Department of Computer Engineering, Kyungpook National University Author : Eun-Jun Yoon, Wan-Soo Lee, Kee-Young Yoo Speaker : Wan-Soo Lee Date : (Thu) Secure Remote User Authentication Scheme Using Bilinear Pairings
Information Security Lab. 2/15 Contents Introduction Review of Das et al.’s scheme Cryptanalysis of Das el al.’s scheme Impersonation attack Off-Line password guessing attack Proposed scheme Conclusion
Information Security Lab. 3/15 Introduction Remote user authentication Along with confidentiality and integrity, for systems that allow remote access over untrustworthy networks, like the Internet Das et al.’s scheme (In 2006) proposed a remote user authentication scheme using bilinear pairing Our refutation Insecure against the impersonation attack and off-line password guessing attack
Information Security Lab. 4/15 Introduction Bilinear Pairing Let G 1, G 2 be cyclic groups of same order q. G 1 : an additive group, G 2 : a multiplicative group Definition A bilinear map from 1.Bilinear: 2.Non-degenerate: 3.Computability:
Information Security Lab. 5/15 Introduction Mathematical Problems Definition 1 Definition 2
Information Security Lab. 6/15 Das et al.’s Authentication Scheme Setup Phase : G 1 : an additive cyclic group of order prime q G 2 : a multiplicative cyclic group of the same order. P : a generator of G 1 Bilinear mapping e : G 1 × G 1 ∈ G 2 Hash function H : {0, 1}* → G 1 ① RS selects a secret key s and computes Pub RS = sP. ② RS publishes and keeps s secret.
Information Security Lab. 7/15 Das et al.’s Authentication Scheme Registration Phase : ID i, PW i Smart Card (Secure Channel) Select ID i, PW i Reg IDi ← s H(ID i )+H(PW i ) Store ID i, Reg IDi, H() in Smart Card
Information Security Lab. 8/15 Das et al.’s Authentication Scheme Login and Verification Phase : { ID i, DID i, V i, T} Input ID i, Pw i Pick up T DID i ← T Reg IDi V i ← T H(PW i ) Check (T* - T) ≤ ∆T Check e(DID i – V i, P)=e(H(ID i ), Pub RS ) T
Information Security Lab. 9/15 Cryptanalysis of Das el al.’s scheme Impersonation attack { ID i, DID i, V i, T} { ID i, DID’ i, V’ i, T’}
Information Security Lab. 10/15 Cryptanalysis of Das el al.’s scheme Off-line password guessing attack { ID i, DID i, V i, T}
Information Security Lab. 11/15 Proposed scheme Setup Phase : G 1 : an additive cyclic group of order prime q G 2 : a multiplicative cyclic group of the same order. P : a generator of G 1 Bilinear mapping e : G 1 × G 1 ∈ G 2 Hash function H : {0, 1}* → G 1 F(·) : a collision resistant one-way hash function ① RS selects a secret key s and computes Pub RS = sP. ② RS publishes and keeps s secret.
Information Security Lab. 12/15 Proposed scheme Registration Phase : ID i, F(Pw i |N) Smart Card (Secure Channel) Select ID i, Pw i, N U ← H(ID i, ID s ) K i ← s U VK i ← F(K i ) Reg IDi ← K i + H(F(Pw i |N) Store U, VK i, Reg IDi,H(), F() in Smart Card Enter N into Smart Card compute F(Pw i |N)
Information Security Lab. 13/15 Proposed scheme Login and Session key agreement Phase : { ID i, C 1 } { C 2, C 3 } Input ID i, PW i K i ← Reg IDi – H(F(PW i |N) { C 4 } Verify ID i U ← H(ID i, ID s )
Information Security Lab. 14/15 Comparison Security Properties Das el al.’s schemeProposed scheme Passive attackSecure Active attackInsecureSecure Guessing attackInsecureSecure Stolen smart card attackInsecureSecure Insider attackInsecureSecure Secure password changeNot provideProvide Mutual authenticationNot provideProvide Session key distributionNot provideProvide Perfect forward secrecyNot provideProvide Wrong password detectionSlowFast TimestampRequiredNot Required
Information Security Lab. 15/15 Conclusion Das el al’s scheme is vulnerable to an impersonation attack and an off-line password guessing attack Improved authentication scheme based on bilinear computational D-H problem one-way hash function »» Provides mutual authentication between the user and remote system. »» Not require time synchronization or delay-time limitations Future work : Must be proved formally
Information Security Lab. 16/15 Thank you Q & A