( )

Similar documents
21 Key Exchange method for portable terminal with direct input by user


(Requirements in communication) (efficiently) (Information Theory) (certainly) (Coding Theory) (safely) (Cryptography) I 1

Virtual Window System Virtual Window System Virtual Window System Virtual Window System Virtual Window System Virtual Window System Social Networking


1 Fig. 1 Extraction of motion,.,,, 4,,, 3., 1, 2. 2.,. CHLAC,. 2.1,. (256 ).,., CHLAC. CHLAC, HLAC. 2.3 (HLAC ) r,.,. HLAC. N. 2 HLAC Fig. 2

2011 Future University Hakodate 2011 System Information Science Practice Group Report Project Name Visualization of Code-Breaking Group Name Implemati

Vol. 45 No Web ) 3) ),5) 1 Fig. 1 The Official Gazette. WTO A



7,, i

先端社会研究 ★5★号/4.山崎

Vol.55 No (Jan. 2014) saccess 6 saccess 7 saccess 2. [3] p.33 * B (A) (B) (C) (D) (E) (F) *1 [3], [4] Web PDF a m

LAN LAN LAN LAN LAN LAN,, i

paper.dvi

28 Horizontal angle correction using straight line detection in an equirectangular image

2011 Future University Hakodate 2011 System Information Science Practice Group Report Project Name Visualization of Code-Breaking RSA Group Name RSA C

i

P2P Web Proxy P2P Web Proxy P2P P2P Web Proxy P2P Web Proxy Web P2P WebProxy i

1 1 tf-idf tf-idf i

& Vol.5 No (Oct. 2015) TV 1,2,a) , Augmented TV TV AR Augmented Reality 3DCG TV Estimation of TV Screen Position and Ro

1., 1 COOKPAD 2, Web.,,,,,,.,, [1]., 5.,, [2].,,.,.,, 5, [3].,,,.,, [4], 33,.,,.,,.. 2.,, 3.., 4., 5., ,. 1.,,., 2.,. 1,,

1 4 4 [3] SNS 5 SNS , ,000 [2] c 2013 Information Processing Society of Japan

, IT.,.,..,.. i

HP cafe HP of A A B of C C Map on N th Floor coupon A cafe coupon B Poster A Poster A Poster B Poster B Case 1 Show HP of each company on a user scree

/toushin/.htm GP GP GP GP GP p.

Web Basic Web SAS-2 Web SAS-2 i

Web Web Web Web Web, i

Web ( ) [1] Web Shibboleth SSO Web SSO Web Web Shibboleth SAML IdP(Identity Provider) Web Web (SP:ServiceProvider) ( ) IdP Web Web MRA(Mail Retrieval

Vol.2.indb

3D UbiCode (Ubiquitous+Code) RFID ResBe (Remote entertainment space Behavior evaluation) 2 UbiCode Fig. 2 UbiCode 2. UbiCode 2. 1 UbiCode UbiCode 2. 2

IPSJ SIG Technical Report Secret Tap Secret Tap Secret Flick 1 An Examination of Icon-based User Authentication Method Using Flick Input for

IPSJ SIG Technical Report Vol.2016-CE-137 No /12/ e β /α α β β / α A judgment method of difficulty of task for a learner using simple

Wi-Fi Wi-Fi Wi-Fi Wi-Fi SAS SAS-2 Wi-Fi i

,,,,., C Java,,.,,.,., ,,.,, i

( )

16_.....E...._.I.v2006

P2P P2P Winny 3 P2P P2P 1 P2P, i

特集_03-07.Q3C

IPSJ SIG Technical Report Vol.2011-EC-19 No /3/ ,.,., Peg-Scope Viewer,,.,,,,. Utilization of Watching Logs for Support of Multi-

58 10

Vol. 42 No. SIG 8(TOD 10) July HTML 100 Development of Authoring and Delivery System for Synchronized Contents and Experiment on High Spe

IT,, i


1 Web [2] Web [3] [4] [5], [6] [7] [8] S.W. [9] 3. MeetingShelf Web MeetingShelf MeetingShelf (1) (2) (3) (4) (5) Web MeetingShelf

Input image Initialize variables Loop for period of oscillation Update height map Make shade image Change property of image Output image Change time L

TCP/IP IEEE Bluetooth LAN TCP TCP BEC FEC M T M R M T 2. 2 [5] AODV [4]DSR [3] 1 MS 100m 5 /100m 2 MD 2 c 2009 Information Processing Society of

THE INSTITUTE OF ELECTRONICS, INFORMATION AND COMMUNICATION ENGINEERS TECHNICAL REPORT OF IEICE.

12) NP 2 MCI MCI 1 START Simple Triage And Rapid Treatment 3) START MCI c 2010 Information Processing Society of Japan

The 15th Game Programming Workshop 2010 Magic Bitboard Magic Bitboard Bitboard Magic Bitboard Bitboard Magic Bitboard Magic Bitboard Magic Bitbo

29 jjencode JavaScript

大学論集第42号本文.indb

DEIM Forum 2009 B4-6, Str

TF-IDF TDF-IDF TDF-IDF Extracting Impression of Sightseeing Spots from Blogs for Supporting Selection of Spots to Visit in Travel Sat


施 ほか/3-18

( ) ATR

A Study on Throw Simulation for Baseball Pitching Machine with Rollers and Its Optimization Shinobu SAKAI*5, Yuichiro KITAGAWA, Ryo KANAI and Juhachi

04.™ƒ”R/’Ô”�/’Xfl©

(Visual Secret Sharing Scheme) VSSS VSSS 3 i

/02/ /09/ /05/ /02/ CA /11/09 OCSP SubjectAltName /12/02 SECOM Passport for Web SR

kut-paper-template.dvi

The copyright of this material is retained by the Information Processing Society of Japan (IPSJ). The material has been made available on the website

ディスプレイと携帯端末間の通信を実現する映像媒介通信技術

Journal of Geography 116 (6) Configuration of Rapid Digital Mapping System Using Tablet PC and its Application to Obtaining Ground Truth


評論・社会科学 90号(よこ)(P)/4.咸

ネットワーク化するデジタル情報家電の動向

Core Ethics Vol. -

( ) [1] [4] ( ) 2. [5] [6] Piano Tutor[7] [1], [2], [8], [9] Radiobaton[10] Two Finger Piano[11] Coloring-in Piano[12] ism[13] MIDI MIDI 1 Fig. 1 Syst

3_23.dvi

News_Letter_No35(Ver.2).p65


) ) 20 15) 16) ) 18) 19) (2) ha 8% 20) ) 22)

2 ( ) i

18巻2号_09孫さま03p.indd

untitled

XMLを基盤とするビジネスプロトコルの動向

COM COM 4) 5) COM COM 3 4) 5) COM COM 6) 7) 10) COM Bonanza 6) Bonanza Hearts COM 7) 10) Hearts 3 2,000 4,000

地域共同体を基盤とした渇水管理システムの持続可能性


★保健医療科学_第67巻第2号.indb


Bull. of Nippon Sport Sci. Univ. 47 (1) Devising musical expression in teaching methods for elementary music An attempt at shared teaching

How to reinforce password authentications

Web Web ID Web 16 Web Web i

16

kut-paper-template.dvi

(2) (1) 4 24 NTT Super Cash < 1 May.2001)

& Vol.2 No (Mar. 2012) 1,a) , Bluetooth A Health Management Service by Cell Phones and Its Us

,,.,,., II,,,.,,.,.,,,.,,,.,, II i

3 - i


Core1 FabScalar VerilogHDL Cache Cache FabScalar 1 CoreConnect[2] Wishbone[3] AMBA[4] AMBA 1 AMBA ARM L2 AMBA2.0 AMBA2.0 FabScalar AHB APB AHB AMBA2.0

Vol. 42 No MUC-6 6) 90% 2) MUC-6 MET-1 7),8) 7 90% 1 MUC IREX-NE 9) 10),11) 1) MUCMET 12) IREX-NE 13) ARPA 1987 MUC 1992 TREC IREX-N

(2) IPP Independent Power Producers IPP 1995 NCC(New Common Carrier NCC NTT NTT NCC NTT NTT IPP 2. IPP (3) [1] [2] IPP [2] IPP IPP [1] [2]

PeerPool IP NAT IP UPnP 2) Bonjour 3) PeerPool CPU 4) 2 UPnP Bonjour PeerPool CPU PeerPool PeerPool PPv2 PPv2 2. PeerPool 2.1 PeerPool PeerPool PoolGW

_Y05…X…`…‘…“†[…h…•

2 122

[2] OCR [3], [4] [5] [6] [4], [7] [8], [9] 1 [10] Fig. 1 Current arrangement and size of ruby. 2 Fig. 2 Typography combined with printing

Transcription:

NAIST-IS-MT0851100 2010 2 4

( )

CR CR CR 1980 90 CR Kerberos SSH CR CR CR CR CR CR,,, ID, NAIST-IS- MT0851100, 2010 2 4. i

On the Key Management Policy of Challenge Response Authentication Schemes Toshiya fukunaga Abstract challenge-response authentication (CRA) is an effective mechanism to achieve mutual authentication over insecure network. In CRA, one party gives some questions (challenge) to its communication opponent, and confirms validity of the opponent only if the opponent can show correct answers (response). To ensure that only a valid entity can make correct responses, CRA mechanisms are usually designed with cryptography. Protocols for CRA were eagerly studied in 1980 s and 1990 s, and implemented in practical protocols such as Kerberos and SSH. The environment and technologies have been drastically changed since then, and those old CRA protocols cannot fulfill some of recently arising requirements. The purpose of this paper is to re-examine CRA protocols in a contemporary point of view. This paper first investigates properties which are required to CRA protocols today, and points out problems in conventional CRA protocols. After that, new CRA protocols are proposed which are safe and suitable for current systems. Keywords: challenge-response authentication, mutual authentication, protocol, ID-base cryptgraphy, availability Master s Thesis, Department of Information Processing, Graduate School of Information Science, Nara Institute of Science and Technology, NAIST-IS-MT0851100, February 4, 2010. ii

1. 1 2. 6 2.1................. 6 2.2................... 8 3. CR 11 3.1 CR........................ 11 3.2 CR......................... 13 4. CR 16 4.1 on-the-fly CR............. 17 4.2 CR.................. 19 4.3 ID CR................ 21 5. 25 26 27 iii

1 on-the-fly CR................ 18 2 CR................. 20 3 ID CR.................. 22 1........................... 24 iv

1. 1

web CR CR 2

CR CR CR CR CR CR 3

USB CR [4] [6] CR CR CR CR 3 on-the-fly 4

ID [2] CR 5

2. CR 2.1 CR 6

1 2 3 4 7

CR 5 2.2 1 8

web web CR 9

CR 6 7 CR 10

3. CR 3.1 CR CR CR Kerberos [4] CR h() k E k(), D k() pk, sk E pk (), D sk () ACK 3.2 4 k k k 11

nonce n 1 m 1 = E k(n 1 ) x D k(m 1 ) nonce n 2 m 2 = E k(x, n 2 ) (y 1, y 2 ) D k(m 2 ) y 1 = n 1 m 3 = y 2 m 3 = n 2 CR CR CR 1 2 CR 3 4 p k C k M C M M M k k p 12

M 5 CR CR UNIX CR 6 7 3.2 CR CR CR CR SSH [6] SSH 13

pk s pk u sk u pk s, sk u nonce nonce pk u sk u pk s pk s SSH CR CR 1 RSA [5] n p, q (n, e) e (p 1)(q 1) 1 2 SSH 14

3 4 5 sk u pk u sk u 6 1 1 7 15

4. CR CR CR ElGamal [3] ID ID CR KG 4.1 KG CR CR on-the-fly 3.2, 4.2 ID CR 2 4.3 16

4.1 on-the-fly CR on-the-fly KG KG KG 3.2 3.2 p ((pk 1, sk 1 ), (pk 2, sk 2 )) = KG(h(p)) ((pk 1, sk 1 ), (pk 2, sk 2 )) pk 1 sk 2 pk 1 nonce n 1 m 1 = E pk1 (n 1 ) p ((pk 1, sk 1 ), (pk 2, sk 2 )) = KG(h(p)) n 1 D sk1 (m 1 ) n 1 nonce n 2 m 2 = E pk2 (n 2, E n 1 n 2 (ACK 1 )) (x 1, x 2 ) D sk2 (m 2 ) x 2 E n 1 x 1 (ACK 1 ) m 3 = E n 1 x 1 (ACK 2 ) m 3 E n1 n2 (ACK 2) 17

n 1 D sk1 (m 1 ) m 2 = E pk2 (n 2, E n 1 n 2 (ACK 1 ))? m 3 = E n1 n2 (ACK 2) m 1 m 1 = E pk1 (n 1 ) m 2 (x 1, x 2 ) D sk2 (m 2 )? x 2 = E n 1 x 1 (ACK 1 ) m 3 m 3 = E n 1 x 1 (ACK 2 ) 1 on-the-fly CR 1 p 1 p 2 3.2 3 4 KG p ((pk 1, sk 1), (pk 2, sk 2)) KG(h(p )) sk 1, sk 2 m 1, m 2 n 1 D sk 1 (m 1 ), (n 2, x ) D sk 2 (m 2 ) x E n 1 n 2(ACK 1 ) 5 (pk 1, sk 2 ) p pk 1 sk 1 6 18

p (pk 1, sk 1 ), (pk 2, sk 2 ) pk 1 sk 2 7 4.2 CR 3.2 1 2 KG KG p (pk, sk) = KG(h(p)) pk pk nonce n 1, n 2 pk m 1 = E pk (n 1, n 2 ) p 19

(x 1, x 2 ) D sk (m 1 ) m 2 = E x 2 (x 1, n 3 )? m 3 = E n 3 (ACK) m 1 m 1 = E pk (n 1, n 2 ) m 2 (y 1, y 2 ) D n 2 (m 2 )? y 1 = n 1 m 3 m 3 = E y 2 (ACK) 2 CR (pk, sk) = KG(h(p)) (x 1, x 2 ) D sk (m 1 ) nonce n 3 m 2 = E x 2 (x 1, n 3 ) (y 1, y 2 ) D n 2 (m 2 ) y 1 = n 1 m 3 = E y 2 (ACK) m 3 E n 3 (ACK) 2 1 2 3 4, p p p 5 pk sk 6 20

p pk pk 7 4.3 ID CR CR CR ID [2] ID ID CR ID x (ID) sk x p u u p u p sk u p 21

m 1 = E u p (n 1, n 2 ) (y 1, y 2 ) D n 2 (m 2 )? y 1 = n 1 m 3 = E y 2 (ACK) m 1 (x 1, x 2 ) D sku p (m 1 ) m 2 m 2 = E x 2 (x 1, n 3 ) m 3? m 3 = E n 3 (ACK) 3 ID CR nonce n 1, n 2 u p m 1 = E u p (n 1, n 2 ) (x 1, x 2 ) D sku p (m 1 ) m 2 = E x 2 (x 1, n 3 ) (y 1, y 2 ) D x 2 (m 2 ) y 1 = n 1 m 3 = E y 2 (ACK) m 3 E n 3 (ACK) 3. u p 1 2 2 CR 3 22

4 p p p p 5 u p sk u p p sk u p 6 u u p sk u p, sk u p sk u p, sk u p 7 CR 23

1 1 2 3 4 5 1 2 3 4 5 6 7 1 : 2 : 3 : 4 : 5 : 6 : 7 : 1 : CR 2 : CR 3 : on-the-fly CR 4 : CR 5 : ID CR 24

5. CR 2 CR CR 4 CR 4.3 ID 2 25

26

[1] S.T. Bellovin and M. Meritt, Encrypted key exchange: Passwordbased protocols secure against dictionary attacks and password file compromise, 1st ACM Conference on Computer and Communications Security, pp.244-250, 1993. [2] D. Boneh, Identity-Based Encryption from the Weil Pairing, CRYPTO 01, pp.213-229, 2001. [3] E. ElGmal, A Public-Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms, CRYPTO 84, pp.10-18, 1985. [4] J.T. Kohl, B.C. Neuman and T.Y. Ts o, The Evolution of the Kerberos Authentication Service, EurOpen Conference Proceedings, pp.295-313, 1991. [5] R.L. Rivest, A. Shamir and L.M. Adleman, A Method for Obtaining Digital Signatures and Public-Key Cryptosystems, Communications of the ACM, 21, 2, pp.120-126, 1978 [6] T. Ylonen and C. Lonvick, The Secure Shell (SSH) Authentication Protocol, RFC 4252, 2006. [7],,, 2010 SCIS 2010, 1E2-3, 2010. 27

2024 © docsplayer.net プライバシー | 利用規約 | フィードバック