Download presentation
Presentation is loading. Please wait.
1
A Secure Remote User Authentication Scheme with Smart Cards Manoj Kumar http://eprint.iacr.org/2008/331,2008 報告者 : 許睿中 日期 :11.23 1
2
Outline Introduction Notations Scheme Conclusions 2
3
Introduction 3 Register phase Login phase USER SERVER Authentication phase
4
Introduction The point of vulnerabilities in a remote user authentication scheme: – Security vulnerabilities due to remote user – Security vulnerabilities due to remote server – Security vulnerabilities due to insecure channel To solve these vulnerabilities: – mutual authentication – Secure session key generation 4
5
Outline Introduction Notations Scheme Conclusions 5
6
Notations 6 U denote a remote user ID denote an identify of a remote user U ID S denote an identify of a remote server PW denote a password corresponding to a register identify ID AS denote an authentication server XSXS denote a permanent secert key of an authentication server f(. ) denote a cryptographic one way hash function ⊕ XOR operation U↔AS:M the user U send M to the server AS through a secert channel U→AS:M the user U send M to the server AS through a open channel p denote a large prime number S ID the redirected identify corresponding to a registered identifity ID C ID denote a check digit sum corresponding to a register idebtify ID Red(. ) a function to redirect the identity ID for every user U C K (. ) a function to generatr check digit for registered identify
7
Outline Introduction Notations Schema Conclusions 7
8
Scheme The Register phase The Login phase The Verification phase The Password change phase 8
9
The Register phase 9 US
10
The Login phase 10 U S
11
The Verification phase 11 U S
12
The Verification phase 12 US
13
The Password change phase 13 US
14
Outline Introduction Notations Scheme Conclusions 14
15
C onclusions This scheme not only provides mutual authentication between the user and server, but also establishes a common session key to provide message confidentiality. In the password change phase of the propose protocol, each user can change his password without connect to any server. 15
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.