Research Article
BibTex RIS Cite

Parola Tabanlı SIMSec Protokolü

Year 2020, , 1021 - 1030, 30.09.2020
https://doi.org/10.24012/dumf.753942

Abstract

943/5000 SIMSec protokolünün amacı, üretim sırasında Geçici anahtarı takılmamış olan SIM kart ile Servis Sağlayıcı arasında güvenli erişim sağlayacak altyapıyı sağlamaktır. Bu altyapı, Mobil Şebeke Üreticisi, Kullanıcı, Servis Sağlayıcı ve Kart Üreticisi arasındaki anlaşmalara dayanan bir forma sahiptir. İşlemleri güvence altına almak için, her iki tarafın da iddia ettikleri taraflar olduklarını doğrulayabilmeleri temelinde kimlik doğrulama yöntemleri kullanılmaktadır. Bu çalışmada, literatürdeki anahtar değişim ve kimlik doğrulama modelleri derlenmiş ve parola tabanlı kimlik doğrulama modeli üzerinde durulmuştur. SIMSec protokolü için, parola tabanlı kimlik doğrulama algoritması SIMSec protokolüne entegre edilmiştir. Önerilen yeni yapı sayesinde, SIMSec protokolünde faz farklılıkları meydana gelmiştir. Sonuç olarak, SIM kartlar için yeni bir anahtar değişim protokolü önerilmiştir.

Supporting Institution

Ondokuz Mayıs Üniversitesi

Project Number

PYO.MUH.1906.17.003

References

  • [1] C. Boyd and A. Mathuria, “Protocols for Authentication and Key Establishment,” Springer Science and Business Media, 2013. [2] P. W. Shor, “Algoritms for quantum computation: discrete logarithms and factoring,” IEEE Computer Society Press, pp. 124-134. [3] S. M. Bellovin and M. Merritt, “Encrypted key exchange: Password-based protocols secure against dictionary attacks, ” Computer Society Press, 1992, pp. 72-84. [4] M. Bellare, D. Pointcheval and P. Rogaway, “Authenticated key exchange secure against dictionary attacks,” Lecture Notes in Computer Science, vol. 1807, pp. 139-155, 2000. [5] V. Boyko, P. MacKenzie and S. Patel, “Provably secure password authenticated key exchange using Diffie-Hellman,” Lecture Notes in Computer Science, vol. 1807, pp. 156-171, 2000. [6] P. MacKenzie, “The PAK suite: Protocols for password-authenticated key exchange, ” Technical Report, 2002-46, DIMACS, October 2002. [7] P.MacKenzie. “More efficient password-authenticated key exchange,” In D. Naccache, editor, Topics in Cryptology - CT-RSA 2001, Lecture Notes in Computer Science, vol. 2020. [8] A. Lenstra and E. Verheul, “The XTR public key system,” Lecture Notes in Computer Science, vol. 1880, pp. 1-19, 2000. [9] C. P. Schnorr, “Efficient identification and signatures for smart cards,” In G. Brassard, editor, Advances in Cryptology - Crypto '89, Lecture Notes in Computer Science, vol. 435, pp. 239-252, 1990. [10] D. P. Jablon, “Strong password-only authenticated key exchange,” ACM Computer Communication Review, vol. 26(5), pp. 5-26, October 1996. [11] P. MacKenzie, “On the security of the SPEKE password - authenticated key exchange protocol,” July 2001. [12] D. Jablon, “IEEE. P1363.2 Standard specifications for password-based public-key cryptographic techniques,” Phoenix Technologies, December 2002. [13] C. Kaufman and R. Perlman, “PDM: A new strong password-based protocol,” In 10th USENIX Security Symposium, August 2001. [14] D. P. Jablon. “Extended password key exchange protocols immune to dictionary attack” In 6th International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises, pp. 248-255. IEEE Press, 1997. [15] T. Wu, “The secure remote password protocol,” In Network and Distributed System Security Symposium, Internet Society, February 1998. [16] T. Kwon, “Ultimate solution to authentication via memorable password,” IEEE P1363 Standards Group contibution, 2000. [17] K. Ok, V. Coskun, S. B. Yarman, C. Cevikbas and B. Ozdenizci, “SIMSec; A key exchange protocol between SIM card and service provider,” Wireless Personal Communications, vol. 89(4), pp. 1371-1390, 2016.

Password-Based SIMSec Protocol

Year 2020, , 1021 - 1030, 30.09.2020
https://doi.org/10.24012/dumf.753942

Abstract

The purpose of the SIMSec protocol is to provide the infrastructure to enable secured access between the SIM (Subscriber Identity Module) card which doesn’t have an ephemeral key installed during production and the service provider. This infrastructure has a form based on agreements among the mobile network manufacturer, the user, the service provider and the card manufacturer. In order to secure transactions, authentication methods are used based on the fact that both parties can verify that they are the parties they claim to be. In this study, the key exchange and authentication models in the literature have been surveyed and the password-based authentication model is chosen. For the SIMSec protocol, the password-based authentication algorithm is integrated into the SIMSec protocol. Thanks to the proposed new structure, phase differences in the SIMSec protocol are shown. As a result, a new key exchange protocol is proposed for SIM cards.

Project Number

PYO.MUH.1906.17.003

References

  • [1] C. Boyd and A. Mathuria, “Protocols for Authentication and Key Establishment,” Springer Science and Business Media, 2013. [2] P. W. Shor, “Algoritms for quantum computation: discrete logarithms and factoring,” IEEE Computer Society Press, pp. 124-134. [3] S. M. Bellovin and M. Merritt, “Encrypted key exchange: Password-based protocols secure against dictionary attacks, ” Computer Society Press, 1992, pp. 72-84. [4] M. Bellare, D. Pointcheval and P. Rogaway, “Authenticated key exchange secure against dictionary attacks,” Lecture Notes in Computer Science, vol. 1807, pp. 139-155, 2000. [5] V. Boyko, P. MacKenzie and S. Patel, “Provably secure password authenticated key exchange using Diffie-Hellman,” Lecture Notes in Computer Science, vol. 1807, pp. 156-171, 2000. [6] P. MacKenzie, “The PAK suite: Protocols for password-authenticated key exchange, ” Technical Report, 2002-46, DIMACS, October 2002. [7] P.MacKenzie. “More efficient password-authenticated key exchange,” In D. Naccache, editor, Topics in Cryptology - CT-RSA 2001, Lecture Notes in Computer Science, vol. 2020. [8] A. Lenstra and E. Verheul, “The XTR public key system,” Lecture Notes in Computer Science, vol. 1880, pp. 1-19, 2000. [9] C. P. Schnorr, “Efficient identification and signatures for smart cards,” In G. Brassard, editor, Advances in Cryptology - Crypto '89, Lecture Notes in Computer Science, vol. 435, pp. 239-252, 1990. [10] D. P. Jablon, “Strong password-only authenticated key exchange,” ACM Computer Communication Review, vol. 26(5), pp. 5-26, October 1996. [11] P. MacKenzie, “On the security of the SPEKE password - authenticated key exchange protocol,” July 2001. [12] D. Jablon, “IEEE. P1363.2 Standard specifications for password-based public-key cryptographic techniques,” Phoenix Technologies, December 2002. [13] C. Kaufman and R. Perlman, “PDM: A new strong password-based protocol,” In 10th USENIX Security Symposium, August 2001. [14] D. P. Jablon. “Extended password key exchange protocols immune to dictionary attack” In 6th International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises, pp. 248-255. IEEE Press, 1997. [15] T. Wu, “The secure remote password protocol,” In Network and Distributed System Security Symposium, Internet Society, February 1998. [16] T. Kwon, “Ultimate solution to authentication via memorable password,” IEEE P1363 Standards Group contibution, 2000. [17] K. Ok, V. Coskun, S. B. Yarman, C. Cevikbas and B. Ozdenizci, “SIMSec; A key exchange protocol between SIM card and service provider,” Wireless Personal Communications, vol. 89(4), pp. 1371-1390, 2016.
There are 1 citations in total.

Details

Primary Language English
Journal Section Articles
Authors

Sedat Akleylek

Engin Karacan 0000-0002-2306-6008

Project Number PYO.MUH.1906.17.003
Publication Date September 30, 2020
Submission Date June 17, 2020
Published in Issue Year 2020

Cite

IEEE S. Akleylek and E. Karacan, “Password-Based SIMSec Protocol”, DÜMF MD, vol. 11, no. 3, pp. 1021–1030, 2020, doi: 10.24012/dumf.753942.
DUJE tarafından yayınlanan tüm makaleler, Creative Commons Atıf 4.0 Uluslararası Lisansı ile lisanslanmıştır. Bu, orijinal eser ve kaynağın uygun şekilde belirtilmesi koşuluyla, herkesin eseri kopyalamasına, yeniden dağıtmasına, yeniden düzenlemesine, iletmesine ve uyarlamasına izin verir. 24456