User Authentication Scheme offering User Anonymity and Untraceability based on Symmetric Key Cryptographic Algorithm

Abstract

Establishment and focus: As network technology has developed, provision of necessary services via network connections has become available at any time and place. Different forms of security threats in the new network environment, unlike the ones in the previous, has emerged and new security techniques is required to respond to the threats. In this thesis, to secure the user anonymity of users transmitting-receiving messages, unilateral hash function is applied to user information so that the information can maintain confidentiality of its login message during transmission. Attackers cannot identify any transmitter-receiver information from the messages with confidentiality maintained. Hence, untraceability is ensured. By using time stamps for session key generation, forward confidentiality is retained. If forward confidentiality is retained, attacks cannot speculate future session keys despite of their acquisitions of sessions keys used in prior.
System: In the user authentication scheme proposed in the thesis, first, users and servers can perform mutual authentication. If users create login messages using their registered information in server and send the messages to the server, the server compares the login message contents and registered user data to identify an authorized user. The server, authenticated a user who received a login message, uses the login message contents and user information stored for generation and transfer of a message including required information for user authentication. The users who received the messages from the server can identify whether the message receiver is an authorized server by referring to the message contents and self-generated data. Second, user anonymity and untraceability are provided. User information in a message needed for login and authentication is included as a figure with a unilateral hash function and the message is transmitted after being encrypted through symmetric-key cryptographic Algorithm. Accordingly, user anonymity is secured as attackers cannot identify any of user information through message tapping, thus untraceability of a message is maintained as the attackers cannot identify any of message transmitters and receivers. Third, users login into smartcards by using ID, password and biometrics. Attackers who captured a smartcard cannot obtain ID, password and biometrics, and cannot login into the smartcard without the data. Fourth, forward confidentiality is maintained. Attackers who acquired previous session keys cannot presume any future session keys to be generated. This thesis proposes a symmetric key cryptographic authentication scheme which is more efficient in arithmetic operations than a public key cryptosystem, and the technique involves mutual authentication, ensures anonymity and untraceability, and secures responses to impersonation attacks and forward confidentiality.