WO2011039774A1 - Method and system for generating random sequences for authentication protocols - Google Patents

Method and system for generating random sequences for authentication protocols Download PDF

Info

Publication number
WO2011039774A1
WO2011039774A1 PCT/IN2010/000621 IN2010000621W WO2011039774A1 WO 2011039774 A1 WO2011039774 A1 WO 2011039774A1 IN 2010000621 W IN2010000621 W IN 2010000621W WO 2011039774 A1 WO2011039774 A1 WO 2011039774A1
Authority
WO
WIPO (PCT)
Prior art keywords
random sequence
random
peer
authenticator
sequence
Prior art date
Application number
PCT/IN2010/000621
Other languages
French (fr)
Inventor
Vijayarangan Natarajan
Original Assignee
Tata Consultancy Services Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tata Consultancy Services Ltd. filed Critical Tata Consultancy Services Ltd.
Publication of WO2011039774A1 publication Critical patent/WO2011039774A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/065Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
    • H04L9/0656Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher
    • H04L9/0662Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher with particular pseudorandom sequence generator
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions

Definitions

  • the present invention relates to the field of information security systems. Particularly, the present invention relates to the application of number theory in information security systems.
  • Gilbreath then formulated a conjecture that, after the initial pattern, the numbers in the first columns of all the subsequent patterns are. one. No exception has been found till date, despite searches carried out to several hundred billions patterns, and the conjecture is generally assumed to be true.
  • European Patent Application No. EP0994424 by Hori Hironobu discloses high speed prime number calculation.
  • prime numbers are derived through effective processing steps so as to achieve a remarkable reduction in the processing time taken for the derivation.
  • i) numerical values are added in sequence to a prime number of the anterior rank to calculate prime number candidates of the next rank;
  • the calculated prime number candidate is divided by known prime numbers to verify whether it is a prime number or not; and
  • processing for reducing the verification time is iterated when the calculated prime number candidate is larger than a certain value, thereby to derive prime numbers until the entered rank is reached.
  • United States Patent No. 6330332 by Koichi Itoh et. al. discloses a prime number generation apparatus with a smoothness judgement apparatus and a computer memory product.
  • One or a plurality of prime numbers are generated using the apparatus and the generated random numbers are used to calculate a larger prime number candidate, and a judgement is made as to whether or not the prime number candidate is a prime number by using a provable prime number judging method, and when the judgement is made that the candidate is a prime number, that prime number 'p' is given as an output.
  • United States Patent No. 7043018 by Masao Kasahara et. al. discloses a prime number generation method, a prime number generation apparatus, and a cryptographic system.
  • the prime number generation method is used for efficiently generating prime numbers which are highly resistant to the p - 1 and p + 1 methods. These prime numbers are used in a cryptosystem.
  • the prime candidates are first generated and then the generated prime candidates are subjected to prime number judgement by either a probabilistic primality testing method or a deterministic primality testing method.
  • Peer-to-peer authentication is accomplished by i) sending a digital certificate to a responder; ii) receiving a randomized codeword in response to the sent digital certificate; iii) creating a secure fingerprint based on the digital certificate and the randomized codeword; iv) creating a first bit sequence based on a first portion of the secure fingerprint and a second portion of the randomized codeword; and v) indicating that the first digital certificate is authenticated based on whether the first bit sequence matches a second bit sequence received from the responder via an out-of-band communication in response to the sending.
  • the size of the first bit sequence is less than the size of the secure fingerprint.
  • the first bit sequence is also compared with a second bit sequence, using an out-of-band communication, by associating the first bit sequence with one or more indices into an array of representations.
  • United States Patent Application No. 20080301435 by Simon and Steven Neil discloses a system for generating a peer-to-peer security authentication protocol.
  • a salt transmitted by a second node is received at a first node.
  • a salt comprises random bits which are used as the inputs to a key derivation function.
  • the other inputs to the key derivation function are usually passwords or pass phrases.
  • the output of the key derivation function is stored as the encrypted version of the password.)
  • the received salt is used to decrypt encrypted data.
  • authorization to access a service provided by the second node is received by the first node. In some cases the service includes access to one or more files.
  • United States Patent Application No. 20080123842 discloses a method of generating a first prime number P and a second prime number Q; randomly deriving an integer E as a function of a given random input number a and a bit string representation V of the given user data; and generating, in response to the derived integer E and a product (P-1)(Q-1) being relatively prime and further in response to the derived integer E both exceeding 1 and remaining below the product (P-1)(Q-1), a cryptographic key pair comprising a private key and an associated public key with the derived integer E used as a public exponent in the public key in order to create a cryptographic association between the public key and the given user data.
  • One more object of the present invention is to provide a method and system for generating random sequences which can generate random number sequences in which it is difficult to find out the original random number sequence from the list of sequences even after applying a backward difference operator.
  • a system for authentication of a peer using random sequences comprising
  • an authenticator node adapted to authenticate a peer node, the authenticator node comprising
  • ⁇ selection means adapted to select a random prime number
  • ⁇ first transmitting means adapted to transmit the selected prime number to the peer node
  • ⁇ authenticator sequence constructor means adapted to construct a first random sequence of prime numbers using a randomly selected prime number as an upper bound
  • first random sequence generating means adapted to generate at least one random sequence of prime numbers using the first random sequence constructed using the authenticator sequence constructing means
  • reception means adapted to receive authentication data for authentication
  • ⁇ extraction means adapted to extract the random sequence characterised in the authentication data
  • ⁇ matching means adapted to match the random sequence characterized in the authentication data with at least of one of the random sequences generated by the first random sequence generating means;
  • the peer node comprising
  • ⁇ receiving means adapted to receive the prime number sent by the authenticator
  • ⁇ peer sequence constructing means adapted to construct a first random sequence of prime numbers using the received prime number as an upper bound
  • ⁇ second random sequence generating means adapted to generate at least one random sequence of prime numbers using the first random sequence constructed using peer sequence constructing means
  • ⁇ formulating means adapted to formulate ' authentication data, the authentication data characterizing at least one of the random sequences generated at the peer; and second transmitting means adapted to transmit the authentication data to the authenticator node.
  • the prime numbers are 64 bit prime numbers.
  • the first random sequence generating means is adapted to compute the forward difference of a random sequence of prime numbers to generate further sequences.
  • the first random sequence generating means is adapted to compute forward difference and Gilbreath's conjecture for a random sequence and further adapted to compute the sum of forward difference of a random sequence and computed Gilbreath's conjecture of the same random sequence.
  • the first random sequence generating means is adapted to formulate a square matrix of at least one random sequence by inserting zeros after the minor diagonal entries.
  • the second random sequence generating means is adapted to compute the forward difference of a random sequence of prime numbers to generate further sequences.
  • the second random sequence generating means is adapted to compute the forward difference and Gilbreath's conjecture for a random sequence and further adapted to compute the sum of forward differences of a random sequence and computed Gilbreath's conjecture of the same random sequence.
  • the second random sequence generating means is adapted to formulate a square matrix of at least one random sequence by inserting zeros after the minor diagonal entries.
  • the formulating means includes an encryption means adapted to encrypt the peer node's authentication data using one of the generated sequences of a particular order before sending it to the authenticator node for authentication, the encrypted authentication data sent along with order of sequence used for encryption, the authentication data selected from the group consisting of peer node's name, and IP address.
  • the matching means also includes decryption means adapted to attempt decryption of the received authentication data using the random sequences generated at the authenticator node.
  • the formulating means is adapted to formulate authentication data including hash value of at least one of the one of the random sequences generated at the peer node or hash value of at least one of the random sequences generated at the peer node.
  • a method for authentication of a peer using random sequences comprising the following steps
  • the step of generating at least one random sequence using the first random sequence constructed at the authenticator includes the step of computing the forward difference of a random sequence of prime numbers.
  • the step of generating at least one random sequence using the first random sequence constructed at the authenticator includes the step of computing the sum of forward differences of a random sequence and Gilbreath's conjecture of the same random sequence.
  • the step of generating at least one random sequence using the first random sequence constructed at the authenticator includes the step of formulating a square matrix of two random sequences by inserting zeros after the minor diagonal entries.
  • the step of generating at least one random sequence using the first random sequence constructed at the peer includes the step of computing the forward difference of a random sequence of prime numbers.
  • the step of generating at least one random sequence using the first random sequence constructed at the peer includes the step of computing the sum of forward differences of a random sequence and Gilbreath's conjecture of the same random sequence.
  • the step of generating at least one random sequence using the first random sequence constructed at the peer includes the step of formulating a square matrix of two random sequences by inserting zeros after the minor diagonal entries.
  • the step of formulating authentication data includes the step of encrypting the peer node's authentication data using one of the generated sequences of a particular order before sending it to the authenticator node for authentication.
  • the step of matching the random sequence characterized in said authentication data also includes the step of attempting decryption of the received authentication data using the random sequences generated at the authenticator node.
  • FIG. 1 illustrates different sets of prime numbers, in accordance with the present invention
  • Figure 2 illustrates a system for authentication of a peer using random sequences, in accordance with the present invention.
  • Figure 3 illustrates a flow diagram of a method for authentication of a peer using random sequences, in accordance with the present invention.
  • random sequences through different sets of prime numbers are generated.
  • different sets of prime numbers which are used by the system are generated.
  • Sj ⁇ p ls ⁇ 2, ⁇ ⁇ ⁇ 5 ⁇ - A sequence of prime numbers (ascending order).
  • S 2 ⁇ pn, Pn-h- ⁇ ⁇ , Pi ⁇ - sequence of prime numbers (descending order).
  • FIG. 1 there is shown a system 100 for authentication of a peer node using random sequences of prime numbers.
  • An authenticator node 160 authenticates a peer node 165 who seeks authentication by first establishing a communication link between them.
  • a selection means 105 is used which is adapted to select a prime number 'p' randomly, which is transmitted to the peer node 160 using a first transmitting means 140 which transmits messages using various mediums including internet, WiFi, GPRS, WiMax, EDGE, LAN and the like.
  • the peer node 165 seeking authentication receives the prime number 'p' transmitted by the authenticator node 160 using a peer receiving means 140 which is sent to the peer sequence constructing means 145 adapted to construct a first random sequence of the prime numbers using the received prime number as upper bound and consequent random sequences are generated by the second random sequence generating means 150 adapted to generate random sequences of prime numbers using the first random sequence constructed using peer sequence constructing means 145.
  • the first random sequence generation means 120 and the second random sequence generation means 150 generates the random sequences by applying forward difference operator to a sequence of 'n' distinct prime numbers (each prime number having a length of 64 bits) and to obtain a sequence of n-1 positive integers.
  • the forward difference operator is applied continuously to the sequence of positive integers till a sequence consisting of a single positive number is obtained.
  • (n-1) sequences are generated in the above manner.
  • Each sequence of numbers has nonlinear behaviour.
  • the mathematical representation of process 1 is given below:
  • pi— tit 2 - ⁇ -t r ; where tj
  • the first random sequence generation means 120 and the second random sequence generation means 150 generates the random sequences by applying forward difference operator for patterns with distinct prime numbers (each prime number of length 64 bits) taken up in the descending order. At the end of this operation the last term in each series of the sequence appears to be 1.
  • the first random sequence generation means 120 and the second random sequence generation means 150 generates the random sequences of prime numbers by taking prime numbers in random manner, and also another sequence is established of the form: pi p 2 P3 ... p n p n Pn-i ⁇ ⁇ ⁇ ⁇ 2 ⁇ 1 ⁇ Then forward difference operator is applied on the sequence. Here it is found that the last sequence terminates with 0.
  • the first random sequence generation means 120 and the second random sequence generation means 150 generates the random sequences of prime numbers by taking sequence in ascending order and establishing the sequence which is of the form: pi P2 P3 ⁇ ⁇ ⁇ p n P n Pn-i ⁇ ⁇ ⁇ ⁇ 2 ⁇ 1 ⁇ Then forward difference operator is applied on the sequence.
  • the peer node After generation of random sequences the peer node formulates authentication data which characterizes at least one of the random sequence generated at the peer node.
  • Authentication data is formulated using formulating means 155.
  • the formulating means 155 can formulate authentication data which includes hash value of at least one of the one of the random sequences generated at the peer node 165 or hash value of at least one of the random sequences generated at the peer node 165.
  • the formulating means 155 includes an encryption means 157 adapted to encrypt the peer node's data including peer node id, peer node name and the like using one of the generated sequences of a particular order before sending it to the authenticator node for authentication, the encrypted authentication data is sent along with order of sequence used for encryption.
  • the authentication data is formulated and a second transmitting means 158 is used to transmit the authentication data to the authenticator node 160 which is received at the authenticator using authenticator reception means 125.
  • the received authentication data is then sent to an extraction means 130 which extracts the random sequence characterised in the authentication data.
  • the extracted random sequence is matched with the locally generated random sequences of the prime numbers using matching means 135.
  • the matching means 135 also includes a decryption means 137 adapted to attempt decryption of the received authentication data using the random sequences generated at the authenticator node 160.
  • the decryption means 137 uses the sequences which are of the same order received from the peer node 165.
  • the random sequences at the authenticator node 160 is generated using authenticator sequence constructing means 115 adapted to construct a first random sequence of the prime numbers using the selection means selected prime number as upper bound and the consequent random sequences are generated by the first random sequence generating means 120 adapted to generate random sequences of prime numbers using the first random sequence constructed using authenticator sequence constructing means 115.
  • the step of generating at least one random sequence using the first random sequence constructed at the authenticator further comprising computing the forward difference of a random sequence of prime numbers.
  • the step of generating at least one random sequence using the first random sequence constructed at the authenticator further comprising computing the sum of forward difference of a random sequence and Gilbreath's conjecture of the same random sequence.
  • the step of generating at least one random sequence using the first random sequence constructed at the authenticator further comprising formulating a square matrix of two random sequences by inserting zeros after the minor diagonal entries.
  • the step of generating at least one random sequence using the first random sequence constructed at the peer further comprises computing the forward difference of a random sequence of prime numbers.
  • the step of generating at least one random sequence using the first random sequence constructed at the peer further comprises computing the sum of forward difference of a random sequence and Gilbreath's conjecture of the same random sequence.
  • the step of generating at least one random sequence using the first random sequence constructed at the peer further comprises formulating a square matrix of two random sequences by inserting zeros after the minor diagonal entries.
  • the step of formulating authentication data includes the step of encrypting the peer node's authentication data using one of the generated sequences of a particular order before sending it to the authenticator node for authentication.
  • the step of matching the random sequence characterized in authentication data also includes the step of attempting decryption of the received authentication data using the random sequences generated at the authenticator node.
  • a replay attack is a form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator of the data or by an adversary who intercepts the data and retransmits it, possibly as part of a masquerade attack by IP (Internet Protocol) packet substitution (such as stream cipher attack). No hash algorithm is used here.
  • Random sequences produced by the system and method in accordance with the present invention finds a number of applications in information security systems. Some specific areas where the present invention can be applied are:
  • the technical advancements of the present invention include realization of a method and system for generating random sequences which can:

Abstract

A system and method for authentication of a peer node using random sequences have been disclosed. An authenticator node (160) is deployed to authenticate a peer node (165) which selects a random prime number, transmits the selected prime number to the peer node (165) and generates random sequences for matching. The peer node (165) receives the prime number and generates random sequences using the received prime number as upper bound, these random sequences are either sent as is to the authenticator node (160) for authentication or are used to encrypt the data to be sent to the authenticator node (160) for authentication. Further, the authenticator node matches the received random sequences generated at the peer node (160) with the locally generated random sequences and in case of a match authenticates the peer node (165).

Description

METHOD AND SYSTEM FOR GENERATING RANDOM SEQUENCES FOR AUTHENTICATION PROTOCOLS
FIELD OF THE INVENTION
The present invention relates to the field of information security systems. Particularly, the present invention relates to the application of number theory in information security systems.
DEFINITIONS
In this specification, the following terms have the following definitions as given alongside. These are additions to the usual definitions expressed in the art.
Upper Bound - A number greater than or equal to all other numbers in a random sequence of numbers.
BACKGROUND OF THE INVENTION
In 1958, the American mathematician and amateur magician Norman L. Gilbreath found a pattern on a sequence of prime numbers. Gilbreath arrived at this conjecture by writing down the first few primes to obtain the pattern as given below:
2, 3, 5, 7, 1 1 , 13, 17, 19, 23, 29, 31, . Under this pattern, he put the differences between the consecutive numbers in the pattern to obtain the second pattern as given by:
1, 2, 2, 4, 2, 4, 2, 4, 6, 2, ...
Under this second pattern he put the unsigned differences between the consecutive numbers in the second pattern to obtain the third pattern as given by:
1 , 0, 2, 2, 2, 2, 2, 2, 4, .
Then he continued this process of finding iterated differences to obtain pattern as given below:
1, 2, 0, 0, 0, 0, 0, 2,
1, 2, 0, 0, 0, 0, 2,
1, 2, 0, 0, 0, 2,
1, 2, 0, 0, 2,
1, 2, 0, 2,
1, 2, 2,
1, 0,
Gilbreath then formulated a conjecture that, after the initial pattern, the numbers in the first columns of all the subsequent patterns are. one. No exception has been found till date, despite searches carried out to several hundred billions patterns, and the conjecture is generally assumed to be true.
However, it may have nothing to do with primes as such. The English mathematician Hallard Croft has suggested that the conjecture may apply to any sequence that begins with 2 and is followed by odd numbers that increase at a "reasonable" rate and with gaps of "reasonable" size. Gilbreath's conjecture is verified for all prime numbers up to 10 . But this conjecture is not proved for any 'n'.
Several attempts have been made to generate number sequences for various applications as disclosed in the patents given below:
European Patent Application No. EP0994424 by Hori Hironobu discloses high speed prime number calculation. On the basis of a high degree theory, prime numbers are derived through effective processing steps so as to achieve a remarkable reduction in the processing time taken for the derivation. With respect to an arbitrary prime number rank entered, i) numerical values are added in sequence to a prime number of the anterior rank to calculate prime number candidates of the next rank; ii) the calculated prime number candidate is divided by known prime numbers to verify whether it is a prime number or not; and iii) processing for reducing the verification time is iterated when the calculated prime number candidate is larger than a certain value, thereby to derive prime numbers until the entered rank is reached.
United States Patent No. 6330332 by Koichi Itoh et. al. discloses a prime number generation apparatus with a smoothness judgement apparatus and a computer memory product. One or a plurality of prime numbers are generated using the apparatus and the generated random numbers are used to calculate a larger prime number candidate, and a judgement is made as to whether or not the prime number candidate is a prime number by using a provable prime number judging method, and when the judgement is made that the candidate is a prime number, that prime number 'p' is given as an output.
United States Patent No. 7043018 by Masao Kasahara et. al. discloses a prime number generation method, a prime number generation apparatus, and a cryptographic system. The prime number generation method is used for efficiently generating prime numbers which are highly resistant to the p - 1 and p + 1 methods. These prime numbers are used in a cryptosystem. The prime candidates are first generated and then the generated prime candidates are subjected to prime number judgement by either a probabilistic primality testing method or a deterministic primality testing method.
United States Patent No. 7293284 by Linda Bartram et. al. discloses a codeword-enhanced peer-to-peer authentication system. Peer-to-peer authentication is accomplished by i) sending a digital certificate to a responder; ii) receiving a randomized codeword in response to the sent digital certificate; iii) creating a secure fingerprint based on the digital certificate and the randomized codeword; iv) creating a first bit sequence based on a first portion of the secure fingerprint and a second portion of the randomized codeword; and v) indicating that the first digital certificate is authenticated based on whether the first bit sequence matches a second bit sequence received from the responder via an out-of-band communication in response to the sending. The size of the first bit sequence is less than the size of the secure fingerprint. According to another aspect, the first bit sequence is also compared with a second bit sequence, using an out-of-band communication, by associating the first bit sequence with one or more indices into an array of representations. United States Patent Application No. 20080301435 by Simon and Steven Neil discloses a system for generating a peer-to-peer security authentication protocol. In the system, a salt transmitted by a second node is received at a first node. (In cryptography, a salt comprises random bits which are used as the inputs to a key derivation function. The other inputs to the key derivation function are usually passwords or pass phrases. The output of the key derivation function is stored as the encrypted version of the password.) The received salt is used to decrypt encrypted data. Optionally, authorization to access a service provided by the second node is received by the first node. In some cases the service includes access to one or more files.
United States Patent Application No. 20080123842 discloses a method of generating a first prime number P and a second prime number Q; randomly deriving an integer E as a function of a given random input number a and a bit string representation V of the given user data; and generating, in response to the derived integer E and a product (P-1)(Q-1) being relatively prime and further in response to the derived integer E both exceeding 1 and remaining below the product (P-1)(Q-1), a cryptographic key pair comprising a private key and an associated public key with the derived integer E used as a public exponent in the public key in order to create a cryptographic association between the public key and the given user data.
None of the abovementioned patent documents disclose methods wherein it is difficult to find out the original random number sequence from the list of sequences even after applying a backward difference operator. Therefore, there is felt a need for a method and system for generating random sequences which can:
• generate sequences of prime numbers in increasing as well as decreasing order;
• avoid replay attack;
• generate lengthy sequences of prime numbers; and
• generate random number sequences in which it is difficult to find out the original random number sequence from the list of sequences even after applying a backward difference operator.
OBJECTS OF THE INVENTION
It is an object of the present invention to provide a method and system for generating random sequences which can generate sequences of prime numbers in increasing as well as decreasing order.
It is another object of the present invention to provide a method and system for generating random sequences which can avoid replay attack.
It is yet another object of the present invention to provide a method and system for generating random sequences which can generate lengthy sequences of prime numbers.
One more object of the present invention is to provide a method and system for generating random sequences which can generate random number sequences in which it is difficult to find out the original random number sequence from the list of sequences even after applying a backward difference operator. SUMMARY OF THE INVENTION
In accordance with the invention a system for authentication of a peer using random sequences is provided, the system comprising
■ an authenticator node adapted to authenticate a peer node, the authenticator node comprising
■ selection means adapted to select a random prime number;
first transmitting means adapted to transmit the selected prime number to the peer node;
■ authenticator sequence constructor means adapted to construct a first random sequence of prime numbers using a randomly selected prime number as an upper bound;
first random sequence generating means adapted to generate at least one random sequence of prime numbers using the first random sequence constructed using the authenticator sequence constructing means; ■ reception means adapted to receive authentication data for authentication;
■ extraction means adapted to extract the random sequence characterised in the authentication data;
■ matching means adapted to match the random sequence characterized in the authentication data with at least of one of the random sequences generated by the first random sequence generating means;
■ peer node seeking authentication, the peer node comprising
receiving means adapted to receive the prime number sent by the authenticator;
■ peer sequence constructing means adapted to construct a first random sequence of prime numbers using the received prime number as an upper bound;
second random sequence generating means adapted to generate at least one random sequence of prime numbers using the first random sequence constructed using peer sequence constructing means;
formulating means adapted to formulate ' authentication data, the authentication data characterizing at least one of the random sequences generated at the peer; and second transmitting means adapted to transmit the authentication data to the authenticator node.
Typically, the prime numbers are 64 bit prime numbers.
Typically, the first random sequence generating means is adapted to compute the forward difference of a random sequence of prime numbers to generate further sequences.
Typically, the first random sequence generating means is adapted to compute forward difference and Gilbreath's conjecture for a random sequence and further adapted to compute the sum of forward difference of a random sequence and computed Gilbreath's conjecture of the same random sequence.
Typically, the first random sequence generating means is adapted to formulate a square matrix of at least one random sequence by inserting zeros after the minor diagonal entries.
Typically, the second random sequence generating means is adapted to compute the forward difference of a random sequence of prime numbers to generate further sequences. Typically, the second random sequence generating means is adapted to compute the forward difference and Gilbreath's conjecture for a random sequence and further adapted to compute the sum of forward differences of a random sequence and computed Gilbreath's conjecture of the same random sequence.
Typically, the second random sequence generating means is adapted to formulate a square matrix of at least one random sequence by inserting zeros after the minor diagonal entries.
Typically, the formulating means includes an encryption means adapted to encrypt the peer node's authentication data using one of the generated sequences of a particular order before sending it to the authenticator node for authentication, the encrypted authentication data sent along with order of sequence used for encryption, the authentication data selected from the group consisting of peer node's name, and IP address.
The matching means also includes decryption means adapted to attempt decryption of the received authentication data using the random sequences generated at the authenticator node.
The formulating means is adapted to formulate authentication data including hash value of at least one of the one of the random sequences generated at the peer node or hash value of at least one of the random sequences generated at the peer node.
In accordance with the present invention a method for authentication of a peer using random sequences, the method comprising the following steps
• establishing a communication link between a peer and an authenticator;
• constructing a first random sequence of prime numbers at the authenticator using a randomly selected prime number as an upper bound;
• sending the prime number to the peer;
• receiving the prime number at the peer, sent by the authenticator;
• constructing a first random sequences of prime numbers using the received prime number as an upper bound;
• generating at least one random sequence using the first random sequence constructed at the authenticator;
• generating at least one random sequence using the first random sequence constructed at the peer;
• formulating authentication data to be sent for authentication at the authenticator, the authentication data characterizing in that at least one of the random sequence generated at the peer; • transmitting the authentication data to the authenticator;
• receiving the transmitted data;
• matching the random sequence characterized in the authentication data with at least of one of the random sequences generated at the authenticator;
• authenticating the peer in case of matching random sequence;
Typically, the step of generating at least one random sequence using the first random sequence constructed at the authenticator includes the step of computing the forward difference of a random sequence of prime numbers.
Typically, the step of generating at least one random sequence using the first random sequence constructed at the authenticator includes the step of computing the sum of forward differences of a random sequence and Gilbreath's conjecture of the same random sequence.
Typically, the step of generating at least one random sequence using the first random sequence constructed at the authenticator includes the step of formulating a square matrix of two random sequences by inserting zeros after the minor diagonal entries. Typically, the step of generating at least one random sequence using the first random sequence constructed at the peer includes the step of computing the forward difference of a random sequence of prime numbers.
Typically, the step of generating at least one random sequence using the first random sequence constructed at the peer includes the step of computing the sum of forward differences of a random sequence and Gilbreath's conjecture of the same random sequence.
Typically, the step of generating at least one random sequence using the first random sequence constructed at the peer includes the step of formulating a square matrix of two random sequences by inserting zeros after the minor diagonal entries.
Typically, the step of formulating authentication data includes the step of encrypting the peer node's authentication data using one of the generated sequences of a particular order before sending it to the authenticator node for authentication.
Typically, the step of matching the random sequence characterized in said authentication data also includes the step of attempting decryption of the received authentication data using the random sequences generated at the authenticator node. BRIEF DESCRIPTION OF THE ACCOMPANYING DRAWINGS
The method and system for generating random sequences will now be described with reference to the accompanying drawings, in which:
Figure 1 illustrates different sets of prime numbers, in accordance with the present invention;
Figure 2 illustrates a system for authentication of a peer using random sequences, in accordance with the present invention; and
Figure 3 illustrates a flow diagram of a method for authentication of a peer using random sequences, in accordance with the present invention.
DETAILED DESCRIPTION OF THE INVENTION
The drawings and the description thereto are merely illustrative of a method and system for generating random sequences and only exemplify the system of the invention and in no way limit the scope thereof.
In accordance with the present invention, random sequences through different sets of prime numbers (where each prime number is of length 64 bits) are generated. For instance, different sets of prime numbers which are used by the system are
1.) Sj = {pls Ρ2,· · ·5Ρη} - A sequence of prime numbers (ascending order). 2. ) S2 = {pn, Pn-h- · ·, Pi } - sequence of prime numbers (descending order).
3. ) S3 = {pl5 p2,..., Pn, Pnv, Pi } - sequence of prime numbers
(ascending and descending orders).
4. ) S4 = {pi, p2 Pn, Pn, · · ·, Pi, P2} - A sequence of prime numbers in random order
Referring to figure 1 there is shown a system 100 for authentication of a peer node using random sequences of prime numbers. An authenticator node 160 authenticates a peer node 165 who seeks authentication by first establishing a communication link between them.
At the authenticator node 160 a selection means 105 is used which is adapted to select a prime number 'p' randomly, which is transmitted to the peer node 160 using a first transmitting means 140 which transmits messages using various mediums including internet, WiFi, GPRS, WiMax, EDGE, LAN and the like.
The peer node 165 seeking authentication receives the prime number 'p' transmitted by the authenticator node 160 using a peer receiving means 140 which is sent to the peer sequence constructing means 145 adapted to construct a first random sequence of the prime numbers using the received prime number as upper bound and consequent random sequences are generated by the second random sequence generating means 150 adapted to generate random sequences of prime numbers using the first random sequence constructed using peer sequence constructing means 145.
In accordance with a first embodiment of the present invention the first random sequence generation means 120 and the second random sequence generation means 150 generates the random sequences by applying forward difference operator to a sequence of 'n' distinct prime numbers (each prime number having a length of 64 bits) and to obtain a sequence of n-1 positive integers. The forward difference operator is applied continuously to the sequence of positive integers till a sequence consisting of a single positive number is obtained. For 'n' distinct prime numbers, (n-1) sequences are generated in the above manner. Each sequence of numbers has nonlinear behaviour. For a given sequence's', of positive integers (such that 1 < s < n- 1), generated from the above process, it is computationally difficult to find out the original sequence of prime numbers. The mathematical representation of process 1 is given below:
Pi p2 p3 P4 P5 · · -pn; where pi, p2, ..., pn are prime numbers sis2s3...sk; where Sj = |pi— tit2- · -tr; where tj = |sj - s^l
q; where q >=0 In accordance with a second embodiment of the present invention the first random sequence generation means 120 and the second random sequence generation means 150 generates the random sequences by applying forward difference operator for patterns with distinct prime numbers (each prime number of length 64 bits) taken up in the descending order. At the end of this operation the last term in each series of the sequence appears to be 1.
In accordance with a third embodiment of the present invention the first random sequence generation means 120 and the second random sequence generation means 150 generates the random sequences by taking sequence of prime numbers (each prime number of length 64 bits) in random order, and applying forward difference operator and also, computing Gilbreath's conjecture (GC) (on the sequence taken all primes in ascending order). Then the results of forward difference and GC are added (forward difference + GC). After summing up, some sequences are found to have a relationship: first term = last term.
In accordance with a fourth embodiment of the present invention the first random sequence generation means 120 and the second random sequence generation means 150 generates the random sequences of prime numbers by taking prime numbers in random manner, and also another sequence is established of the form: pi p2 P3 ... pn pn Pn-i · · · Ρ2Ρ1 · Then forward difference operator is applied on the sequence. Here it is found that the last sequence terminates with 0. In accordance with a fifth embodiment of the present invention the first random sequence generation means 120 and the second random sequence generation means 150 generates the random sequences of prime numbers by taking sequence in ascending order and establishing the sequence which is of the form: pi P2 P3 · · · pn Pn Pn-i · · · Ρ2Ρ1· Then forward difference operator is applied on the sequence. Here, each sequence is found to exhibit the relationship given by: first term = last term.
In accordance with a fifth embodiment of the present invention the first random sequence generation means 120 and the second random sequence generation means 150 generates the random sequences of prime numbers by taking two sequences P = pi p2 ... pn and Q = pn pn-i ... pj. Forward difference is carried out on P and Q. Further, n x n matrix "A" is constructed on the outcome of application of forward difference for the sequence P by inserting zeroes in the array after the anti-diagonal (minor diagonal) entries. Similarly for the sequence Q, a matrix B is constructed. Here, the matrix multiplication A*B is found not to be commutative.
Then, the above two matrices, A and B, are considered over a prime field Fq. A+B is found to be closed under the matrix addition (defined over Fq). Therefore, the set of n x n matrices over Fq of the above form is found to be an Abelian group under addition.
After generation of random sequences the peer node formulates authentication data which characterizes at least one of the random sequence generated at the peer node. Authentication data is formulated using formulating means 155. The formulating means 155 can formulate authentication data which includes hash value of at least one of the one of the random sequences generated at the peer node 165 or hash value of at least one of the random sequences generated at the peer node 165.
Also, the formulating means 155 includes an encryption means 157 adapted to encrypt the peer node's data including peer node id, peer node name and the like using one of the generated sequences of a particular order before sending it to the authenticator node for authentication, the encrypted authentication data is sent along with order of sequence used for encryption.
The authentication data is formulated and a second transmitting means 158 is used to transmit the authentication data to the authenticator node 160 which is received at the authenticator using authenticator reception means 125.
The received authentication data is then sent to an extraction means 130 which extracts the random sequence characterised in the authentication data. At the authenticator node 160 the extracted random sequence is matched with the locally generated random sequences of the prime numbers using matching means 135. The matching means 135 also includes a decryption means 137 adapted to attempt decryption of the received authentication data using the random sequences generated at the authenticator node 160. The decryption means 137 uses the sequences which are of the same order received from the peer node 165.
The random sequences at the authenticator node 160 is generated using authenticator sequence constructing means 115 adapted to construct a first random sequence of the prime numbers using the selection means selected prime number as upper bound and the consequent random sequences are generated by the first random sequence generating means 120 adapted to generate random sequences of prime numbers using the first random sequence constructed using authenticator sequence constructing means 115.
In accordance with the invention a method for authentication of a peer using random sequences is provided as shown in figure 2, said method comprising the following steps
establishing a communication link between a peer and an authenticator, 2001;
constructing a first random sequence of prime numbers at the authenticator using a randomly selected prime number as an upper bound, 2003;
sending said prime number to the peer, 2005;
receiving the prime number at the peer, sent by the authenticator,
2007;
constructing a first random sequences of prime numbers using the received prime number as an upper bound, 2009; generating at least one random sequence using the first random sequence constructed at the authenticator, 2011;
generating at least one random sequence using the first random sequence constructed at the peer, 2013;
formulating authentication data to be sent for authentication at the authenticator, said authentication data characterizing in that at least one of the random sequence generated at the peer, 2015;
transmitting the authentication data to the authenticator, 2017;
receiving the transmitted data, 2019;
matching the random sequence characterized in the authentication data with at least of one of the random sequences generated at the authenticator, 2021;
authenticating the peer in case of matching random sequence, 2023;
The step of generating at least one random sequence using the first random sequence constructed at the authenticator further comprising computing the forward difference of a random sequence of prime numbers.
The step of generating at least one random sequence using the first random sequence constructed at the authenticator further comprising computing the sum of forward difference of a random sequence and Gilbreath's conjecture of the same random sequence. The step of generating at least one random sequence using the first random sequence constructed at the authenticator further comprising formulating a square matrix of two random sequences by inserting zeros after the minor diagonal entries.
The step of generating at least one random sequence using the first random sequence constructed at the peer further comprises computing the forward difference of a random sequence of prime numbers.
The step of generating at least one random sequence using the first random sequence constructed at the peer further comprises computing the sum of forward difference of a random sequence and Gilbreath's conjecture of the same random sequence.
The step of generating at least one random sequence using the first random sequence constructed at the peer further comprises formulating a square matrix of two random sequences by inserting zeros after the minor diagonal entries.
The step of formulating authentication data includes the step of encrypting the peer node's authentication data using one of the generated sequences of a particular order before sending it to the authenticator node for authentication. The step of matching the random sequence characterized in authentication data also includes the step of attempting decryption of the received authentication data using the random sequences generated at the authenticator node.
In the above stated method, the replay (playback) attack is avoided due to random prime numbers (generated by the authenticator node). A replay attack (playback attack) is a form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator of the data or by an adversary who intercepts the data and retransmits it, possibly as part of a masquerade attack by IP (Internet Protocol) packet substitution (such as stream cipher attack). No hash algorithm is used here.
Random sequences produced by the system and method in accordance with the present invention finds a number of applications in information security systems. Some specific areas where the present invention can be applied are:
digital signature schemes;
extensible authentication protocols;
access control; and
multifactor authentication.
TECHNICAL ADVANCEMENTS The technical advancements of the present invention include realization of a method and system for generating random sequences which can:
generate sequences of prime numbers in increasing as well as decreasing order;
avoid replay attack;
generate lengthy sequences of prime numbers; and
generate random number sequences in which it is difficult to find out the original random number sequence from the list of sequences even after applying a backward difference operator.
While considerable emphasis has been placed herein on the particular features of this invention, it will be appreciated that various modifications can be made, and that many changes can be made in the preferred embodiments without departing from the principles of the invention. These and other modifications in the nature of the invention or the preferred embodiments will be apparent to those skilled in the art from the disclosure herein, whereby it is to be distinctly understood that the foregoing descriptive matter is to be interpreted merely as illustrative of the invention and not as a limitation.

Claims

1. A system for authentication of a peer using random sequences, said system comprising
■ an authenticator node adapted to authenticate a peer node, said authenticator node comprising
selection means adapted to select a random prime number;
first transmitting means adapted to transmit said selected prime number to the peer node;
authenticator sequence constructor means adapted to construct a first random sequence of prime numbers using a randomly selected prime number as an upper bound;
■ first random sequence generating means adapted to generate at least one random sequence of prime numbers using the first random sequence constructed using the authenticator sequence constructing means;
■ reception means adapted to receive authentication data for authentication;
extraction means adapted to extract the random sequence characterised in the authentication data; matching means adapted to match the random sequence characterized in the authentication data with at least of one of the random sequences generated by the first random sequence generating means;
peer node seeking authentication, said peer node comprising
receiving means adapted to receive the prime number sent by the authenticator;
peer sequence constructing means adapted to construct a first random sequence of prime numbers using the received prime number as an upper bound;
second random sequence generating means adapted to generate at least one random sequence of prime numbers using the first random sequence constructed using peer sequence constructing means;
formulating means adapted to formulate authentication data, said authentication data characterizing at least one of the . random sequences generated at the peer; and
second transmitting means adapted to transmit the authentication data to the authenticator node.
2. The system as claimed in claim 1 , wherein the prime numbers are 64 bit prime numbers.
3. The system as claimed in claim 1, wherein the first random sequence generating means is adapted to compute the forward difference of a random sequence of prime numbers to generate further sequences.
4. The system as claimed in claim 1 , wherein the first random sequence generating means is adapted to compute forward difference and Gilbreath's conjecture for a random sequence and further adapted to compute the sum of forward difference of a random sequence and computed Gilbreath's conjecture of the same random sequence.
5. The system as claimed in claim 1, wherein the first random sequence generating means is adapted to formulate a square matrix of at least one random sequence by inserting zeros after the minor diagonal entries.
6. The system as claimed in claim 1, wherein the second random sequence generating means is adapted to compute the forward difference of a random sequence of prime numbers to generate further sequences.
7. The system as claimed in claim 1, wherein the second random sequence generating means is adapted to compute the forward difference and Gilbreath's conjecture for a random sequence and further adapted to compute the sum of forward differences of a random sequence and computed Gilbreath's conjecture of the same random sequence.
8. The system as claimed in claim 1, wherein the second random sequence generating means is adapted to formulate a square matrix of at least one random sequence by inserting zeros after the minor diagonal entries.
9. The system as claimed in claim 1, wherein the formulating means includes an encryption means adapted to encrypt the peer node's authentication data using one of the generated sequences of a particular order before sending it to the authenticator node for authentication, said encrypted authentication data sent along with order of sequence used for encryption, said authentication data selected from the group consisting of peer node's name, and IP address.
10. The system as claimed in claim 1, wherein the matching means includes decryption means adapted to attempt decryption of the received authentication data using the random sequences generated at the authenticator node.
11. The system as claimed in claim 1, wherein the formulating means is adapted to formulate authentication data including hash value of at least one of the random sequences generated at the peer node.
12. The system as claimed in claim 1, wherein the formulating means is adapted to formulate authentication data including at least one of the random sequences generated at the peer node.
13. A method for authentication of a peer using random sequences, said method comprising the following steps • establishing a communication link between a peer and an authenticator;
• constructing a first random sequence of prime numbers at the authenticator using a randomly selected prime number as an upper bound;
• sending said prime number to the peer;
• receiving the prime number at the peer, sent by the authenticator;
• constructing a first random sequences of prime numbers using the received prime number as an upper bound;
• generating at least one random sequence using the first random sequence constructed at the authenticator;
• generating at least one random sequence using the first random sequence constructed at the peer;
• formulating authentication data to be sent for authentication at the authenticator, said authentication data characterizing in that at least one of the random sequence generated at the peer;
• transmitting the authentication data to the authenticator;
• receiving the transmitted data;
• matching the random sequence characterized in the authentication data with at least of one of the random sequences generated at the authenticator; • authenticating the peer in case of matching random sequence;
14. The method as claimed in claim 13, wherein the step of generating at least one random sequence using the first random sequence constructed at the authenticator includes the step of computing the forward difference of a random sequence of prime numbers. .
15. The method as claimed in claim 13, wherein the step of generating at least one random sequence using the first random sequence constructed at the authenticator includes the step of computing the sum of forward differences of a random sequence and Gilbreath's conjecture of the same random sequence.
16. The method as claimed in claim 13, wherein the step of generating at least one random sequence using the first random sequence constructed at the authenticator includes the step of formulating a square matrix of two random sequences by inserting zeros after the minor diagonal entries.
17. The method as claimed in claim 13, wherein the step of generating at least one random sequence using the first random sequence constructed at the peer includes the step of computing the forward difference of a random sequence of prime numbers.
18. The method as claimed in claim 13, wherein the step of generating at least one random sequence using the first random sequence constructed at the peer includes the step of computing the sum of forward differences of a random sequence and Gilbreath's conjecture of the same random sequence.
19. The method as claimed in claim 13, wherein the step of generating at least one random sequence using the first random sequence constructed at the peer includes the step of formulating a square matrix of two random sequences by inserting zeros after the minor diagonal entries.
20. The method as claimed in claim 13, wherein the step of formulating authentication data includes the step of encrypting the peer node's authentication data using one of the generated sequences of a particular order before sending it to the authenticator node for authentication.
21. The method as claimed in claim 13, wherein the step of matching the random sequence characterized in said authentication data also includes the step of attempting decryption of the received authentication data using the random sequences generated at the authenticator node.
PCT/IN2010/000621 2009-09-17 2010-09-14 Method and system for generating random sequences for authentication protocols WO2011039774A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN2153/MUM/2009 2009-09-17
IN2153MU2009 2009-09-17

Publications (1)

Publication Number Publication Date
WO2011039774A1 true WO2011039774A1 (en) 2011-04-07

Family

ID=43825643

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IN2010/000621 WO2011039774A1 (en) 2009-09-17 2010-09-14 Method and system for generating random sequences for authentication protocols

Country Status (1)

Country Link
WO (1) WO2011039774A1 (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050063539A1 (en) * 2003-09-18 2005-03-24 Langin-Hooper Jerry Joe Prime-number-based method and apparatus for generating random numbers
KR20080054649A (en) * 2006-12-13 2008-06-19 삼성전자주식회사 Security method for initial network entry process in the wimax network and system thereof
US7522723B1 (en) * 2008-05-29 2009-04-21 Cheman Shaik Password self encryption method and system and encryption by keys generated from personal secret information
JP2009141767A (en) * 2007-12-07 2009-06-25 Kyoichi Shibuya Generation system of encryption key, generation method of encryption key, encryption authentication system, and encrypted communication system
CN101505265A (en) * 2008-01-15 2009-08-12 奥多比公司 Information communication

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050063539A1 (en) * 2003-09-18 2005-03-24 Langin-Hooper Jerry Joe Prime-number-based method and apparatus for generating random numbers
KR20080054649A (en) * 2006-12-13 2008-06-19 삼성전자주식회사 Security method for initial network entry process in the wimax network and system thereof
JP2009141767A (en) * 2007-12-07 2009-06-25 Kyoichi Shibuya Generation system of encryption key, generation method of encryption key, encryption authentication system, and encrypted communication system
CN101505265A (en) * 2008-01-15 2009-08-12 奥多比公司 Information communication
US7522723B1 (en) * 2008-05-29 2009-04-21 Cheman Shaik Password self encryption method and system and encryption by keys generated from personal secret information

Similar Documents

Publication Publication Date Title
CN107124268B (en) Privacy set intersection calculation method capable of resisting malicious attacks
US8670563B2 (en) System and method for designing secure client-server communication protocols based on certificateless public key infrastructure
Tseng et al. A chaotic maps-based key agreement protocol that preserves user anonymity
CN110113155B (en) High-efficiency certificateless public key encryption method
EP2361462B1 (en) Method for generating an encryption/decryption key
CN108632261B (en) Multi-party quantum summation method and system
EP0786178A1 (en) Secret-key certificates
KR100989185B1 (en) A password authenticated key exchange method using the RSA
CN110719172B (en) Signature method, signature system and related equipment in block chain system
CN110999202A (en) Computer-implemented system and method for highly secure, high-speed encryption and transmission of data
CN111416712B (en) Quantum secret communication identity authentication system and method based on multiple mobile devices
Huang et al. A secure communication over wireless environments by using a data connection core
Kwon et al. Efficient verifier-based password-authenticated key exchange in the three-party setting
CN113132104A (en) Active and safe ECDSA (electronic signature SA) digital signature two-party generation method
CN114362912A (en) Identification password generation method based on distributed key center, electronic device and medium
CN110740034A (en) Method and system for generating QKD network authentication key based on alliance chain
CN116055136A (en) Secret sharing-based multi-target authentication method
Eslami et al. Provably Secure Group Key Exchange Protocol in the Presence of Dishonest Insiders.
CN113326326A (en) Method for sending data encryption protection based on block chain
Basu et al. Secured hierarchical secret sharing using ECC based signcryption
CN114221753A (en) Key data processing method and electronic equipment
Meng et al. A secure and efficient on-line/off-line group key distribution protocol
Chawdhury et al. Security enhancement of MD5 hashed passwords by using the unused bits of TCP header
WO2011039774A1 (en) Method and system for generating random sequences for authentication protocols
Afroz et al. A Secure Mutual Authentication Protocol for IoT using ID Verifier Based on ECC

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 10820018

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 10820018

Country of ref document: EP

Kind code of ref document: A1