Parola Tabanlı SIMSec Protokolü

943/5000 SIMSec protokolünün amacı, üretim sırasında Geçici anahtarı takılmamış olan SIM kart ile Servis Sağlayıcı arasında güvenli erişim sağlayacak altyapıyı sağlamaktır. Bu altyapı, Mobil Şebeke Üreticisi, Kullanıcı, Servis Sağlayıcı ve Kart Üreticisi arasındaki anlaşmalara dayanan bir forma sahiptir. İşlemleri güvence altına almak için, her iki tarafın da iddia ettikleri taraflar olduklarını doğrulayabilmeleri temelinde kimlik doğrulama yöntemleri kullanılmaktadır. Bu çalışmada, literatürdeki anahtar değişim ve kimlik doğrulama modelleri derlenmiş ve parola tabanlı kimlik doğrulama modeli üzerinde durulmuştur. SIMSec protokolü için, parola tabanlı kimlik doğrulama algoritması SIMSec protokolüne entegre edilmiştir. Önerilen yeni yapı sayesinde, SIMSec protokolünde faz farklılıkları meydana gelmiştir. Sonuç olarak, SIM kartlar için yeni bir anahtar değişim protokolü önerilmiştir.

Anahtar Kelimeler:

kimlik denetimi

Password-Based SIMSec Protocol

The purpose of the SIMSec protocol is to provide the infrastructure to enable secured access between the SIM (Subscriber Identity Module) card which doesn’t have an ephemeral key installed during production and the service provider. This infrastructure has a form based on agreements among the mobile network manufacturer, the user, the service provider and the card manufacturer. In order to secure transactions, authentication methods are used based on the fact that both parties can verify that they are the parties they claim to be. In this study, the key exchange and authentication models in the literature have been surveyed and the password-based authentication model is chosen. For the SIMSec protocol, the password-based authentication algorithm is integrated into the SIMSec protocol. Thanks to the proposed new structure, phase differences in the SIMSec protocol are shown. As a result, a new key exchange protocol is proposed for SIM cards.

Keywords:

Authentication, Key, Exchange SIMSec,

PDF

___

[1] C. Boyd and A. Mathuria, “Protocols for Authentication and Key Establishment,” Springer Science and Business Media, 2013. [2] P. W. Shor, “Algoritms for quantum computation: discrete logarithms and factoring,” IEEE Computer Society Press, pp. 124-134. [3] S. M. Bellovin and M. Merritt, “Encrypted key exchange: Password-based protocols secure against dictionary attacks, ” Computer Society Press, 1992, pp. 72-84. [4] M. Bellare, D. Pointcheval and P. Rogaway, “Authenticated key exchange secure against dictionary attacks,” Lecture Notes in Computer Science, vol. 1807, pp. 139-155, 2000. [5] V. Boyko, P. MacKenzie and S. Patel, “Provably secure password authenticated key exchange using Diffie-Hellman,” Lecture Notes in Computer Science, vol. 1807, pp. 156-171, 2000. [6] P. MacKenzie, “The PAK suite: Protocols for password-authenticated key exchange, ” Technical Report, 2002-46, DIMACS, October 2002. [7] P.MacKenzie. “More efficient password-authenticated key exchange,” In D. Naccache, editor, Topics in Cryptology - CT-RSA 2001, Lecture Notes in Computer Science, vol. 2020. [8] A. Lenstra and E. Verheul, “The XTR public key system,” Lecture Notes in Computer Science, vol. 1880, pp. 1-19, 2000. [9] C. P. Schnorr, “Efficient identification and signatures for smart cards,” In G. Brassard, editor, Advances in Cryptology - Crypto '89, Lecture Notes in Computer Science, vol. 435, pp. 239-252, 1990. [10] D. P. Jablon, “Strong password-only authenticated key exchange,” ACM Computer Communication Review, vol. 26(5), pp. 5-26, October 1996. [11] P. MacKenzie, “On the security of the SPEKE password - authenticated key exchange protocol,” July 2001. [12] D. Jablon, “IEEE. P1363.2 Standard specifications for password-based public-key cryptographic techniques,” Phoenix Technologies, December 2002. [13] C. Kaufman and R. Perlman, “PDM: A new strong password-based protocol,” In 10th USENIX Security Symposium, August 2001. [14] D. P. Jablon. “Extended password key exchange protocols immune to dictionary attack” In 6th International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises, pp. 248-255. IEEE Press, 1997. [15] T. Wu, “The secure remote password protocol,” In Network and Distributed System Security Symposium, Internet Society, February 1998. [16] T. Kwon, “Ultimate solution to authentication via memorable password,” IEEE P1363 Standards Group contibution, 2000. [17] K. Ok, V. Coskun, S. B. Yarman, C. Cevikbas and B. Ozdenizci, “SIMSec; A key exchange protocol between SIM card and service provider,” Wireless Personal Communications, vol. 89(4), pp. 1371-1390, 2016.