Nt1330 Unit 3 Assignment 1

1763 Words8 Pages

Assumptions
The table below illustrates the symbols used in designing the two protocols.
Symbol Description Symbol Description
U User’s mobile phone IDU, IDs, IDv, IDr Identification of user’s mobile phone, server, vending machine and request fingerprint respectively.
S Server FP Fingerprint related data
V Vending machine PWU , PWV User’s password registered with server and Vending machine’s password registered with server respectively.
TU,Ts,Tv Timestamp of user’s mobile phone, server and vending machine respectively. KUS Shared secret key between user’s mobile and server
H ( ) One-way Hash function TN N time’s Time
|| Concatenation Ds Server Payment Decision
PI Payment information including IDv and price NU, NS Nonce …show more content…

Then, KUS is hashed with RU, Ns and T3, and this value is compared with the receiving value. If the two values are the same, then S authenticates U because Ns is the challenge response of U and U has the correct PWU. Thus, U can determine that KUS is correct during T3 and NU is correct. Otherwise, the server terminates the protocol. Thus, messages 2 and 3 authenticate the user’s mobile phone (U) for the server (S).
After successful authentication, S hashes FP, which is stored in S. then, S encrypts H (FP) and RU with KUS to U.
e. Step (5)
When U receives message 4, it decrypts the message with KUS and obtains H (FP) for use in the vending machine.
B) Protocol analysis

i. Messages 2 and 3 ensure that the user is the legitimate owner of the FP making the request. In message 2, Ns and NU are used to avoid replay attack, and H (Ns, NU, T2) is a challenge to U to obtain the same value of S. In message 3, the password (PWU) is only known by U and S, so if any attacker prevents U, the attacker cannot calculate KUS because the password is protected through the protocol and both NU and Ns are valid during TN. Both messages are sent to S to ensure that U is indeed U; thus, S can send FP to U …show more content…

The authentication is not only obtained by FP but also by TU. In addition, V needs TU with TV and PWV to obtain authentication from S. S has a record of the timestamp, so if TU is repeated or out of time, S will detect it. The protocol will then be terminated.

Reference
[1]Darwish, M., Ouda, A. and Capretz, L.F., 2015. A cloud-based secure authentication (CSA) protocol suite for defense against Denial of Service (DoS) attacks. Journal of Information Security and Applications, 20, pp.90-98.
[2]Gordon, M. and Sankaranarayanan, S., 2010, September. Biometric security mechanism in Mobile paymentts. In 2010 Seventh International Conference on Wireless and Optical Communications Networks-(WOCN) (pp. 1-6). IEEE.
[3]Leiwo, J., Aura, T. and Nikander, P., 2000. Towards network denial of service resistant protocols. In Information Security for Global Information Infrastructures (pp. 301-310). Springer US.
[4] Wu, T.D., 1998, March. The Secure Remote Password Protocol. In NDSS (Vol. 98, pp. 97-111).
[5]Xi, K., Ahmad, T., Han, F. and Hu, J., 2011. A fingerprint based bio‐cryptographic security protocol designed for client/server authentication in mobile computing environment. Security and Communication Networks, 4(5),

More about Nt1330 Unit 3 Assignment 1