentication
Questions
Preliminaries
It is not possible to find an irrational number α simply on thebasis of knowledge of the partial quotients [am+1, . . . , am+n].
The knowledge of a = [am+1, . . . , am+n] does not allow toknow any other partial quotients of continued fractionexpansion.r√
log(A) is transcendental.
Amadou Moctar Kane Presentation: On the use of continued fractions for mutual authentication
OutlineIntroduction
Continued FractionsContinued Fraction’s Authentication
Questions
The Needham-Schroeder protocolOur Contribution
Authentication
Continued Fraction’sAuthentication
Amadou Moctar Kane Presentation: On the use of continued fractions for mutual authentication
OutlineIntroduction
Continued FractionsContinued Fraction’s Authentication
Questions
The Needham-Schroeder protocolOur Contribution
Authentication
Entity authentication is the process whereby one party is assured ofthe identity of a second party involved in a protocol, and that thesecond has actually participated.
Amadou Moctar Kane Presentation: On the use of continued fractions for mutual authentication
OutlineIntroduction
Continued FractionsContinued Fraction’s Authentication
Questions
The Needham-Schroeder protocolOur Contribution
Authentication Tools
passwords, Tokens, Certificates
Biometric tools, . . .
Amadou Moctar Kane Presentation: On the use of continued fractions for mutual authentication
OutlineIntroduction
Continued FractionsContinued Fraction’s Authentication
Questions
The Needham-Schroeder protocolOur Contribution
Authentication Tools
passwords, Tokens, Certificates
Biometric tools, . . .
Amadou Moctar Kane Presentation: On the use of continued fractions for mutual authentication
OutlineIntroduction
Continued FractionsContinued Fraction’s Authentication
Questions
The Needham-Schroeder protocolOur Contribution
several authentication protocols
Needham-Schroeder.
Kerberos.
Wide Mouthed Frog.
Woo-Lam.
Amadou Moctar Kane Presentation: On the use of continued fractions for mutual authentication
OutlineIntroduction
Continued FractionsContinued Fraction’s Authentication
Questions
The Needham-Schroeder protocolOur Contribution
several authentication protocols
Needham-Schroeder.
Kerberos.
Wide Mouthed Frog.
Woo-Lam.
Amadou Moctar Kane Presentation: On the use of continued fractions for mutual authentication
OutlineIntroduction
Continued FractionsContinued Fraction’s Authentication
Questions
The Needham-Schroeder protocolOur Contribution
several authentication protocols
Needham-Schroeder.
Kerberos.
Wide Mouthed Frog.
Woo-Lam.
Amadou Moctar Kane Presentation: On the use of continued fractions for mutual authentication
OutlineIntroduction
Continued FractionsContinued Fraction’s Authentication
Questions
The Needham-Schroeder protocolOur Contribution
several authentication protocols
Needham-Schroeder.
Kerberos.
Wide Mouthed Frog.
Woo-Lam.
Amadou Moctar Kane Presentation: On the use of continued fractions for mutual authentication
OutlineIntroduction
Continued FractionsContinued Fraction’s Authentication
Questions
The Needham-Schroeder protocolOur Contribution
The Needham-Schroeder protocol without the server
Table: The Needham-Schroeder protocol in brief
Alice BobE(Na,A:PKB)−−−−−−−−→E(Na,Nb:PKA)←−−−−−−−−−E(Nb:PKB)−−−−−−−→
Amadou Moctar Kane Presentation: On the use of continued fractions for mutual authentication
OutlineIntroduction
Continued FractionsContinued Fraction’s Authentication
Questions
The Needham-Schroeder protocolOur Contribution
The Lowe’s Attack
Table: The Lowe’s Attack
Alice Intruder BankE(Na,A:PKI )−−−−−−−−→
E(Na,A:PKB)−−−−−−−−→E(Na,Nb:PKA)←−−−−−−−−−
E(Na,Nb:PKA)←−−−−−−−−−E(Nb:PKI )−−−−−−→
E(Nb:PKB)−−−−−−−→
Amadou Moctar Kane Presentation: On the use of continued fractions for mutual authentication
OutlineIntroduction
Continued FractionsContinued Fraction’s Authentication
Questions
The Needham-Schroeder protocolOur Contribution
The Needham-Schroeder-Lowe protocol
Table: The Needham-Schroeder-Lowe protocol
Alice BobE(Na,A:PKB)−−−−−−−−→E(B,Na,Nb:PKA)←−−−−−−−−−−E(Nb:PKB)−−−−−−−→
Amadou Moctar Kane Presentation: On the use of continued fractions for mutual authentication
OutlineIntroduction
Continued FractionsContinued Fraction’s Authentication
Questions
The Needham-Schroeder protocolOur Contribution
Attack on Needham-Schroeder-Lowe
The Attacker has an access to Alice computer.
The Attacker finds this messageE (Bank of Canada,Na,Nb : PKA) and
Amadou Moctar Kane Presentation: On the use of continued fractions for mutual authentication
OutlineIntroduction
Continued FractionsContinued Fraction’s Authentication
Questions
The Needham-Schroeder protocolOur Contribution
Attack on Needham-Schroeder-Lowe
The Attacker has an access to Alice computer.
The Attacker finds this messageE (Bank of Canada,Na,Nb : PKA) and
Amadou Moctar Kane Presentation: On the use of continued fractions for mutual authentication
OutlineIntroduction
Continued FractionsContinued Fraction’s Authentication
Questions
The Needham-Schroeder protocolOur Contribution
Attack on our algorithm
The Attacker has an access to Alice computer.
The Attacker finds this message E (a2, a3, a4, a5, a6, a7, a8,a9, a10, Nb; PKA) and
Amadou Moctar Kane Presentation: On the use of continued fractions for mutual authentication
OutlineIntroduction
Continued FractionsContinued Fraction’s Authentication
Questions
The Needham-Schroeder protocolOur Contribution
Attack on our algorithm
The Attacker has an access to Alice computer.
The Attacker finds this message E (a2, a3, a4, a5, a6, a7, a8,a9, a10, Nb; PKA) and
Amadou Moctar Kane Presentation: On the use of continued fractions for mutual authentication
OutlineIntroduction
Continued FractionsContinued Fraction’s Authentication
Questions
The Needham-Schroeder protocolOur Contribution
Identities
Wide Mouthed Frog: A, {Ta,B,Kab}Kas
Woo-Lam: P → Q : {P,Q,N1,N2}Kps
Yahalom: A→ B : A,Na
Boyd-Mao: A→ B : A, ra
. . .
Amadou Moctar Kane Presentation: On the use of continued fractions for mutual authentication
OutlineIntroduction
Continued FractionsContinued Fraction’s Authentication
Questions
The Needham-Schroeder protocolOur Contribution
Identities
Wide Mouthed Frog: A, {Ta,B,Kab}Kas
Woo-Lam: P → Q : {P,Q,N1,N2}Kps
Yahalom: A→ B : A,Na
Boyd-Mao: A→ B : A, ra
. . .
Amadou Moctar Kane Presentation: On the use of continued fractions for mutual authentication
OutlineIntroduction
Continued FractionsContinued Fraction’s Authentication
Questions
The Needham-Schroeder protocolOur Contribution
Identities
Wide Mouthed Frog: A, {Ta,B,Kab}Kas
Woo-Lam: P → Q : {P,Q,N1,N2}Kps
Yahalom: A→ B : A,Na
Boyd-Mao: A→ B : A, ra
. . .
Amadou Moctar Kane Presentation: On the use of continued fractions for mutual authentication
OutlineIntroduction
Continued FractionsContinued Fraction’s Authentication
Questions
The Needham-Schroeder protocolOur Contribution
Identities
Wide Mouthed Frog: A, {Ta,B,Kab}Kas
Woo-Lam: P → Q : {P,Q,N1,N2}Kps
Yahalom: A→ B : A,Na
Boyd-Mao: A→ B : A, ra
. . .
Amadou Moctar Kane Presentation: On the use of continued fractions for mutual authentication
OutlineIntroduction
Continued FractionsContinued Fraction’s Authentication
Questions
The Needham-Schroeder protocolOur Contribution
Identities
In order to avoid some attacks, we can remove the identity ofthe principal by
1 By removing this message ” Hi, I am B” if the principals canguess the identities (street, time, Artificial Intelligence...).
2 Using a key for this message: ”passphrase”, and another keyfor the authentication itself.
3 By group signature (Bichsel et al, Boneh et al, Chaum . . . ).4 Anonymous credential systems (Brands, Chaum, . . . ).
Amadou Moctar Kane Presentation: On the use of continued fractions for mutual authentication
OutlineIntroduction
Continued FractionsContinued Fraction’s Authentication
Questions
The Needham-Schroeder protocolOur Contribution
Identities
In order to avoid some attacks, we can remove the identity ofthe principal by
1 By removing this message ” Hi, I am B” if the principals canguess the identities (street, time, Artificial Intelligence...).
2 Using a key for this message: ”passphrase”, and another keyfor the authentication itself.
3 By group signature (Bichsel et al, Boneh et al, Chaum . . . ).4 Anonymous credential systems (Brands, Chaum, . . . ).
Amadou Moctar Kane Presentation: On the use of continued fractions for mutual authentication
OutlineIntroduction
Continued FractionsContinued Fraction’s Authentication
Questions
The Needham-Schroeder protocolOur Contribution
Identities
In order to avoid some attacks, we can remove the identity ofthe principal by
1 By removing this message ” Hi, I am B” if the principals canguess the identities (street, time, Artificial Intelligence...).
2 Using a key for this message: ”passphrase”, and another keyfor the authentication itself.
3 By group signature (Bichsel et al, Boneh et al, Chaum . . . ).4 Anonymous credential systems (Brands, Chaum, . . . ).
Amadou Moctar Kane Presentation: On the use of continued fractions for mutual authentication
OutlineIntroduction
Continued FractionsContinued Fraction’s Authentication
Questions
The Needham-Schroeder protocolOur Contribution
Identities
In order to avoid some attacks, we can remove the identity ofthe principal by
1 By removing this message ” Hi, I am B” if the principals canguess the identities (street, time, Artificial Intelligence...).
2 Using a key for this message: ”passphrase”, and another keyfor the authentication itself.
3 By group signature (Bichsel et al, Boneh et al, Chaum . . . ).
4 Anonymous credential systems (Brands, Chaum, . . . ).
Amadou Moctar Kane Presentation: On the use of continued fractions for mutual authentication
OutlineIntroduction
Continued FractionsContinued Fraction’s Authentication
Questions
The Needham-Schroeder protocolOur Contribution
Identities
In order to avoid some attacks, we can remove the identity ofthe principal by
1 By removing this message ” Hi, I am B” if the principals canguess the identities (street, time, Artificial Intelligence...).
2 Using a key for this message: ”passphrase”, and another keyfor the authentication itself.
3 By group signature (Bichsel et al, Boneh et al, Chaum . . . ).4 Anonymous credential systems (Brands, Chaum, . . . ).
Amadou Moctar Kane Presentation: On the use of continued fractions for mutual authentication
OutlineIntroduction
Continued FractionsContinued Fraction’s Authentication
Questions
The Needham-Schroeder protocolOur Contribution
Preliminaries
The bi ’s are computed as follows:
We apply the hash function SHA1 on A’s public key and weobtain YA = SHA1(PKA).
We divide the string obtain in the previous step in ten parts,and we obtain YA = (b1, b2, . . . , b10).
Amadou Moctar Kane Presentation: On the use of continued fractions for mutual authentication
OutlineIntroduction
Continued FractionsContinued Fraction’s Authentication
Questions
The Needham-Schroeder protocolOur Contribution
Preliminaries
The bi ’s are computed as follows:
We apply the hash function SHA1 on A’s public key and weobtain YA = SHA1(PKA).
We divide the string obtain in the previous step in ten parts,and we obtain YA = (b1, b2, . . . , b10).
Amadou Moctar Kane Presentation: On the use of continued fractions for mutual authentication
OutlineIntroduction
Continued FractionsContinued Fraction’s Authentication
Questions
The Needham-Schroeder protocolOur Contribution
Preliminaries 1
The bi ’s are used in the generalized continued fraction.
α := a0 +b0
a1 +b1
a2 +b2
. . .
Amadou Moctar Kane Presentation: On the use of continued fractions for mutual authentication
OutlineIntroduction
Continued FractionsContinued Fraction’s Authentication
Questions
The Needham-Schroeder protocolOur Contribution
The new protocol
Table: The new protocol
Alice New York TimesE(Na:PKNYTimes)−−−−−−−−−−→E((FC ′( 3√logNa;YAYB),Nb:PKA)←−−−−−−−−−−−−−−−−−−−E((FC ′( 3√logNb;YBYA)):PKNYTimes)−−−−−−−−−−−−−−−−−−−−−→
Amadou Moctar Kane Presentation: On the use of continued fractions for mutual authentication
OutlineIntroduction
Continued FractionsContinued Fraction’s Authentication
Questions
The Needham-Schroeder protocolOur Contribution
The Lowe’s Attack on the new protocol
Table: The Lowe’s Attack on the new protocol
Alice Intruder BobE(Na:PKI )−−−−−−→
E(Na:PKB)−−−−−−−→{FC ′( 3√logNa;YAYB),Nb}←−−−−−−−−−−−−−−−
{FC ′( 3√logNa;YAYB),Nb}←−−−−−−−−−−−−−−−
Amadou Moctar Kane Presentation: On the use of continued fractions for mutual authentication
OutlineIntroduction
Continued FractionsContinued Fraction’s Authentication
Questions
The Needham-Schroeder protocolOur Contribution
Attack using the lack of identity
Table: Attack using the lack of identity
Alice Intruder BobHi I am Bob←−−−−−−−E(Na:PKB)−−−−−−−→
E(Na:PKB) I am Intruder−−−−−−−−−−−−−−→{FC ′( 3√logNa;YAYI ),Nb}←−−−−−−−−−−−−−−−
Amadou Moctar Kane Presentation: On the use of continued fractions for mutual authentication
OutlineIntroduction
Continued FractionsContinued Fraction’s Authentication
Questions
The Needham-Schroeder protocolOur Contribution
Conclusion
1 Goal 1: I wanted to introduce the use of continued fractionsin authentication schemes.
Result: I designed an entity authentication protocol based onthe unpredictability of partial quotients and on the fact thatany irrational number admits an infinity of generalizedcontinued fraction expansion (following the partialnumerators).
2 Goal 2: I tried to adapt authentication systems to newchallenges as the cloud computing.
Result: I removed the identity of principals.
3 Goal 3: I wanted to use the rounding error as an advantage.
Result: The absence of agreement on the rounding errorsbetween the principal and the intruder will increase theprobability of failure of any attack.
Amadou Moctar Kane Presentation: On the use of continued fractions for mutual authentication
OutlineIntroduction
Continued FractionsContinued Fraction’s Authentication
Questions
The Needham-Schroeder protocolOur Contribution
Conclusion
1 Goal 1: I wanted to introduce the use of continued fractionsin authentication schemes.
Result: I designed an entity authentication protocol based onthe unpredictability of partial quotients and on the fact thatany irrational number admits an infinity of generalizedcontinued fraction expansion (following the partialnumerators).
2 Goal 2: I tried to adapt authentication systems to newchallenges as the cloud computing.
Result: I removed the identity of principals.
3 Goal 3: I wanted to use the rounding error as an advantage.
Result: The absence of agreement on the rounding errorsbetween the principal and the intruder will increase theprobability of failure of any attack.
Amadou Moctar Kane Presentation: On the use of continued fractions for mutual authentication
OutlineIntroduction
Continued FractionsContinued Fraction’s Authentication
Questions
The Needham-Schroeder protocolOur Contribution
Conclusion
1 Goal 1: I wanted to introduce the use of continued fractionsin authentication schemes.
Result: I designed an entity authentication protocol based onthe unpredictability of partial quotients and on the fact thatany irrational number admits an infinity of generalizedcontinued fraction expansion (following the partialnumerators).
2 Goal 2: I tried to adapt authentication systems to newchallenges as the cloud computing.
Result: I removed the identity of principals.
3 Goal 3: I wanted to use the rounding error as an advantage.
Result: The absence of agreement on the rounding errorsbetween the principal and the intruder will increase theprobability of failure of any attack.
Amadou Moctar Kane Presentation: On the use of continued fractions for mutual authentication
OutlineIntroduction
Continued FractionsContinued Fraction’s Authentication
Questions
The Needham-Schroeder protocolOur Contribution
Conclusion
1 Goal 1: I wanted to introduce the use of continued fractionsin authentication schemes.
Result: I designed an entity authentication protocol based onthe unpredictability of partial quotients and on the fact thatany irrational number admits an infinity of generalizedcontinued fraction expansion (following the partialnumerators).
2 Goal 2: I tried to adapt authentication systems to newchallenges as the cloud computing.
Result: I removed the identity of principals.
3 Goal 3: I wanted to use the rounding error as an advantage.
Result: The absence of agreement on the rounding errorsbetween the principal and the intruder will increase theprobability of failure of any attack.
Amadou Moctar Kane Presentation: On the use of continued fractions for mutual authentication
OutlineIntroduction
Continued FractionsContinued Fraction’s Authentication
Questions
For your attention
Thank you!
Amadou Moctar Kane Presentation: On the use of continued fractions for mutual authentication