Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computer and Information Security 期末報告 學號 92321501 姓名 莊玉麟.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Computer and Information Security 期末報告 學號 92321501 姓名 莊玉麟."— Presentation transcript:

1 Computer and Information Security 期末報告 學號 92321501 姓名 莊玉麟

2 Attacks on the (enhanced) Yang-Shieh authentication Author: Ke-Fei Chen, Sheng Zhong Source: Computers and Security, Volume: 22, Issue: 8, December, 2003, pp. 725-727 Speaker: Yu-Lin Chuang

3 Outline Yang-Shieh’s scheme(1999/12) Chan-Cheng’s attack(2002/1) Chen’s attack(2003/12) Conclusion

4 Yang-Shieh ’ s Scheme Registration phase : KIC (Key Information Center) 1. Generates primes p, q, and n=pq 2. ed=1 (mod (p-1)(q-1)), e is a prime and d is a int. 3. Find a primitive element g in GF(p) and GF(q) 4. S i =ID i d mod n 5. Generates CID i and h i =g PW i ×d mod n 6. Public: n, e, g ; only KIC know: p, q, d 7. Write n, e, g, ID i, CID i, S i, h i to smart card U i : user ID i : user’s identity PW i : chosen password

5 New user Ui submits IDi and PWi to KIC ID i, PW i Generate p, q, and n=pq Prime number e and an integer d ed=1(mod(p-1)(q-1)) Find an integer g in GF(p) and GF(q) User iKIC S i =ID i d mod n Generate CID i and computes h i =g PW i ×d mod n n, e, g, ID i, CID i, S i, h i Smart Card

6 Login phase : 1. Key in ID i and PW i 2. Generates a random number r i 3. M = {ID i, CID i, X i, Y i, n, e, g, T} X i =g r i ×PW i mod n Y i =S i × h i r i ×f(CID i,T) mod n Where T is the current time used as a timestamp and f(x,y) is a one-way hash function

7 Verify phase : 1. Verify ID i and CID i 2. Check T and T’ 3. Check Y i e mod n = ID i × X i f(CID i,T) mod n

8 Login and Verify phase Key in ID i and PW i ID i, CID i, X i, Y i, n, e, g, T Check ID i and CID i Check T and T’ Y i e mod n = ID i × X i f(CID i,T) mod n Smart cardRemote system Random number r i X i =g r i × PW i mod n Y i =S i × h i r i × f(CID i,T) mod n

9 Yang-Shieh ’ s Scheme Y i e mod n = ID i × X i f(CID i,T) mod n Y i = S i × h i r i × f(CID i,T) mod n = ID i d × g PW i × d × r i × f(CID i,T) mod n (S i = ID i d mod n, h i =g PW i × d mod n) X i =g r i × PW i mod n

10 Chan-Cheng’s attack ID f = Y i e mod n X f = Y i e mod n ID f, CID i, X f, Y f, n, e, g, T c Check ID f and CID i Check T c and T c ’ Y f e mod n = ID f × X f f(CID i,T c ) mod n Smart cardRemote system Y f =Y i × Y i f(CID i,T c ) mod n

11 Fan et al.’s attack Random number r, k ID f = r e mod n X f = k e mod n ID f, CID i, X f, Y f, n, e, g, T c Check ID f and CID i Check T c and T c ’ Y f e mod n = ID f × X f f(CID i,T c ) mod n Smart cardRemote system Y f = rk f(CID i,T c ) mod n

12 Fan et al. ’ s Improvement RSA should be 1024 bits ID i range between 1 and 2 27 - 1

13 Chen ’ s attacks If e < 27, choose X f =1, Y f =2, and ID f =Y f e Y f e = ID f × X f f(CID i,T) (mod n) ID f =2 e [1, 2 27 - 1]

14 Chen ’ s attacks (cont.) If e ≧ 27 1. Pick a valid CID j at random 2. Extended Euclidean algorithm: gcd(e,f(CID j, T)) 3. If gcd(e,f(CID j, T))=1, let a × e + b × f(CID j,T) = 1, else go to step 1 4. Y f = ID i a mod n X f = ID i -b mod n M={ID i, CID j, X f, Y f, n, e, g, T}

15 Chen ’ s attacks (cont.) Y f e =ID i a × e (mod n) =ID i 1-b × f(CID j, T) (mod n) =ID i × (ID i -b ) f(CID j, T) (mod n) =ID i (X f ) f(CID j, T) (mod n) Y f = ID i a mod n X f = ID i -b mod n a×e + b×f(CID j, T) = 1

16 Conclusions Cannot fix the scheme by adding a simple restriction on the range of the smart card identifiers Pick T slightly ahead of the current time

Download ppt "Computer and Information Security 期末報告 學號 92321501 姓名 莊玉麟."

Similar presentations

多媒體網路安全實驗室 An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards 作者 :JongHyup LEE 出處.

多媒體網路安全實驗室 An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards 作者 :JongHyup LEE 出處.
Further improvement on the modified authenticated key agreement scheme Authors: N.Y. Lee and M.F. Lee Source: Applied Mathematics and Computation, Vol.157,

Further improvement on the modified authenticated key agreement scheme Authors: N.Y. Lee and M.F. Lee Source: Applied Mathematics and Computation, Vol.157,
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.

Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
A Secure Remote User Authentication Scheme with Smart Cards Manoj Kumar 報告者 : 許睿中 日期 :11.23 1.

A Secure Remote User Authentication Scheme with Smart Cards Manoj Kumar 報告者 : 許睿中 日期 :
A simple remote user authentication scheme 1. M. S. Hwang, C. C. Lee and Y. L. Tang, “A simple remote user authentication.

A simple remote user authentication scheme 1. M. S. Hwang, C. C. Lee and Y. L. Tang, “A simple remote user authentication.
電子商務與數位生活研討會 1 Further Security Enhancement for Optimal Strong-Password Authentication Protocol Tzung-Her Chen, Gwoboa Horng, Wei-Bin Lee,Kuang-Long Lin.

電子商務與數位生活研討會 1 Further Security Enhancement for Optimal Strong-Password Authentication Protocol Tzung-Her Chen, Gwoboa Horng, Wei-Bin Lee,Kuang-Long Lin.
A password authentication scheme with secure password updating SEC 期末報告 學號: 89321037 姓名:翁玉芬.

A password authentication scheme with secure password updating SEC 期末報告 學號: 姓名:翁玉芬.
1 Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment Authors : Han-Cheng Hsiang and Wei-Kuan Shih.

1 Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment Authors : Han-Cheng Hsiang and Wei-Kuan Shih.
90321011 孫國偉 Efficient Password authenticated key agreement using smart cards Author : Wen-Shenq Juang* Date : 2003.11.26 in Computers & Security.

孫國偉 Efficient Password authenticated key agreement using smart cards Author : Wen-Shenq Juang* Date : in Computers & Security.
1 An ID-based multisignature scheme without reblocking and predetermined signing order Chin-Chen Chang, Iuon-Chang Lin, and Kwok-Yan Lam Computer Standards.

1 An ID-based multisignature scheme without reblocking and predetermined signing order Chin-Chen Chang, Iuon-Chang Lin, and Kwok-Yan Lam Computer Standards.
An Improved Smart Card Based Password Authentication Scheme with Provable Security Source:Computer Standards & Interfaces, Vol. 31, No. 4, pp. 723-728,

An Improved Smart Card Based Password Authentication Scheme with Provable Security Source:Computer Standards & Interfaces, Vol. 31, No. 4, pp ,
A more efficient and secure dynamic ID- based remote user authentication scheme Yan-yan Wang, Jia-yong Liu, Feng-xia Xiao, Jing Dan in Computer Communications.

A more efficient and secure dynamic ID- based remote user authentication scheme Yan-yan Wang, Jia-yong Liu, Feng-xia Xiao, Jing Dan in Computer Communications.
1 Hidden Exponent RSA and Efficient Key Distribution author: He Ge Cryptology ePrint Archive 2005/325 PDFPDF 報告人:陳昱升.

1 Hidden Exponent RSA and Efficient Key Distribution author: He Ge Cryptology ePrint Archive 2005/325 PDFPDF 報告人:陳昱升.
Chapter 3 Encryption Algorithms & Systems (Part C)

Chapter 3 Encryption Algorithms & Systems (Part C)
Improvement of Hwang-Lo-Lin scheme based on an ID-based cryptosystem No author given (Korea information security Agency) Presented by J.Liu.

Improvement of Hwang-Lo-Lin scheme based on an ID-based cryptosystem No author given (Korea information security Agency) Presented by J.Liu.
Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.5 Public Key Algorithms.

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.5 Public Key Algorithms.
Computer Science Public Key Management Lecture 5.

Computer Science Public Key Management Lecture 5.
An Enhanced Two-factor User Authentication Scheme in Wireless Sensor Networks DAOJING HE, YI GAO, SAMMY CHAN, CHUN CHEN, JIAJUN BU Ad Hoc & Sensor Wireless.

An Enhanced Two-factor User Authentication Scheme in Wireless Sensor Networks DAOJING HE, YI GAO, SAMMY CHAN, CHUN CHEN, JIAJUN BU Ad Hoc & Sensor Wireless.
Digital Signatures (DSs) The digital signatures cannot be separated from the message and attached to another The signature is not only tied to signer but.

Digital Signatures (DSs) The digital signatures cannot be separated from the message and attached to another The signature is not only tied to signer but.
CS5204 – Fall 2009 1 Cryptographic Security Presenter: Hamid Al-Hamadi October 13, 2009.

CS5204 – Fall Cryptographic Security Presenter: Hamid Al-Hamadi October 13, 2009.

Similar presentations

Ads by Google