孫國偉 Efficient Password authenticated key agreement using smart cards Author : Wen-Shenq Juang* Date : in Computers & Security
Introduction: What is the smart card What is the smart card What does it must to have merits What does it must to have merits Review Chien et al.s(2002) Review Chien et al.s(2002) Our protocol Our protocol Security analysis Security analysis
What is smart card
Main merits: No verification table: UserServer ID1 PW1 ID2 PW2 ID3 PW3.
Main merits: Freely chosen password: Users can feely choose Their own passwords
Main merits: Lower communication and computation cost: They may not provide a powerful computation capability and high bandwidth
Main merits: Mutual authentication: Users and servers can authenticate each other
Review Chien et al.s(2002) The registration phase The login phase The verification phase
The registration phase ServerUser Smart Card ID = identity PW= password x = server’s secret key
The login phase Smart Card Reader Server T = current timestamp
The verification phase ServerUser Reject
The drawbacks Time-synchronization problem user’s time and server’s time must differ only in small range No provide key agreement
Our protocol Registration phase Login and session key agreement phase
The registration phase ServerUser Smart Card ID = identity PW= password x = server’s secret key
Login and session key agreement phase
Security analysis