28 SAS-X Proposal of Multi Device Authenticable Password Management System using SAS-X 1195074 2017 2 3

SAS-X Web ID/ ID/ Web SAS-2 SAS-X i

Abstract Proposal of Multi Device Authenticable Password Management System using SAS-X Shingo WATANABE In recent years, with the increase of Web services, ID / password pairs managed by individuals are increasing.for this reason, the password management system is proposed. Also, in addition to ID / password, a one-time password authentication method that improve safety by using disposable passwords has been proposed, too.in the password management system method combining these, it is necessary to secure a safe route at the time of initial registration, and it is not possible to perform authentication with a plurality of terminals.in this research, we point out the problems of existing systems and propose password management system to solve them. key words Password Management System Web service one-time password SAS- 2 SAS-X Multi Device Authentication iii

1 1 1.1..................................... 1 1.2................................ 4 2 7 2.1...................... 7 2.2.................... 8 2.2.1................................. 8 2.2.2 SSL.................................. 8 2.3........................... 10 3 11 3.1.......................... 12 3.2...................... 12 4 SAS 15 4.1 SAS-2............................... 15 4.1.1.............................. 15 4.1.2 SAS-2........................... 16 4.1.3 SAS-2............ 18 4.1.4 SAS-2............................. 19 4.2 SAS-X............................... 20 4.2.1.............................. 20 4.2.2 SAS-X.......................... 20 4.2.3 SAS-X..................... 23 v

5 25 5.1............................... 25 5.2.................................. 26 5.3.............................. 26 5.4................................ 27 5.4.1.............................. 27 5.4.2 i............................... 27 5.5.............................. 28 5.6..................................... 29 5.6.1......................... 29 5.6.2......................... 30 5.6.3................................ 30 5.6.4....................... 30 5.6.5........................... 31 5.6.6......................... 31 5.6.7.................................. 33 6 35 37 39 vi

1.1 Web........................... 2 1.2 1 ID/............ 3 1.3 ID/...................... 3 1.4..................... 4 2.1 SSL................................. 9 4.1 SAS-2:............................. 16 4.2 SAS-2:............................. 18 4.3 SAS-X:............................. 21 4.4 SAS-X:............................. 22 5.1 SAS-X:........................... 27 5.2 SAS-X:i........................... 28 5.3..................... 33 vii

5.1.......................... 29 5.2.................................... 32 5.3 [ms]............................... 32 ix

1 1.1 Web Web Web SNS(Social Networking Service) Web 1.1 ID/ [1] Web 16 ID/ 16 ID/ Web ID/ Web ID/ Web 1.2 5 ID/ 1

1 ID/ 5 [1] 1.3 ID/ 3 5 [1] ID/ ID/ 1.4 PC [2] Wi-Fi ID/ ID/ 1.1 Web 1 ID/ ID/ 2

1.1 1.2 1 ID/ 1.3 ID/ 1 ID/ ID/ 3

1 1.4 SSL(Secure Sokets Layer) 2 ID/ SSL [3] SAS-2(Simple And Secure password authentication protocol, ver.2)[4] [3] 1.2 2 4

1.2 3 4 SAS 5 5

2 2.1 ID/ ID/ ID/ 3 SSL SSL SAS-2 SAS-2 7

2 SSL 2.2 SAS-2 4 2.2.1 DES[5] AES[6] FEAL[7] Diffie-Hellman[8] RSA[9] 2.2.2 SSL SSL TCP/IP 8

2.2 SSL SSL 2.1 SSL 2.1 SSL 1. 2. 3. 4. 5. 6. 7. 8. 9

2 2.3 SAS-2 SSL 2 SAS-2 2 SAS-2 10

3 ID ID/ x H y = H(x) y x x H y MD5[10] SHA-1[11] ROPEMD-160[12] 11

3 3.1 3.2 1 [13] [14] SAS 12

3.2 M SAS SAS 2 3 4 SAS 13

4 SAS SAS SAS-2 SAS-X(Simple And Secure password authentication protocol, extra-secure) 2 SAS-2 SAS-X 4.1 SAS-2 4.1.1 User Server User ID S X F H H(x) x E E(x, k) x k 15

4 SAS 4.1 SAS-2: D D(x, k) x k i N i i + 4.1.2 SAS-2 SAS-2 2 SAS-2 4.1 SAS-2 1. ID S N 0 ID S N 0 16

4.1 SAS-2 A = X(ID, S N 0 ) 2. ID A 3. ID A SAS-2 4.2 i SAS-2 1. ID S N i A = X(ID, S N i ) N i+1 C = X(ID, S N i+1 ) F (C) = F (ID, C) C F (C) N i+1 α = C (F (C) + A) β = F (C) A 2. ID α β 3. β A F (C) = β A C = α (F (C) + A) F (C) F (ID, C) 4. A C γ = H(ID, F (C)) 5. γ 6. H(ID, F (C)) γ 17

4 SAS 4.2 SAS-2: 4.1.3 SAS-2 SAS-2 SAS-2 (i + 1) 18

4.1 SAS-2 α E (F (E) + C) β F (E) C ID α x (F (x) + C) β F (x) C ID i SAS-2 4.1.4 SAS-2 SAS-2 A = X(ID, S N 0 ) A C = X(ID, S N 1 ) α C (F (C) + A) β F (C) A α x (F (x) + A) 19

4 SAS β F (x) A 4.2 SAS-X 4.2.1 User Server User ID S X F H H(x) x i N i i 4.2.2 SAS-X SAS-X 2 SAS-X 4.3 SAS-X 20

4.2 SAS-X 4.3 SAS-X: 1. ID S N 0 S N 0 A = X(S N 0 ) 2. A = X(A) ID A 3. ID A SAS-X 4.4 i SAS-X 1. ID S N i A = X(S N i ) N i+1 C = X(ID, S N i+1 ) C = X(C) C A N i+1 21

4 SAS 4.4 SAS-X: α = C X(A) β = C A 2. ID α β 3. α A C = α A F (A) = F (β C) F (A) A 4. A C γ = H(F (A)) 5. γ 6. H(A) γ 22

4.2 SAS-X 4.2.3 SAS-X SAS-X X(A) = X(S N 0 ) A X(A) C = X(X(S N i )) α C X(A) β C A ID α x X(A) β x A ID i SAS-X 23

5 4 SAS-X SAS-X 5.1 SAS-X SSL 3 25

5 5.2 User Server User A B ID M P ass M ID G GroupID A C G GSA SI X F H H(x) x i N i i + 5.3 5.1 1. ID M P ass M N 1 P ass M N 0 A = X(P ass M N 0 ) 2. A = X(A) 3. ID M A 26

5.4 5.1 SAS-X: 5.4 5.4.1 SAS-X SI A ID G G = (A ID G ) 5.4.2 i i 5.2 i 1. 2. G 3. P ass M N i A = X(P ass M N i ) N i+1 C = X(X(P ass M N i+1 )) 4. = C X(A) = C A GSA = G SI X(A) ID M GSA 27

5 5.2 SAS-X:i 5. X(A) = GSA SI G C = X(A) A = C 6. X(A) F(A) 7. G = G (F (A)) C = H(F (A)) SI 8. H(A) SI 5.5 A B ID M P ass M A 28

5.6 SI G = G A SI SI B 5.6 SAS-2 SAS-X 5.1 5.1 2 4 2 4 5 2 5.6.1 29

5 4 SAS-X 5.6.2 5.6.3 ID M 2 2 2 4 5.6.4 4 2 6 5 2 7 SAS-X SAS-2 30

5.6 5.6.5 4 SAS-X i + 1 α C X(A) β C A ID M GS A α x X(A) β x A ID M GS A i 5.6.6 5.2 100 31

5 5.2 ASUS Nexus7 Qualcomm Snapdragon S4 Pro APQ8064 1.5GHz Mac OS X Inter Core i7 3GHz 5.3 5.3 5.3 [ms] 1 2 3 4 5 241 342 349 354 368 352 241ms 1 342ms 2 349ms 3 354ms 4 368ms 5 352ms 26ms 10 100 5.3 32

5.6 5.3 5.6.7 1 1 1 33

6 ID/ SAS-X 1 1 35

37

[1] http://www.jp.websecurity.symantec.com/welcome/pdf/password management survey.pdf Feb 2 2017 [2] http://www.soumu.go.jp/johotsusintokei/field/tsuushin01.html Feb 2 2017 [3] 2015 [4] T. Tsuji, A.Shimizu, A one-time password authentication method for low spec machines and on internet protocols, IEICE Trans.Commun., vol.e87-b, no.6, pp.1594-1600, 2004. [5] U.S. Dept. of Commerce, FIPS PUB 46-3, Data Encryption Standard (DES), October 1999. [6] NIST, FIPS PUB 197 Advanced Encryption Standard (AES), November 2001. [7],, FEAL,, Vol.J70-D, No. 7, pp.1413-1423, 1987. [8] M. Bellare and P. Rogaway, Optimal Asymmetric Encryption, EURO- CRYPTO 94, LNCS 950, pp. 92-111, Springer-Verlag, 1995. [9] R. Rivest, A. Shamir, and L. Adleman, A method for obtaining digital sig- natures and public-key cryptosystems, Commun. of the ACM, Vol. 21, No.2, pp. 120-126, February 1978. [10] R. Rivest, The MD5 message-digest algorithm, Internet Request For Comments 1321, April 1992. 39

[11] National Institute of Standards and Technology, Secure hash standard, FIPS Publication 180-1, April 1995. [12] W. Stallings, Secure hash algorithm, in Cryptography and Network Security: Principles and Practice Second Edition, pp.193-197, Prentice-Hall, 1999. [13],,, 8-246733, 1996-9-24. [14],,, 7-274258, 1995-10-20. 40