A Certified Three Way Authentication Scheme For Trust Establishment In Online Social Networking Communication System

A Certified Three Way Authentication Scheme For Trust Establishment In Online Social Networking Communication System

Shresta N M Dept of CSE, BIT, VTU, India, ,Sowmya T Dept of CSE, BIT, VTU, India, Shravanthi T

Dept of CSE, BIT, VTU,India,

Abstract- Existing Online social networks (OSNs) such as Facebook, Twitter etc, provided direct communication to unknown users leading to security and privacy issues on OSNs , we propose a certified three way authentication scheme for authenticating multiple users to improve the efficiency and security of OSNs. In the proposed authentication scheme, three batch authentication protocols are proposed, adopting the one-way hash function, proxy encryption, and certificates as the underlying cryptosystems. The hash-based authentication protocol requires lower computational cost and is suitable for resource-limited devices. The proxy-based protocol is based on asymmetric encryption and can be used to exchange more information among users. The certificate based protocol guarantees nonrepudiation of transactions by signatures. Without a centralized authentication server, the proposed authentication scheme therefore facilitate the extension of an OSN with batched verifications. In this paper, we formally prove that the proposed batch authentication protocols are secure against both passive adversaries and impersonator attacks, can offer implicit key authentication, and require fewer messages to authenticate multiple users. We also show that our protocols can meet important security requirements, including mutual authentication, reputation, community authenticity, nonrepudiation, and flexibility. With these effective security features, our framework is appropriate for use in P2P-based OSNs.

Keywords- Authentication protocol, batch authentication, Online social networks (OSNs), Peer to peer (P2P).

1. INTRODUCTION

   Online social networks (OSNs) such as Facebook, Twitter are increasingly popular services. People can share information and pictures with old acquaintances, as well as relationships with friends. It is estimated that half a billion registered users interact with friends over OSNs. However, the weak authentication and registration process of current OSNs may lead to some security attacks. With the rapid growth of OSNs, more valuable information is stored on OSNs. Hence, the privacy and security issues inherent to OSNs have attracted much attention[1]. Peer-to-peer (P2P) technology is considered in the design of next- generation OSNs. As described in, a P2P-based OSN consists of the following three levels:

   1. The social network level represents members and their relationships;

   2. The application service level implements the P2P- based application infrastructure;

   3. The communication and transport level provides transport services over networks such as the Internet or mobile ad hoc networks.

   Relying on the cooperation between a number of independent parties who are also OSN users[2], a decentralized P2P architecture can be adopted with merits, including strong privacy protection, better scalability, and a lowered requirement for continuous Internet connectivity. Furthermore, a P2P architecture can take advantage of real social networks and geographic proximity to support local services.1 P2P- based OSNs is a relatively new trend.

   Existing protocols suffer from the following weaknesses.

   1. Most of the current security protocols for P2P-based OSNs lack specific procedures.

   2. In current security protocols for P2P-based OSNs, each user has to be authenticated by OOB methods, which may impede the extension speed of social networks.

   3. Most of the existing protocols support only one-to- one authentication.

   4. The existing protocols do not consider the restrictions of underlying devices such as computing power and memory limitations.

   This paper proposes a framework to take advantage of the P2P architecture, including geographic proximity. Under the proposed framework, three batch authentication protocols are designed, using different cryptographic primitives [5], for different devices in P2P-based OSNs.

   The novel contributions of this paper are listed as follows

   • The proposed framework reduces the communication cost required for authenticating users.

   • Due to their different security properties, the proposed protocols can be realized on a variety of devices such as personal digital assistants (PDAs), mobile phones, and laptops.

   • By incorporating different trust levels, the proposed protocols allow a user with a high trust level to help

     authenticate other users and achieve the extensibility of a social network.

   • The proposed protocols support a one-to-many authentication, which is the basis of batch authentication, to simultaneously authenticate multiple users. To the best of our knowledge, this paper is the first study that offers oneto- many batch authentication in P2P-based OSNs [7]. The proposed protocols are proved to be capable of mutually authenticating communication peers and remain secure against passive adversaries.

2. OVERVIEW OF THE PROPOSED THREE WAY AUTHENTICATION

   The proposed batch authentication protocols, which are composed of three roles, a requester UR, an authenticator UA, and a user group U, are operated based on the following assumptions.

   1. The requester UR and authenticator UA have negotiated a shared key by face-to-face preauthentication through a

      Location-limited channel.

   2. The authenticator UA is trusted by all his/her friends who are involved in the batch authentication.

   3. If two users UX and UY are friends, they have shared a secret key KXY.

   In the proposed protocol, UA helps UR authenticate the user group U, in which all users are friends of UA. After successful authentication, UR establishes a shared key

   KRi with each user Ui in the group (Ui U). We briefly explain our design concept by the following two cases.

   In the first case, we introduce a user group with only one user U1 (U = {U1}), as shown in Fig. 1(a). The message flow is given as follows.

   1. UR UA : AQR,A.

   2. UA U1 : CRA,1.

   3. U1 UR : CR1,R.

   4. UR U1 : MRR,1.

   The requester UR initiates a request to the authenticator UA. Then, UA helps contribute some parameters to UR and U1 at Steps 2 and 3. Finally, UR replies a message (MRR,1) at Step 4 for mutual authentication.

   The second case scales up the user group to n users (U

   ={U1, U2, . . . , Un}, and |U | = n),2 as shown in Fig. 1(b). The message flow is given as follows.

   1. UR UA : AQR,A.

   2. UA U1 : CRA,1.

   3. Ui1 Ui : CRi1,i, where 2 i |U |. 4) U|U | UR : CR|U |,R.

   5) UR Ui : MRR,i, where 1 i |U |.

   Similarly, UR sends a request to UA. The authentication requests (chain reply CRi,i+1) are then passed through U1, U2, . . . to Un at Steps 2 and 3. At Step 4, U|U | sends back the chain reply to UR. For mutual authentication, UR sends MRR,i to users Ui U .

   Fig 1. Message flows of batch authentication for (a) only one member and (b) several members in case n = 3.

   Parameters and Notations

3. PROPOSED PROTOCOLS

1. Message Integrity verifier protocol Step 1

   identication (UID = {ID1 , ID2 , . . . , ID|U | }), and the parameters of key agreement (KPR = {g m1 , g m2 , . . . , g

   U sends AQR,A to UA . AQR,A is composed of UR s identication (IDR ), a nonce (NR ), the user group

   UA computes V0 for UR , where V0=

   IDA, H(r, (KRA| t0))((h0| H KRA |NA|| Ûl1 wj , t0)

   m

   |U |

   }, where mi

   Zp

   ). The nonce is protected by a

   j=0

   Note that the unequal-bit-length problem can be solved

   secret key KRA that is shared by UR and UA . The group identication and key parameters are protected by the nonce. In addition, a message authentication code MACR =H(IDR , {KRA NR }, U IDH(r, (NR

   +1)),KPR H(r, (NR + 2)), (NR + 3)) is attended to ensure the integrity of message.

   Step 2

   Upon the receipt of AQR,A , UA derives NR by performing KRA {KRA NR } and checks the validity of MACR . If AQR,A is correct, the following steps are implemented.

   UA randomly generates an initial value h0 and a sequence of random numbers wi (for 0 i |U | 1). Then, UA constructs and maintains a chain of one-way hash values (hi = H(hi1 wi1 ) for 1 i |U |)

   UA derives the user group identification UID and the key parameters KPR by NR.

   by the specic length extension hash function H(r, msg) and V0 should be regarded as a single element from the view of calculation. As mentioned in the previous section, KRA is the shared key between UR and UA , NA and t0 are random challenges from UA ,

   j=0

   j=0

   and Ûl1 wjis a concatenation of w0 , w1 , . . . , w|U |1 . UA also computes Vi for Ui U , (1 i |U |), where Vi= IDA, H(r, (KRAi| ti))

   ((hi H KAi NRNA||gmi , ti)

   In Vi ( i 0 ), gmi is used for negotiating session keys KRi between UR and Ui in the end of the batch authentication.

   To eliminate the bandwidth requirements, we adopt the Chinese reminder theory (CRT) [17] to accommodate messages in a single message. Let B0 , B1 , B2 , . . . , B|U | be |U |+1 positive integers that are pairwise relative primes and A0 , A1 , A2 , . . . , A|U | be the multiplicative inverses of B0 , B1 , B2 , . . . , B|U | . UA

   computes a common solution X for the following congruous equations:

   X V0 mod B0 (for UR )

   X Vimod Bi (for Ui U, 1 i |U | ). By the CRT , we have

   X = ( Ûl / × × ) , where L = Ûl

   veried by H(KRA ) and M AC|U| .If validated, UR derives hi (1 i |U |) by h0 |U |1 from V0.

   =0

   =0

   UR also computes M|U | = H((NR + NA ) p ) H((NR + NA ) p ) · · · H((NR +NA ) h|U | ) and

   compares it with M|U | . If matched, the user group U is authenticated. Otherwise, at least one of the users fails

   =0

   Ai × ( L/Bi ) mod Bi 1.

   =0

   the authentication, and the session terminates.\

   UA calculates M ACA = H(X, NR + NA ) and sends the chain reply CRA,1 = {X, M ACA } to the rst user in the group (U1).

   Step 3

   After receiving CRA,1 = {X, M ACA }, the following steps are implemented.

   U1 retrieves V1 by calculating X mod B1 . Next, U1 obtains

   H(r, (KA1|| t1 )) (p|| H(KA1 ) NR + NA|| gm1 ) and t1 from V1 . U1 then uses the shared keys KA1 and t1 to derive hi , H(KA1 ), NR + NA , and g m1 .

   The validity of V1 and CRA,1 can be veried by H(KA1 ) and M ACA , respectively.

   The request is dropped when any invalidity is detected. Then, U1 computes

   M1 = H((NR +NA ) p ) and adds a key parameter g n1 to KPU .

   After the successful batch authentication, UR computes session keys SKRi = (g ni )mi for Ui (1 i |U |).

   For mutual authentication, UR calculates replie Si = H((NR + NA + 1) hi ) mod Bi . Again, by applying the CRT [17], we can nd a common solution for

   Y S1 mod B1

   Y S2 mod B2

   .

   .

   .

   Y S|U | mod B|U |

   Then, UR generates M ACR = H(Y, (NR +NA )) and sends M RR,i = {Y, M ACR }toUi (1 i |U |). In the case that UR cannot directly reach Ui , UA can be involved to help forward the messages.

   Step 5

   After receiving M RR,i from UR (or Ui1 ), the following

   U1 generates M AC1 = H(M1 , X, KPU(NR +NA )) and sendssteps are implemented.

   message CR1,2 = {M1 ,X, KPU , MAC1 } to the next gUroiuprst checks the validity of MACR.

   user

   The session is dropped if MACR fails the check

   U2 .For Ui U (2 < i |U |), the following steps repeat outnhteilrwise, Ui computes Si = Y mod Bi and checks the

   the

   chain reply passes through all group users.

   Ui get CRi1,i = {Mi1 , X, KPU ,M ACi1 } from Ui1 .

   Ui extracts Vi by X mod Bi . Similarly, Ui can obtain hi

   ,H(KAi ), NR + NA , g mi from Vi by the shared key KAi and random challenge ti.

   The validity of Vi and CRi1,i can be veried by H(KAi ) and

   MACi1 , respectively When any invalidity is detected, the request is dropped, and Ui reports the failure to UA . Then, Ui computes Mi = Mi1 H((NR + NA ) hi ) and adds a key parameter g ni to KPU

   Ui generates M ACi = H(Mi , X, KPU , (NR + NA )) and sends CRi,i+1 = {Mi , X, KPU ,MACi } to the next group user Ui+1

   Step 4

   Upon the receipt of the last chain reply CR|U |,R = {M|U | , X, KPU , M AC|U | }, the following steps are implemented.

   UR computes X and B0 and obtains V0 . With the shared key KRA and random challenge t0, UR derives h0 , H(KRA

   =0

   =0

   ), NA , and |U |1 from V0.

   Similarly, the authenticity of V0 and M AC|U | can be

   equality of Si , where Si =H((NR + NA + 1) hi ) (1 i

   |U |). If the equality holds, UR is authenticated; otherwise the session is terminated.

   After the successful batch authentication, Ui computes the session key SKRi = (g mi )ni Subsequent communications between UR and Ui can be protected by SKRi

2. Assymetric proxy encryption protocol Step 1

   The requester UR sets the shared key KRA as the seed of the ElGamal proxy encryption key and then starts the batch authentication protocol as follows.

   UR sends the authentication request AQR,A = {IDR , {C1, C2R }, KRA NR , UID H(r,(NR + 1)), MACR } to UA

   .

   Step 2

   Upon the receipt of AQR,A , the following steps are implemented.

   UA rst derives NR by the shared key KRA and extracts the UID by NR.

   Next, UA veries MACR and checks whether each Ui s trust level that is maintained by himself is higher than the predened trust threshold. If one of the verications fail, UA drops this session. Otherwise, UA computes V0 for UR and Vi for Ui U as

   =1

   =1

   V0 = { IDA,EKRA(NA, Ûl AJ,H(KRA))}

   EKAi (KRA + NR +NA+ Ûl Aj , H(KAi )) by KAi

   =1

   =1

   Ui checks the validity of H(KAi ) and MACi1 . The session is dropped if any invalidity is detected; otherwise

   Upon the receipt of CRi1,i , Ui derives Vi = X mod Bi

   =1 Aj , Ai

   =1 Aj , Ai

   and decrypts EKAi (KRA + NR + NA + Ûl , H(K

   =1

   =1

   Vi = { IDA,EKAi(KRA+NR+NA, Ûl AJ,H(KAi))}

   Similarly, by applying the CRT [17], we can accommodate all replies in a single message as

   )) by KAi.

   Ui checks the validity of H(KAi ) and MACi1 . The session is dropped if any invalidity is detected. otherwise, Ui computes

   X V0 mod B0 (for UR )

   C2i = C2i1 × C (KAi ) mod p= (g r(K

   + N +N + Ûl

   R A

   Aj

   X V1 mod B1 (for U1 )

   1 RA

   =1

   )gr(Kai))mod p= (g r(K

   + N +N + Ûl

   Aj ))mod p

   . U selects a parame

   RA R

   f

   A =1

   n g ni and attaches it

   . i ter o

   sessio

   key

   X Vi mod Bi (for Ui U ).

   =1

   =1

   As mentioned in section IV-A, by the CRT, we obtain X = ( Ûl ) mod L.

   based on the ElGamal proxy encryption schema, UA calculates

   C2A = (C2R × C1NR ) mod p

   = r × g r(NR ) mod p

   = g (KRA )r × g r(NR ) mod p

   = g r(KRA +NR ) mod p

   UA generates the message authentication code to protect

   to KPU . Then, Ui generates

   =1

   =1

   Ui sends CRi,i+1 = {C1, C2i , X, KPU, MACi } to the next user Ui+1 .

   Step 4

   After receiving CR|U |,R , the following steps are implemented.

   UR computesV0 = X mod B0 and decrypts V0 by KRA to

   obtain(NA + Ûl Aj , , H(KAi )).

   the integrity of the message, where

   =1

   U checks th

   ity of V

   by H(K

   ) and MAC

   . If

   MAC

   = H(C , C

   , X, (K

   +N +N + Ûl )) R

   e valid 0 RA

   |U |

   A 1 2A

   RA R A =1 AJ

   valid, UR computes

   UA sends CRA,1 = {C1, C2A , X, M ACA } to U1

   '= C2 Ûl × (C (KRA+NA+ Ûl Aj))-1

   1 =1

   =( gr(KRA+NA+ Ûl Aj)) × (gr(KRA+NA+ Ûl

   Aj))-1 mod

   Step 3

   =1

   p

   =1

   After receiving CRA,1 , the following steps are implemented.

   U1 extracts V1 = X mod B1 and decrypts

   Once U is authenticated, UR can extract the key parameters of session key g ni from KPU and negotiate session keys with Ui U . The session keys can be

   E (K

   + N + N

   + Ûl

   H(K

   )) by K .

   obtained by

   mi

   KAi RA R

   A =1 Aj, A1 A1

   SKRi = (g ni ) .

   U1 veries the integrity of V1 and CRA,1 by checking H(KA1 ) and MACA respectively. The request is dropped when any invalidity is detected.

   U1 calculates

   For mutual authentication and key agreement, UR computes C2 = C2 Ûl×C1NA mod p and MACR =

   =1

   =1

   H(C2.KRA+NR+NA+ Ûl Aj).Then, the message {C2 , M ACR } is sent to Ui i |U |). In the case that UR

   C21 = C2A × C (KA1 ) mod p

   (1

   = g r(K

   1

   ) × g r(K

   ) mod p

   cannot directly reach Ui , UA can be involved to help

   RA +NR A1

   = g r(KRA +NR +KA1 ) mod p

   U1 selects the parameter of the session key KPU = {g n1

   }.

   Because KA1 is shared with UA and U1,only legitimate U1 can decrypt V1 , add KA1 with

   =1

   =1

   KRA +NR +NA + Ûl Aj , and compute the message

   forward the messages.

   Step 5

   After receiving MRR,i from UR , the following steps are implemented.

   Ui veries the authenticity of MACR and computes

   authentication code

   n= C2 × (C (KRA+NA+ Ûl

   Aj))-1 mod p

   MAC =H(C , C , X, K , K

   + N + N

   + Ûl

   1 =1

   1 1 21

   PU RA R

   A =1 Aj

   = ( gr(KRA+NA+ Ûl

   Aj)) × (gr(KRA+NA+ Ûl

   Aj))-1 mod

   ). p.

   =1

   =1

   U1 sends CR1,2 = {C1, C21 , X, KPU,MAC1 } to U2

   For Ui U (2 < i |U |), the following steps repeat until the chain reply passes through all group users.

   Upon the receipt of CRi1,i , Ui derives Vi = X mod Bi and decrypts

   Ui also checks whether IDR is included in n If yes, UR is authenticated.

   Then, Ui generates the session key SKRi = (g mi )ni to protect the communication between UR and Ui .

3. Online/Offline certification management Protocol IV. FLOW CHART

The Online/Offline certification management protocol is proposed to guarantee the nonrepudiation of a transaction. In this protocol, we adopt the Shamir Tauman online/ofine signature [1] to enhance the security property. The authenticator UA , behaving as a local trusted certicate authority, helps deliver and verify certicates for the group users (Ui U ).

1. Requestor flow chart

   start

   1. UR UA : AQR,A ={P KA {IDR , NR ,U ID}, MACR

      }.

   2. UA UR : ARA,R = {P KR {NR + 1, T }, M ACA }.

   3. UR U1 : CRR,1 = {C1, X, MACA }.

   4. Ui1 Ui : CRi1,i = {C1, C2i , X, KPU , M ACi

   },where 2 i |U|

   5) U|U | UR : CR|U |,R = {C1, C2|U | , X, KPU , MAC|U | }.

   Exchanging session certificate

   View friends list

   Friends communicati on process

   Send UID nonce and private key(data)

   Generate MAC

   Generate MAC

   Send MAC and data

   Wait for response

   failed

   If response

   accept

   Approve accept client request

   Get details drop request

   Get details drop request

   Get user public key

   Send receive data via elgami proxy protocol

   Send receive data via elgami proxy protocol

2. Users Flow graph

   Start

   are based on asymmetric encryptions and signature methods to fulll the security requirements of sensitive transactions.

   Drop the Request

   Drop the Request

   NO Valid

   Wait for Friend request

   If Valid Get User Identity Generate Session Certificate for Requestor Send Private Key Data Transfer Process
   Send/Receive Data via Elgami Proxy Protocol

   If Valid Get User Identity Generate Session Certificate for Requestor Send Private Key Data Transfer Process
   Send/Receive Data via Elgami Proxy Protocol

   Process Request

   Verify Certificate

   REFERENCES

   1. C. Zhang, J. Sun, X. Zhu, and Y. Fang, Privacy and security for online social networks: Challenges and opportunities, IEEE Netw., vol. 24, no. 4, pp. 1318, Jul./Aug. 2010.

   2. D. Niyato, P. Wang, W. Saad, and A. Hjorungnes,

      Controlled coalitional games for cooperative mobile social networks, IEEE Trans. on Vehi. Tech., vol. 60, no. 4, pp. 18121824, May 2011.

   3. M. Ge, K.-Y. Lam, X. Wang, Z. Wan, and B. Jiang,

      VisualSec: A secure message delivery scheme for online social networks based on profile images, in Proc. IEEE GLOBECOM, 2009, pp. 16.

   4. S. Buchegger and A. Datta, A case for P2P infrastructure for social networks Opportunities and challenges, in Proc. WONS, 2009, pp. 161168.

   5. S. Buchegger, D. Schioberg, L. H. Vu, and A. Datta,

      PeerSoNP2P social networking: Early experiences and insights, in Proc. SocialNets, 2009, pp. 4652.

   6. L. A. Cutillo and R.Molva, Safebook: A privacy- preserving online social network leveraging on real-life trust, IEEE Commun. Mag., vol. 47, no. 12, pp. 94 101, Dec. 2009.

   7. U. Lee, J. Sewook, C. Dae-Ki, A. Chang, C. Junho, and M. Gerla, P2P content distribution to mobile Bluetooth users, IEEE Trans. Veh. Technol., vol. 59, no. 1, pp. 356367, Jan. 2010.

   8. S. Gokhale and P. Dasgupta, Distributed authentication for peer-topeer networks, in Proc. Appl. Internet Workshops, Jan. 2731, 2003, pp. 347353.

   9. H. Lee and K. Kim, An adaptive authentication protocol based on reputation for peer-to-peer system, in Proc. Symp. Crypto. Info. Sec., 2003, pp. 661666.

CONCLUSION

In this paper, we have designed Certified three way authentication schema which establish trust management for OSNs. We have also designed three way authentication protocols using the one-way hash function, ElGamal proxy encryption, and certicates for different situations and purposes. The massage integrity verifier protocol adopts light weight cryptosystems to reduce the computational costs. To offer higher security properties, the asymmetric proxy encryption protocol and Online/Offline certification management protocol