Araştırma Makalesi
BibTex RIS Kaynak Göster

Parola Tabanlı SIMSec Protokolü

Yıl 2020, Cilt: 11 Sayı: 3, 1021 - 1030, 30.09.2020
https://doi.org/10.24012/dumf.753942

Öz

943/5000 SIMSec protokolünün amacı, üretim sırasında Geçici anahtarı takılmamış olan SIM kart ile Servis Sağlayıcı arasında güvenli erişim sağlayacak altyapıyı sağlamaktır. Bu altyapı, Mobil Şebeke Üreticisi, Kullanıcı, Servis Sağlayıcı ve Kart Üreticisi arasındaki anlaşmalara dayanan bir forma sahiptir. İşlemleri güvence altına almak için, her iki tarafın da iddia ettikleri taraflar olduklarını doğrulayabilmeleri temelinde kimlik doğrulama yöntemleri kullanılmaktadır. Bu çalışmada, literatürdeki anahtar değişim ve kimlik doğrulama modelleri derlenmiş ve parola tabanlı kimlik doğrulama modeli üzerinde durulmuştur. SIMSec protokolü için, parola tabanlı kimlik doğrulama algoritması SIMSec protokolüne entegre edilmiştir. Önerilen yeni yapı sayesinde, SIMSec protokolünde faz farklılıkları meydana gelmiştir. Sonuç olarak, SIM kartlar için yeni bir anahtar değişim protokolü önerilmiştir.

Destekleyen Kurum

Ondokuz Mayıs Üniversitesi

Proje Numarası

PYO.MUH.1906.17.003

Kaynakça

  • [1] C. Boyd and A. Mathuria, “Protocols for Authentication and Key Establishment,” Springer Science and Business Media, 2013. [2] P. W. Shor, “Algoritms for quantum computation: discrete logarithms and factoring,” IEEE Computer Society Press, pp. 124-134. [3] S. M. Bellovin and M. Merritt, “Encrypted key exchange: Password-based protocols secure against dictionary attacks, ” Computer Society Press, 1992, pp. 72-84. [4] M. Bellare, D. Pointcheval and P. Rogaway, “Authenticated key exchange secure against dictionary attacks,” Lecture Notes in Computer Science, vol. 1807, pp. 139-155, 2000. [5] V. Boyko, P. MacKenzie and S. Patel, “Provably secure password authenticated key exchange using Diffie-Hellman,” Lecture Notes in Computer Science, vol. 1807, pp. 156-171, 2000. [6] P. MacKenzie, “The PAK suite: Protocols for password-authenticated key exchange, ” Technical Report, 2002-46, DIMACS, October 2002. [7] P.MacKenzie. “More efficient password-authenticated key exchange,” In D. Naccache, editor, Topics in Cryptology - CT-RSA 2001, Lecture Notes in Computer Science, vol. 2020. [8] A. Lenstra and E. Verheul, “The XTR public key system,” Lecture Notes in Computer Science, vol. 1880, pp. 1-19, 2000. [9] C. P. Schnorr, “Efficient identification and signatures for smart cards,” In G. Brassard, editor, Advances in Cryptology - Crypto '89, Lecture Notes in Computer Science, vol. 435, pp. 239-252, 1990. [10] D. P. Jablon, “Strong password-only authenticated key exchange,” ACM Computer Communication Review, vol. 26(5), pp. 5-26, October 1996. [11] P. MacKenzie, “On the security of the SPEKE password - authenticated key exchange protocol,” July 2001. [12] D. Jablon, “IEEE. P1363.2 Standard specifications for password-based public-key cryptographic techniques,” Phoenix Technologies, December 2002. [13] C. Kaufman and R. Perlman, “PDM: A new strong password-based protocol,” In 10th USENIX Security Symposium, August 2001. [14] D. P. Jablon. “Extended password key exchange protocols immune to dictionary attack” In 6th International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises, pp. 248-255. IEEE Press, 1997. [15] T. Wu, “The secure remote password protocol,” In Network and Distributed System Security Symposium, Internet Society, February 1998. [16] T. Kwon, “Ultimate solution to authentication via memorable password,” IEEE P1363 Standards Group contibution, 2000. [17] K. Ok, V. Coskun, S. B. Yarman, C. Cevikbas and B. Ozdenizci, “SIMSec; A key exchange protocol between SIM card and service provider,” Wireless Personal Communications, vol. 89(4), pp. 1371-1390, 2016.

Password-Based SIMSec Protocol

Yıl 2020, Cilt: 11 Sayı: 3, 1021 - 1030, 30.09.2020
https://doi.org/10.24012/dumf.753942

Öz

The purpose of the SIMSec protocol is to provide the infrastructure to enable secured access between the SIM (Subscriber Identity Module) card which doesn’t have an ephemeral key installed during production and the service provider. This infrastructure has a form based on agreements among the mobile network manufacturer, the user, the service provider and the card manufacturer. In order to secure transactions, authentication methods are used based on the fact that both parties can verify that they are the parties they claim to be. In this study, the key exchange and authentication models in the literature have been surveyed and the password-based authentication model is chosen. For the SIMSec protocol, the password-based authentication algorithm is integrated into the SIMSec protocol. Thanks to the proposed new structure, phase differences in the SIMSec protocol are shown. As a result, a new key exchange protocol is proposed for SIM cards.

Proje Numarası

PYO.MUH.1906.17.003

Kaynakça

  • [1] C. Boyd and A. Mathuria, “Protocols for Authentication and Key Establishment,” Springer Science and Business Media, 2013. [2] P. W. Shor, “Algoritms for quantum computation: discrete logarithms and factoring,” IEEE Computer Society Press, pp. 124-134. [3] S. M. Bellovin and M. Merritt, “Encrypted key exchange: Password-based protocols secure against dictionary attacks, ” Computer Society Press, 1992, pp. 72-84. [4] M. Bellare, D. Pointcheval and P. Rogaway, “Authenticated key exchange secure against dictionary attacks,” Lecture Notes in Computer Science, vol. 1807, pp. 139-155, 2000. [5] V. Boyko, P. MacKenzie and S. Patel, “Provably secure password authenticated key exchange using Diffie-Hellman,” Lecture Notes in Computer Science, vol. 1807, pp. 156-171, 2000. [6] P. MacKenzie, “The PAK suite: Protocols for password-authenticated key exchange, ” Technical Report, 2002-46, DIMACS, October 2002. [7] P.MacKenzie. “More efficient password-authenticated key exchange,” In D. Naccache, editor, Topics in Cryptology - CT-RSA 2001, Lecture Notes in Computer Science, vol. 2020. [8] A. Lenstra and E. Verheul, “The XTR public key system,” Lecture Notes in Computer Science, vol. 1880, pp. 1-19, 2000. [9] C. P. Schnorr, “Efficient identification and signatures for smart cards,” In G. Brassard, editor, Advances in Cryptology - Crypto '89, Lecture Notes in Computer Science, vol. 435, pp. 239-252, 1990. [10] D. P. Jablon, “Strong password-only authenticated key exchange,” ACM Computer Communication Review, vol. 26(5), pp. 5-26, October 1996. [11] P. MacKenzie, “On the security of the SPEKE password - authenticated key exchange protocol,” July 2001. [12] D. Jablon, “IEEE. P1363.2 Standard specifications for password-based public-key cryptographic techniques,” Phoenix Technologies, December 2002. [13] C. Kaufman and R. Perlman, “PDM: A new strong password-based protocol,” In 10th USENIX Security Symposium, August 2001. [14] D. P. Jablon. “Extended password key exchange protocols immune to dictionary attack” In 6th International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises, pp. 248-255. IEEE Press, 1997. [15] T. Wu, “The secure remote password protocol,” In Network and Distributed System Security Symposium, Internet Society, February 1998. [16] T. Kwon, “Ultimate solution to authentication via memorable password,” IEEE P1363 Standards Group contibution, 2000. [17] K. Ok, V. Coskun, S. B. Yarman, C. Cevikbas and B. Ozdenizci, “SIMSec; A key exchange protocol between SIM card and service provider,” Wireless Personal Communications, vol. 89(4), pp. 1371-1390, 2016.
Toplam 1 adet kaynakça vardır.

Ayrıntılar

Birincil Dil İngilizce
Bölüm Makaleler
Yazarlar

Sedat Akleylek

Engin Karacan 0000-0002-2306-6008

Proje Numarası PYO.MUH.1906.17.003
Yayımlanma Tarihi 30 Eylül 2020
Gönderilme Tarihi 17 Haziran 2020
Yayımlandığı Sayı Yıl 2020 Cilt: 11 Sayı: 3

Kaynak Göster

IEEE S. Akleylek ve E. Karacan, “Password-Based SIMSec Protocol”, DÜMF MD, c. 11, sy. 3, ss. 1021–1030, 2020, doi: 10.24012/dumf.753942.
DUJE tarafından yayınlanan tüm makaleler, Creative Commons Atıf 4.0 Uluslararası Lisansı ile lisanslanmıştır. Bu, orijinal eser ve kaynağın uygun şekilde belirtilmesi koşuluyla, herkesin eseri kopyalamasına, yeniden dağıtmasına, yeniden düzenlemesine, iletmesine ve uyarlamasına izin verir. 24456