1. Threshold password authentication against guessing attacks in Ad hoc networks Authors: Zhenchuan Chai, Zhenfu Cao, Rongxing Lu Sources: Ad Hoc Networks, in press Reporter: Chun-Ta Li ( 李俊達 )

2. 2 Outline  Introduction  The proposed scheme  Discussions  Comments

3. 3 Introduction  Password authentication process Distributed fashion to enhance the overall availability of the system in MANETs No password table on the server nodes in MANETs System ’ s security should not be crippled even if some nodes are compromised in MANETs  (t, n) threshold password authentication

4. 4 Introduction (cont.)  Requirements No password/verification tables on server nodes Freely change password Mutual authentication System secret can ’ t be leaked even if some of the server nodes are compromised Resist the guessing attacks even if mobile device is lost Resistance to some security attacks

5. 5 The proposed scheme  Notations

6. 6 The proposed scheme (cont.)  Registration phase User UDealer (one of S i ) ID, h(PW) B i = h(ID) x i mod p  ticket ticket

7. 7 The proposed scheme (cont.)  Login phase User UGroup

8. 8 The proposed scheme (cont.)  Authentication phase User U Dealer (one of S i ) Check ID, T E i ’ = D x i B i ’ = h(ID) x i E i ’, B i ’ Verify C ?= h(T||E ’ ||B ’ ) Compute C ’ = h(B ’ ||E ’ ||T) ID, C ’, T ’ Check ID, T ’ Verify C ’ ?= h(B||E||T ’ )

9. 9 The proposed scheme (cont.)  Changing password by user without registration again New password PW*Original password PW 1. Check validity of PW (e.g. by interacting with ) 2. If PW is valid  replace β with β – h(PW) + h(PW*)

10. 10 Discussions  Changing password without registration phase  Mutual authentication  Security analysis Replay attacks, modification and stolen verifier attacks, parallel session attacks, off-line guessing attacks  Comparison

11. 11 Comments  Online guessing attack  Compromised nodes  Applied scenario New user join without trusted authority