IJTPC(ISSN: 2322-3138 ), Vol. 3, July 2013. A Security Protocol for the Identification and Data Encrypt- Key Management of Secure Mobile Devices Chol-Un Kim , Dok-Jun An and Song Han Faculty of Mathematics, Kim Il Sung University, Pyongyang, D.P.R.K ABSTRACT In this paper, we proposed an identification and data encrypt key manage protocol that can be used in some security system based on such secure devices as secure USB memories or RFIDs, which are widely used for identifying persons or other objects recently. In general, the default functions of the security system using a mobile device are the authentication for the owner of the device and secure storage of data stored on the device. We proposed a security model that consists of the server and mobile devices in order to realize these security features. In this model we defined the secure communication protocol for the authentication and management of data encryption keys using a private key encryption algorithm with the public key between the server and mobile devices. In addition, we was performed the analysis for the attack to the communication protocol between the mobile device and server. Using the communication protocol, the system will attempt to authenticate the mobile device. The data decrypt key is transmitted only if the authentication process is successful. The data in the mobile device can be decrypted using the key. Our analysis proved that this Protocol ensures anonymity, prevents replay attacks and realizes the interactive identification between the security devices and the authentication server. Keywords security, user authentication, identification protocol, data encrypt key, secure USB 9, 10]. In these methods, encryp,on of disk block is 1. INTRODUCTION expressed as follows. Massive use of mobile storage media raises data security and user authentication problem seriously. =C OP(BE(OP(P, DEK, i), DEK), DEK, i) (1) Reliability of security system should not be based on system Here, BE is a block encryp,on func,on (AES, 3DES, etc.), OP mechanism or complexity of system analysis, and it should is an operation function (CBC, 2 (, ATS, etc.), DEK is a disk guarantee safety even if system mechanism or encryption encryption key, P is a plaintext, i is a block index and C is a algorithm is opened to third party. cipher text. As expression (1) shows, these disk encryp,on In the paper, we proposed an identification and data encrypt systems encrypt plaintext using symmetric-key algorithm key manage protocol for using in some user authentication through certain operation and apply this operation again to and disk encrypt system based on such secure devices as encrypted result. secure USB memories or RFIDs. We analyze security These disk encryption methods have some weakness in terms problems of existing disk encryption methods and of time passage and space expansion. iden,-ca,on protocol in sec,on . and describe our identification protocol and data encrypt key manage Temporal limitation protocol, in sec,on 3. In sec,on 0, we analy)e some security If third party succeeds to detect encryption key of a certain performance of our system. sector, data which is stored in this sector later can be decoded. Spatial limitation 2. PREVIOUS WORKS 1owadays, there are a lot of security system that are using If third party succeeds to detect encryption key of a certain such storage devices being capable of storing personal data block, whole data of disk is in danger of being decoded. securely as secure USB, smart card or FIDs. CBDE based encryption method which was implemented in Several different methods for disk encryption, such as FreeBSD overcame these temporal and spatial limitations to 2oopAES, EFS, TrueCrypt, 1Cryp5s, were suggested 6 7, 8, 8, a certain extent 67]. Although CBDE based disk encryp,on www.IJTPC.org 21 IJTPC(ISSN: 2322-3138 ), Vol. 3, July 2013. method overcomes temporal and spatial limitations of H I1,0J: K → I1,0J h : The h-bit cryptographic hash function previous disk encryption methods considerably, it still has that have the pre-image resistance and the collision some security problems to be solved. resistance cryptographic hash function ( h is a positive - Key-key for a given sector is fixed because it is decided integer) depending on the sector address. That is, when it was written PRNG : The pseudo-random generator new data on sector, sector key is encrypted by same key-key. implemented in the authentication server. (e suppose that - It is easy to get keychain used to encrypt plaintext data, if the bit length of random number generated by it cannot be the correlation between random data generated beyond the one of hash value of H ( h ). consecutively by P 1C is revealed, because it directly uses random data generated by P 1C as key for plaintext. PKE (L KeyGen E DPPP ),, : The secure public-key cryptosystems implemented in the authentication server and The SDMS Encrypt Method in [1] solved temporal limita,on secure storage devices. problem and spatial limitation problem of data encryption to a certain extent. And, SDMS can control security eP ,( d P ) : The pair of public and private key of performance flexibly according to the security reEuirements. PKE , generated by KeyGenP . It assumes that the decryption The master data encrypt key DEK in SDMS must be encrypted key (the private key) is only known to the authentication based on the user authentication information. However, it server. did not propose a specific Authentication protocol. SKE (L KeyGen E D SSS ),, : The secure symmetric-key There are also a lot of authentication protocols that are using cryptosystems implemented in the authentication server and mobile devices to identify the iden,ty of their users 6.-0]. But there are many protocols that have various security secure storage devices. weaknesses or not to be satisfied the reEuirements for PBKDF2 S,(P, c, dkLen) : The key derive function defined in applications. the PKCD#7 v..0 611]. For example, the protocols in 6., 3] expose the deviceFs ID, or cannot to be clear the reEuirements of anonymity and resistant for device traceability because of using fixed hash 3.2 The structure of secure storage device's value for each device, and the protocols in 60] have the signature problem that the load of authentication servers are rapidly This secure storage deviceFs signature Sig consists of ID increasing as the number of devices grows. D D and key for the secure storage devices D . In the next section, we present a user identification and data encrypt key manage protocol. Here, IDD is the uniEue random number for the device D , and key is the encryptNdecrypt key for data in the device D . The structure of signature Sig in the server is as follows: 3. OUR IDENTIFICATION AND DATA D ENCRYPT- KEY MANAGEMENT PROTOCOL In this paper, the authentication system consists of the secure storage devices being capable of storing the legitimate userGs ID and having some cryptographic computation Figure. The structure of signature SigD capability such as secure USB memories, smart cards or FIDs, the authentication server that maintains the IDs of all All signature Sig for any secure storage devices D are stored legitimate users on their internal database and confirms the D existence of the specific userGs ID in the ID database in the authentication server. responding to authentication reEuests, and the brokers which are placed between the secure devices and authentication server and transmit any messages of them 3.3 Our identification and key management (for example, the use authentication software on the protocol computer that the secure devices are connected). Our protocol consists of the preparation step and the authentication step. 6 The Preparation Step ] 3.1 Notations D : A specific (security) device Any secure storage device registered in the authentication system, D are maintained the random number rD generated IDD : The ID of the device D (namely, the ID of the legitimate device owner that the system has to identify) by the authentication server. The random number rD is uniEue for the device D , so it differs by devices. The rD : The random number generated by the authentication server must maintain the random numbers in authentication server and stored in the device D . some period for resisting the replay attacks and guarantee their uniEueness. It stores all signature for any secure Hello : The ID Euery message that the broker send to the SigD secure storage device. www.IJTPC.org 22 IJTPC(ISSN: 2322-3138 ), Vol. 3, July 2013. storage devices D in the system to its secure internal (5-3) Compare H(( H IDD )⊕rnew ) and the receipted hash database by making H( IDD ) as the search primary key. value H( y ) . If the two values match, the security [The Authentication Step ] device will get the identification and reliability for rnew , based on the (5-1). Step 1 : The broker starts the protocol run by sending the message Hello to the device D . (5-4) k ← PBKDF2 ( IDD , rnew , c, dkLen) Step 2 : The device D run the following actions by using (7-7) Sig ← D S (k , g ) its ID, IDD and the random number rD in its memory.. (5-6) Compare IDD of Sig and the IDD of the security (2-1) x ← H( IDD )⊕rD device. If the two values match, rnew should be kept (2-2) a ← E PP(,)e x and data in the security device should be decrypt using key of Sig . S (2-3) C ← E (,)x rD (2-4) Send to the authentication server (a , H ( x ), C , H ( rD )) 4. SECRITY INTERPRETATIONS through the broker. Step 3 : The authentication server performs the following [Theorem 1 ] This Protocol ensures anonymity .