Font Size: a A A

Research Of Smartcard Authentication And Privacy Protection Protocols

Posted on:2008-09-08Degree:DoctorType:Dissertation
Country:ChinaCandidate:T WangFull Text:PDF
GTID:1118360215983696Subject:Cryptography
Abstract/Summary:PDF Full Text Request
Smartcard is a small electronic device that contains electronicmemory, and possibly an embedded integrated circuit(IC). Because of itsrelatively low cost and small size, and the ability to execute securecryptology protocols, it has been widely used in the fields such ascommunication, bank, traffic and access control. According to theAssociation of European Smartcard Provider, EuroSmart, in the year of2005, the annual production of smartcard was increased by 22%. Chinahas reached a total card production of several hundred million and anannual production increase ratio between 30% and 40%.Smartcard is always embedded with personal identificationinformation, and communicate with terminal through specific cryptologyprotocols. Currently, the security threat to smartcard can be categorizedinto the following three types. 1. The confliction between the low costrequirement and the cryptology key size always leads to the sacrifice ofthe security. 2. The card designer gives too much assumption upon theself-containment property of smartcard and neglect the impact ofpotential clone attacks. 3. The unique identity embedded in the smartcardcan disclose user privacy accidentally. The thesis analyzes these securitythreats by the example of several types of card, and provides somesolutions. The result of the thesis is:1) GSM protocol incorporates COMP128 algorithm as theauthentication method between mobile phone and the base station.The password of the authentication is the Ki embedded within theSIM card. SIM card designer has deliberately disabled the ability toread the Ki from SIM card directly, but allow the card to be queriedby GSM defined challenge-response protocol, which involves thecalculation of Ki. After the details of COMP128 algorithm is leakedto public, world's top cryptographers find one method to dig Ki outby this challenge-response way. The thesis explained the principle of this attack and its improvement. The improvement of Strong-Kiattack resulted in a significant increase of attack speed.2) RFID tag has been widely used today. But the RFID security isalways a hard-to-solve issue. Because RFID tag's fundamentaladvantage is its low cost, which on the other side, restrict thestrength of the cryptographic protocols greatly. A lot of newprotocols emerged, but all of them don't solve all of the threesecurity concerns: authentication, privacy protection and systemavailability. The thesis proposed one new practical protocol, whichmeet the three security requirements above.3) One of the application scenarios of the Trusted Computingtechnology is, platform needs to be remotely authenticated, but theauthentication protocol always discloses platform's true identity andhence raises the privacy concern. Once platform's identity isdisclosed, all of this platform's action can be linked and analyzedautomatically, which poses a great threat to the users' privacy. Toaddress this problem, TCG has come up with a new DAA protocolin its TPM specification 1.2. With the help of DAA protocol,platform can generate a new random identity and anonymouslyprove its validity. The thesis explains the process of DAA protocol,and made a detailed analysis of the protocol and the supposedattack.4) DAA protocol is very complicated, which includes severalzero-knowledge sub-protocols. When implementing DAA protocol,we must deal with big number issues including big numbermodeling and performance tuning. The thesis analyzes the DAA'sspecial property and gives suggestions on its implementation. Thesafe prime generation algorithm has been improved and severalstrategies for performance tuning, security programming and testingare discussed.5) DAA protocol can be extended according to its application. Thethesis discussed the extension of DAA in the digital signatureapplication, property commitment and trusted third partypseudonym revocation. A DAA based electronic voting protocol is also proposed and analyzed.6) The original DAA protocol is based upon Strong RSA assumption.Because it is so complicated, we discuss the possibility ofimplementing DAA directly with Strong RSA assumption. Thebiggest difficulty in this method is: there is no proper zeroknowledge protocol currently to prove the discrete logarithm and thediscrete base at the same time. The cut-and-choose methodology isproposed to address this problem. This new DAA protocol alsoincludes a pseudonym sub protocol, which allows the user to choosebetween the full anonymous and the full identification. The newDAA protocol is simpler than the old one.7) Oblivious transfer refers to the cryptographic protocol that can beused to transfer a series of encrypted data to receiver, in whichexactly one of the data can be decrypted by the receiver but sendercan't tell the identity of the decrypted one. The thesis utilizes thisconcept and designs a new DAA protocol. The new DAA protocol isresistant to attacks such as privacy disclosure, forgery,eaves-dropping and replay. The pseudonym sub protocol is alsoincluded.8) Compared with the ordinary commitment protocol, the timedcommitment protocol has one forced open algorithm, which can becarried out by the receiver after certain time has elapsed to disclosethe committed value. This property is very practical and can be usedin electronic contract. The thesis proposed two timed commitmentschemes, based upon one-TTP and Multi-TTP respectively.Mulit-TTP scheme enhance the trustiness of the TTP through thePublic Verifiable Secret Share protocol. After this, a timed signatureprotocol and its application in electronic contract are discussed.
Keywords/Search Tags:smartcard, SIM card, RFID, Trusted Computing, DAA, Authentication Security, Privacy Protection, Commitment Protocol
PDF Full Text Request
Related items