OutlineIntroduction

Continued FractionsContinued Fraction’s Authentication

Questions

Presentation: On the use of continued fractionsfor mutual authentication

Amadou Moctar Kane

Ksecurityamadou1@gmail.com

May 4, 2015

Amadou Moctar Kane Presentation: On the use of continued fractions for mutual authentication

OutlineIntroduction

Continued FractionsContinued Fraction’s Authentication

Questions

1 Introduction

2 Continued Fractions

3 Continued Fraction’s AuthenticationThe Needham-Schroeder protocolOur Contribution

4 Questions

Amadou Moctar Kane Presentation: On the use of continued fractions for mutual authentication

OutlineIntroduction

Continued FractionsContinued Fraction’s Authentication

Questions

Goals

After Diffie-Hellman: Fermat’s little theorem, LinearizationXL, graph theory. . .

Continued Fraction

How to use?Quadratic irrational?Γ?

Amadou Moctar Kane Presentation: On the use of continued fractions for mutual authentication

OutlineIntroduction

Continued FractionsContinued Fraction’s Authentication

Questions

Goals

After Diffie-Hellman: Fermat’s little theorem, LinearizationXL, graph theory. . .

Continued Fraction

How to use?Quadratic irrational?Γ?

Amadou Moctar Kane Presentation: On the use of continued fractions for mutual authentication

OutlineIntroduction

Continued FractionsContinued Fraction’s Authentication

Questions

Goals

After Diffie-Hellman: Fermat’s little theorem, LinearizationXL, graph theory. . .

Continued Fraction

How to use?

Quadratic irrational?Γ?

Amadou Moctar Kane Presentation: On the use of continued fractions for mutual authentication

OutlineIntroduction

Continued FractionsContinued Fraction’s Authentication

Questions

Goals

After Diffie-Hellman: Fermat’s little theorem, LinearizationXL, graph theory. . .

Continued Fraction

How to use?Quadratic irrational?

Γ?

Amadou Moctar Kane Presentation: On the use of continued fractions for mutual authentication

OutlineIntroduction

Continued FractionsContinued Fraction’s Authentication

Questions

Goals

After Diffie-Hellman: Fermat’s little theorem, LinearizationXL, graph theory. . .

Continued Fraction

How to use?Quadratic irrational?Γ?

Amadou Moctar Kane Presentation: On the use of continued fractions for mutual authentication

OutlineIntroduction

Continued FractionsContinued Fraction’s Authentication

Questions

Continued Fractions

An expression of the form

α := a0 +b0

a1 +b1

a2 +b2

. . .

is called a generalized continued fraction. Typically, the numbersa1, . . . , b1, . . . may be real or complex, and the expansion may befinite or infinite.

Amadou Moctar Kane Presentation: On the use of continued fractions for mutual authentication

OutlineIntroduction

Continued FractionsContinued Fraction’s Authentication

Questions

Preliminaries

It is not possible to find an irrational number α simply on thebasis of knowledge of the partial quotients [am+1, . . . , am+n].

The knowledge of a = [am+1, . . . , am+n] does not allow toknow any other partial quotients of continued fractionexpansion.r√

log(A) is transcendental.

Amadou Moctar Kane Presentation: On the use of continued fractions for mutual authentication

OutlineIntroduction

Continued FractionsContinued Fraction’s Authentication

Questions

Preliminaries

It is not possible to find an irrational number α simply on thebasis of knowledge of the partial quotients [am+1, . . . , am+n].

The knowledge of a = [am+1, . . . , am+n] does not allow toknow any other partial quotients of continued fractionexpansion.

r√

log(A) is transcendental.

Amadou Moctar Kane Presentation: On the use of continued fractions for mutual authentication

OutlineIntroduction

Continued FractionsContinued Fraction’s Authentication

Questions

Preliminaries

It is not possible to find an irrational number α simply on thebasis of knowledge of the partial quotients [am+1, . . . , am+n].

The knowledge of a = [am+1, . . . , am+n] does not allow toknow any other partial quotients of continued fractionexpansion.r√

log(A) is transcendental.

Amadou Moctar Kane Presentation: On the use of continued fractions for mutual authentication

OutlineIntroduction

Continued FractionsContinued Fraction’s Authentication

Questions

The Needham-Schroeder protocolOur Contribution

Authentication

Continued Fraction’sAuthentication

Amadou Moctar Kane Presentation: On the use of continued fractions for mutual authentication

OutlineIntroduction

Continued FractionsContinued Fraction’s Authentication

Questions

The Needham-Schroeder protocolOur Contribution

Authentication

Entity authentication is the process whereby one party is assured ofthe identity of a second party involved in a protocol, and that thesecond has actually participated.

Amadou Moctar Kane Presentation: On the use of continued fractions for mutual authentication

OutlineIntroduction

Continued FractionsContinued Fraction’s Authentication

Questions

The Needham-Schroeder protocolOur Contribution

Authentication Tools

passwords, Tokens, Certificates

Biometric tools, . . .

Amadou Moctar Kane Presentation: On the use of continued fractions for mutual authentication

OutlineIntroduction

Continued FractionsContinued Fraction’s Authentication

Questions

The Needham-Schroeder protocolOur Contribution

Authentication Tools

passwords, Tokens, Certificates

Biometric tools, . . .

Amadou Moctar Kane Presentation: On the use of continued fractions for mutual authentication

OutlineIntroduction

Continued FractionsContinued Fraction’s Authentication

Questions

The Needham-Schroeder protocolOur Contribution

several authentication protocols

Needham-Schroeder.

Kerberos.

Wide Mouthed Frog.

Woo-Lam.

Amadou Moctar Kane Presentation: On the use of continued fractions for mutual authentication

OutlineIntroduction

Continued FractionsContinued Fraction’s Authentication

Questions

The Needham-Schroeder protocolOur Contribution

several authentication protocols

Needham-Schroeder.

Kerberos.

Wide Mouthed Frog.

Woo-Lam.

Amadou Moctar Kane Presentation: On the use of continued fractions for mutual authentication

OutlineIntroduction

Continued FractionsContinued Fraction’s Authentication

Questions

The Needham-Schroeder protocolOur Contribution

several authentication protocols

Needham-Schroeder.

Kerberos.

Wide Mouthed Frog.

Woo-Lam.

Amadou Moctar Kane Presentation: On the use of continued fractions for mutual authentication

OutlineIntroduction

Continued FractionsContinued Fraction’s Authentication

Questions

The Needham-Schroeder protocolOur Contribution

several authentication protocols

Needham-Schroeder.

Kerberos.

Wide Mouthed Frog.

Woo-Lam.

Amadou Moctar Kane Presentation: On the use of continued fractions for mutual authentication

OutlineIntroduction

Continued FractionsContinued Fraction’s Authentication

Questions

The Needham-Schroeder protocolOur Contribution

The Needham-Schroeder protocol without the server

Table: The Needham-Schroeder protocol in brief

Alice BobE(Na,A:PKB)−−−−−−−−→E(Na,Nb:PKA)←−−−−−−−−−E(Nb:PKB)−−−−−−−→

Amadou Moctar Kane Presentation: On the use of continued fractions for mutual authentication

OutlineIntroduction

Continued FractionsContinued Fraction’s Authentication

Questions

The Needham-Schroeder protocolOur Contribution

The Lowe’s Attack

Table: The Lowe’s Attack

Alice Intruder BankE(Na,A:PKI )−−−−−−−−→

E(Na,A:PKB)−−−−−−−−→E(Na,Nb:PKA)←−−−−−−−−−

E(Na,Nb:PKA)←−−−−−−−−−E(Nb:PKI )−−−−−−→

E(Nb:PKB)−−−−−−−→

Amadou Moctar Kane Presentation: On the use of continued fractions for mutual authentication

OutlineIntroduction

Continued FractionsContinued Fraction’s Authentication

Questions

The Needham-Schroeder protocolOur Contribution

The Needham-Schroeder-Lowe protocol

Table: The Needham-Schroeder-Lowe protocol

Alice BobE(Na,A:PKB)−−−−−−−−→E(B,Na,Nb:PKA)←−−−−−−−−−−E(Nb:PKB)−−−−−−−→

Amadou Moctar Kane Presentation: On the use of continued fractions for mutual authentication

OutlineIntroduction

Continued FractionsContinued Fraction’s Authentication

Questions

The Needham-Schroeder protocolOur Contribution

Attack on Needham-Schroeder-Lowe

The Attacker has an access to Alice computer.

The Attacker finds this messageE (Bank of Canada,Na,Nb : PKA) and

Amadou Moctar Kane Presentation: On the use of continued fractions for mutual authentication

OutlineIntroduction

Continued FractionsContinued Fraction’s Authentication

Questions

The Needham-Schroeder protocolOur Contribution

Attack on Needham-Schroeder-Lowe

The Attacker has an access to Alice computer.

The Attacker finds this messageE (Bank of Canada,Na,Nb : PKA) and

Amadou Moctar Kane Presentation: On the use of continued fractions for mutual authentication

OutlineIntroduction

Continued FractionsContinued Fraction’s Authentication

Questions

The Needham-Schroeder protocolOur Contribution

Attack on our algorithm

The Attacker has an access to Alice computer.

The Attacker finds this message E (a2, a3, a4, a5, a6, a7, a8,a9, a10, Nb; PKA) and

Amadou Moctar Kane Presentation: On the use of continued fractions for mutual authentication

OutlineIntroduction

Continued FractionsContinued Fraction’s Authentication

Questions

The Needham-Schroeder protocolOur Contribution

Attack on our algorithm

The Attacker has an access to Alice computer.

The Attacker finds this message E (a2, a3, a4, a5, a6, a7, a8,a9, a10, Nb; PKA) and

Amadou Moctar Kane Presentation: On the use of continued fractions for mutual authentication

OutlineIntroduction

Continued FractionsContinued Fraction’s Authentication

Questions

The Needham-Schroeder protocolOur Contribution

Identities

Wide Mouthed Frog: A, {Ta,B,Kab}Kas

Woo-Lam: P → Q : {P,Q,N1,N2}Kps

Yahalom: A→ B : A,Na

Boyd-Mao: A→ B : A, ra

. . .

Amadou Moctar Kane Presentation: On the use of continued fractions for mutual authentication

OutlineIntroduction

Continued FractionsContinued Fraction’s Authentication

Questions

The Needham-Schroeder protocolOur Contribution

Identities

Wide Mouthed Frog: A, {Ta,B,Kab}Kas

Woo-Lam: P → Q : {P,Q,N1,N2}Kps

Yahalom: A→ B : A,Na

Boyd-Mao: A→ B : A, ra

. . .

Amadou Moctar Kane Presentation: On the use of continued fractions for mutual authentication

OutlineIntroduction

Continued FractionsContinued Fraction’s Authentication

Questions

The Needham-Schroeder protocolOur Contribution

Identities

Wide Mouthed Frog: A, {Ta,B,Kab}Kas

Woo-Lam: P → Q : {P,Q,N1,N2}Kps

Yahalom: A→ B : A,Na

Boyd-Mao: A→ B : A, ra

. . .

Amadou Moctar Kane Presentation: On the use of continued fractions for mutual authentication

OutlineIntroduction

Continued FractionsContinued Fraction’s Authentication

Questions

The Needham-Schroeder protocolOur Contribution

Identities

Wide Mouthed Frog: A, {Ta,B,Kab}Kas

Woo-Lam: P → Q : {P,Q,N1,N2}Kps

Yahalom: A→ B : A,Na

Boyd-Mao: A→ B : A, ra

. . .

Amadou Moctar Kane Presentation: On the use of continued fractions for mutual authentication

OutlineIntroduction

Continued FractionsContinued Fraction’s Authentication

Questions

The Needham-Schroeder protocolOur Contribution

Identities

In order to avoid some attacks, we can remove the identity ofthe principal by

1 By removing this message ” Hi, I am B” if the principals canguess the identities (street, time, Artificial Intelligence...).

2 Using a key for this message: ”passphrase”, and another keyfor the authentication itself.

3 By group signature (Bichsel et al, Boneh et al, Chaum . . . ).4 Anonymous credential systems (Brands, Chaum, . . . ).

Amadou Moctar Kane Presentation: On the use of continued fractions for mutual authentication

OutlineIntroduction

Continued FractionsContinued Fraction’s Authentication

Questions

The Needham-Schroeder protocolOur Contribution

Identities

In order to avoid some attacks, we can remove the identity ofthe principal by

1 By removing this message ” Hi, I am B” if the principals canguess the identities (street, time, Artificial Intelligence...).

2 Using a key for this message: ”passphrase”, and another keyfor the authentication itself.

3 By group signature (Bichsel et al, Boneh et al, Chaum . . . ).4 Anonymous credential systems (Brands, Chaum, . . . ).

Amadou Moctar Kane Presentation: On the use of continued fractions for mutual authentication

OutlineIntroduction

Continued FractionsContinued Fraction’s Authentication

Questions

The Needham-Schroeder protocolOur Contribution

Identities

In order to avoid some attacks, we can remove the identity ofthe principal by

1 By removing this message ” Hi, I am B” if the principals canguess the identities (street, time, Artificial Intelligence...).

2 Using a key for this message: ”passphrase”, and another keyfor the authentication itself.

3 By group signature (Bichsel et al, Boneh et al, Chaum . . . ).4 Anonymous credential systems (Brands, Chaum, . . . ).

Amadou Moctar Kane Presentation: On the use of continued fractions for mutual authentication

OutlineIntroduction

Continued FractionsContinued Fraction’s Authentication

Questions

The Needham-Schroeder protocolOur Contribution

Identities

In order to avoid some attacks, we can remove the identity ofthe principal by

1 By removing this message ” Hi, I am B” if the principals canguess the identities (street, time, Artificial Intelligence...).

2 Using a key for this message: ”passphrase”, and another keyfor the authentication itself.

3 By group signature (Bichsel et al, Boneh et al, Chaum . . . ).

4 Anonymous credential systems (Brands, Chaum, . . . ).

Amadou Moctar Kane Presentation: On the use of continued fractions for mutual authentication

OutlineIntroduction

Continued FractionsContinued Fraction’s Authentication

Questions

The Needham-Schroeder protocolOur Contribution

Identities

In order to avoid some attacks, we can remove the identity ofthe principal by

1 By removing this message ” Hi, I am B” if the principals canguess the identities (street, time, Artificial Intelligence...).

2 Using a key for this message: ”passphrase”, and another keyfor the authentication itself.

3 By group signature (Bichsel et al, Boneh et al, Chaum . . . ).4 Anonymous credential systems (Brands, Chaum, . . . ).

Amadou Moctar Kane Presentation: On the use of continued fractions for mutual authentication

OutlineIntroduction

Continued FractionsContinued Fraction’s Authentication

Questions

The Needham-Schroeder protocolOur Contribution

Preliminaries

The bi ’s are computed as follows:

We apply the hash function SHA1 on A’s public key and weobtain YA = SHA1(PKA).

We divide the string obtain in the previous step in ten parts,and we obtain YA = (b1, b2, . . . , b10).

Amadou Moctar Kane Presentation: On the use of continued fractions for mutual authentication

OutlineIntroduction

Continued FractionsContinued Fraction’s Authentication

Questions

The Needham-Schroeder protocolOur Contribution

Preliminaries

The bi ’s are computed as follows:

We apply the hash function SHA1 on A’s public key and weobtain YA = SHA1(PKA).

We divide the string obtain in the previous step in ten parts,and we obtain YA = (b1, b2, . . . , b10).

Amadou Moctar Kane Presentation: On the use of continued fractions for mutual authentication

OutlineIntroduction

Continued FractionsContinued Fraction’s Authentication

Questions

The Needham-Schroeder protocolOur Contribution

Preliminaries 1

The bi ’s are used in the generalized continued fraction.

α := a0 +b0

a1 +b1

a2 +b2

. . .

Amadou Moctar Kane Presentation: On the use of continued fractions for mutual authentication

OutlineIntroduction

Continued FractionsContinued Fraction’s Authentication

Questions

The Needham-Schroeder protocolOur Contribution

The new protocol

Table: The new protocol

Alice New York TimesE(Na:PKNYTimes)−−−−−−−−−−→E((FC ′( 3√logNa;YAYB),Nb:PKA)←−−−−−−−−−−−−−−−−−−−E((FC ′( 3√logNb;YBYA)):PKNYTimes)−−−−−−−−−−−−−−−−−−−−−→

Amadou Moctar Kane Presentation: On the use of continued fractions for mutual authentication

OutlineIntroduction

Continued FractionsContinued Fraction’s Authentication

Questions

The Needham-Schroeder protocolOur Contribution

The Lowe’s Attack on the new protocol

Table: The Lowe’s Attack on the new protocol

Alice Intruder BobE(Na:PKI )−−−−−−→

E(Na:PKB)−−−−−−−→{FC ′( 3√logNa;YAYB),Nb}←−−−−−−−−−−−−−−−

{FC ′( 3√logNa;YAYB),Nb}←−−−−−−−−−−−−−−−

Amadou Moctar Kane Presentation: On the use of continued fractions for mutual authentication

OutlineIntroduction

Continued FractionsContinued Fraction’s Authentication

Questions

The Needham-Schroeder protocolOur Contribution

Attack using the lack of identity

Table: Attack using the lack of identity

Alice Intruder BobHi I am Bob←−−−−−−−E(Na:PKB)−−−−−−−→

E(Na:PKB) I am Intruder−−−−−−−−−−−−−−→{FC ′( 3√logNa;YAYI ),Nb}←−−−−−−−−−−−−−−−

Amadou Moctar Kane Presentation: On the use of continued fractions for mutual authentication

OutlineIntroduction

Continued FractionsContinued Fraction’s Authentication

Questions

The Needham-Schroeder protocolOur Contribution

Conclusion

1 Goal 1: I wanted to introduce the use of continued fractionsin authentication schemes.

Result: I designed an entity authentication protocol based onthe unpredictability of partial quotients and on the fact thatany irrational number admits an infinity of generalizedcontinued fraction expansion (following the partialnumerators).

2 Goal 2: I tried to adapt authentication systems to newchallenges as the cloud computing.

Result: I removed the identity of principals.

3 Goal 3: I wanted to use the rounding error as an advantage.

Result: The absence of agreement on the rounding errorsbetween the principal and the intruder will increase theprobability of failure of any attack.

Amadou Moctar Kane Presentation: On the use of continued fractions for mutual authentication

OutlineIntroduction

Continued FractionsContinued Fraction’s Authentication

Questions

The Needham-Schroeder protocolOur Contribution

Conclusion

1 Goal 1: I wanted to introduce the use of continued fractionsin authentication schemes.

Result: I designed an entity authentication protocol based onthe unpredictability of partial quotients and on the fact thatany irrational number admits an infinity of generalizedcontinued fraction expansion (following the partialnumerators).

2 Goal 2: I tried to adapt authentication systems to newchallenges as the cloud computing.

Result: I removed the identity of principals.

3 Goal 3: I wanted to use the rounding error as an advantage.

Result: The absence of agreement on the rounding errorsbetween the principal and the intruder will increase theprobability of failure of any attack.

Amadou Moctar Kane Presentation: On the use of continued fractions for mutual authentication

OutlineIntroduction

Continued FractionsContinued Fraction’s Authentication

Questions

The Needham-Schroeder protocolOur Contribution

Conclusion

1 Goal 1: I wanted to introduce the use of continued fractionsin authentication schemes.

Result: I designed an entity authentication protocol based onthe unpredictability of partial quotients and on the fact thatany irrational number admits an infinity of generalizedcontinued fraction expansion (following the partialnumerators).

2 Goal 2: I tried to adapt authentication systems to newchallenges as the cloud computing.

Result: I removed the identity of principals.

3 Goal 3: I wanted to use the rounding error as an advantage.

Result: The absence of agreement on the rounding errorsbetween the principal and the intruder will increase theprobability of failure of any attack.

Amadou Moctar Kane Presentation: On the use of continued fractions for mutual authentication

OutlineIntroduction

Continued FractionsContinued Fraction’s Authentication

Questions

The Needham-Schroeder protocolOur Contribution

Conclusion

1 Goal 1: I wanted to introduce the use of continued fractionsin authentication schemes.

Result: I designed an entity authentication protocol based onthe unpredictability of partial quotients and on the fact thatany irrational number admits an infinity of generalizedcontinued fraction expansion (following the partialnumerators).

2 Goal 2: I tried to adapt authentication systems to newchallenges as the cloud computing.

Result: I removed the identity of principals.

3 Goal 3: I wanted to use the rounding error as an advantage.

Result: The absence of agreement on the rounding errorsbetween the principal and the intruder will increase theprobability of failure of any attack.

Amadou Moctar Kane Presentation: On the use of continued fractions for mutual authentication

OutlineIntroduction

Continued FractionsContinued Fraction’s Authentication

Questions

For your attention

Thank you!

Amadou Moctar Kane Presentation: On the use of continued fractions for mutual authentication