System and method for providing identity hiding in a shared key authentication protocol
First Claim
1. A method of hiding an initiator'"'"'s identity (ID) in a shared key authentication protocol, the method comprising the steps of:
- applying, by an initiator, a function which cannot be readily inverted to the initiator'"'"'s ID to produce a Hint of the ID, the Hint of the ID enabling a receiver to identify a subset of possible shared keys from a plurality of known shared keys, the subset containing fewer than all of the known shared keys;
transmitting the Hint of the ID and a Message Authentication Code (MAC) created from a message using a shared key associated with the initiator;
receiving the Hint of the ID and the MAC by the receiver;
using, by the receiver, the Hint of the ID to determine the subset of possible shared keys;
creating, by the receiver, MACs of the message using shared keys within the subset of possible shared keys to look for a shared key that will produce a MAC of the message that matches the MAC of the message transmitted by the initiator; and
upon producing a MAC of the message from one of the shared keys that matches the MAC of the message transmitted by the initiator, determining therefrom the identity of the initiator.
3 Assignments
0 Petitions
Accused Products
Abstract
A system and method is provided for hiding an initiator'"'"'s identity (ID), e.g. a ClientID, in a shared key authentication protocol, using authentication based on a hint of the ID. The hint is a function of the ID which cannot be readily inverted to produce the initiator'"'"'s identity, for example, a hash function over the ID, such as a modular N sum hash of the initiator'"'"'s identity where N corresponds to N hash buckets in a shared key database; a cryptographic hash over the ID and a corresponding shared key; or a function of the ID which cannot be readily inverted to produce the initiator'"'"'s identity and a pair of MAC values wherein the MAC values are compared to find a shared key. The resulting hash may be reduced to a required number of bits for identification of a hash bucket in the database. The system and method thereby provide a computationally efficient method of protecting, or hiding, a client ID in a client-server system for shared-key authentication, which avoids the requirement of known systems to send the client ID in clear text early in the message exchange, which leaves known shared-key protocols open to passive and active identity disclosure attacks.
14 Citations
30 Claims
-
1. A method of hiding an initiator'"'"'s identity (ID) in a shared key authentication protocol, the method comprising the steps of:
-
applying, by an initiator, a function which cannot be readily inverted to the initiator'"'"'s ID to produce a Hint of the ID, the Hint of the ID enabling a receiver to identify a subset of possible shared keys from a plurality of known shared keys, the subset containing fewer than all of the known shared keys; transmitting the Hint of the ID and a Message Authentication Code (MAC) created from a message using a shared key associated with the initiator; receiving the Hint of the ID and the MAC by the receiver; using, by the receiver, the Hint of the ID to determine the subset of possible shared keys; creating, by the receiver, MACs of the message using shared keys within the subset of possible shared keys to look for a shared key that will produce a MAC of the message that matches the MAC of the message transmitted by the initiator; and upon producing a MAC of the message from one of the shared keys that matches the MAC of the message transmitted by the initiator, determining therefrom the identity of the initiator. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method of hiding an initiator'"'"'s identity (ID) in a shared key authentication protocol, the method comprising the steps of:
-
applying a function which cannot be readily inverted to the initiator'"'"'s ID to produce a Hint of the ID, the Hint of the ID enabling a receiver to identify a subset of possible shared keys from a plurality of known shared keys, the subset containing fewer than all of the known shared keys; applying a shared key associated with the ID to a message to produce a MAC; transmitting the Hint of the ID, the message, and the MAC; receiving the Hint of the ID, the message, and the MAC; determining a set of possible shared keys based on the received Hint of the ID; applying shared keys in the set of possible shared keys to the message to produce locally-determined MACs; and comparing the locally-determined MACs to the received MAC to complete authentication. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
18. A system for hiding an initiator'"'"'s identity (ID) in a shared key authentication protocol, comprising:
-
a first computer processor configured to implement a receiver to receive a Hint of the initiator'"'"'s ID, a message, and a Message Authentication Code (MAC) created using a shared key associated with the initiator; a database of shared keys; and an authenticator to provide authentication of the initiator based on the Hint of the ID, the authenticator being configured to use shared keys in the database to create MACs of the message to look for a shared key that is able to create a MAC of the message that matches the received MAC created using the shared key associated with the initiator, wherein the Hint is a function of the initiator'"'"'s ID that cannot be easily inverted to produce the initiator'"'"'s identity, and enables the authenticator to identify a subset of possible shared keys from the database of shared keys, the subset containing fewer than all of the known shared keys.
-
-
19. A system for hiding an initiator'"'"'s identity (ID) in a shared key authentication protocol comprising a processor to generate a hint of the initiator'"'"'s ID, a message, and a Message Authentication Code (MAC) of the message using an initiator'"'"'s shared key for transmission to an authenticator in the shared key authentication protocol, the Hint being a function of the initiator'"'"'s ID that cannot be easily inverted to produce the initiator'"'"'s identity, the Hint of the ID enabling the authenticator to identify a subset of possible shared keys from a plurality of known shared keys, the subset containing fewer than all of the known shared keys.
-
20. A tangible machine-readable medium encoded with processor-executable instruction sequences for hiding an initiator'"'"'s identity (ID) in a shared key authentication protocol, the processor-executable instruction sequences being configured such that, when loaded into one or more computer processors, enable the one or more computer processors to perform a method comprising the steps of:
-
applying a function to the initiator'"'"'s ID to create a Hint of the ID which cannot be readily inverted to produce the initiator'"'"'s identity, the Hint of the ID enabling an authenticator to identify a subset of possible shared keys from a plurality of known shared keys, the subset containing fewer than all of the known shared keys; creating a Message Authentication Code (MAC) of a message using a shared key associated with the initiator; and transmitting the Hint of the ID, the message, and the MAC of the message to an authenticator; wherein the authenticator will use the Hint of the ID to select the subset of possible shared keys and use the shared keys of the subset of shared keys to generate locally created MACs of the message to look for a locally created MAC of the message that matches the transmitted MAC of the message.
-
-
21. A method of hiding an initiators identity (ID) in a shared key authentication protocol for authentication and shared key agreement between an initiator computer and a receiver computer, the method comprising steps of:
-
generating, by the initiator computer, a Hint of the ID, the Hint being a function of the ID which cannot be readily inverted to produce the initiators identity, the Hint of the ID enabling the receiver to identify a subset of possible shared keys from a plurality of known shared keys, the subset containing fewer than all of the known shared keys; generating, by the initiator computer, a Message Authentication Code (MAC); transmitting, by the initiator computer, the Hint of the ID and the MAC to the receiver for authentication and key agreement. - View Dependent Claims (22, 23, 24, 25)
-
-
26. A method of hiding an initiator'"'"'s identity (ID) in a shared key authentication protocol for authentication and shared key agreement between an initiator computer and a receiver computer, the method comprising the steps of:
-
receiving, by the receiver computer, from an initiator a Hint of the ID and a Message Authentication Code (MAC) value, the Hint being a function of the ID which cannot be readily inverted to produce the initiator'"'"'s identity, the Hint of the ID enabling a receiver to identify a subset of possible shared keys from a plurality of known shared keys, the subset containing fewer than all of the known shared keys; using, by the receiver computer, the Hint of the ID to identify the subset of possible shared keys that could have been used by known initiators to create the MAC value; and using, by the receiver computer, shared keys from the subset of possible shared keys to generate local MAC values to look for a shared key that will generate a local MAC value that matches the received MAC value. - View Dependent Claims (27, 28, 29, 30)
-
Specification