1 Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment Authors ： Han-Cheng Hsiang and Wei-Kuan Shih Speaker ： Chun-Yen Lee Date ： 2009/7/15 Source: to appear in Computer Standards & Interfaces

2 Outline Review of Liao-Wang’s scheme Cryptanalysis of Liao-Wang’s scheme The improved scheme Performance comparisons

3 Review of Liao-Wang’s scheme Registration phase secure channel

4 Review of Liao-Wang’s scheme Login phase

5 Mutual verification and session key agreement phase (1/2)

6 Mutual verification and session key agreement phase (2/2)

7 Masquerade attack U E is a legal user. U E intercepted the message { CID i, P ij, Q i, N i }. Eve computes Eve obtains T i, h(PW i ) and B i, so he can masquerade U i.

8 The improved scheme RC x, r, y Server j Registration phase U i computes UiUi RC ID i, h(b ⊕ PW i ) (V i, B i, H i, R i, h( )) (ID i, V i, B i, b, H i, R i, h( ))

9 The improved scheme Login phase UiUi Inputs PW i (CID i, P ij, Q i, D i, C 0, N i ) Server j

10 The improved scheme (verification phase) Server j RC (M jr, SID j, D i, C 0, N i ) ( C 1, C 2, N rj )

11 The improved scheme (verification phase) Server j UiUi Session key: h(B i ||A i ||N i ||N j ||SID j )

12 Performance comparisons