Presentation is loading. Please wait.

Presentation is loading. Please wait.

Efficient Multi-server Password Authenticated Key Agreement Using Smart Cards Computer and Information Security 92321509 Ming-Hong Shih.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Efficient Multi-server Password Authenticated Key Agreement Using Smart Cards Computer and Information Security 92321509 Ming-Hong Shih."— Presentation transcript:

1 Efficient Multi-server Password Authenticated Key Agreement Using Smart Cards Computer and Information Security 92321509 Ming-Hong Shih

2 Source  Wen-Shenq Juang, IEEE Transactions on Consumer Electronics, Vol. 50, No. 1,pp. 251-255, Feb. 2004

3  we propose a novel user authentication and key agreement scheme using smart cards for multi-server environments with much less computational cost and more functionality.  In this scheme, we assume the registration center can be trusted.

4 major merits  users only need to register at the registration center once and can use permitted services in eligible servers.  the scheme does not need a verification table.  Users can freely choose their passwords.  the computation and communication cost is very low.  servers and users can authenticate each other.  it generates a session key agreed by the user and the server.  it is a nonce-based scheme which does not have a serious time-synchronization problem.

5 Notations  h() : a secure one-way hashing function  E k (m) : the ciphertext of m encrypted using the secret key k of some secure symmetric cryptosystem  D k (c) : the plaintext of c decrypted using the secret key k of the corresponding symmetric cryptosystem  ⊕ : the bitwise exclusive-or operator  RC : the registration center  S j : server j  U i : user i  UID i : a unique identification of U i  SID j : a unique identification of S j  x : the secret key kept secretly by RC  w j = h(x, SID j ) : the secret key shared by S j and RC

6 UiUi RC UID i, PW i v i =h (x, UID i ) μ i =v i ⊕ PW i Smart card (UID i, μ i ) 1. 2.1 2.2 v i,j =h (v i, SID i ) SjSj E wj (v i,j,UID i ) 3.2 3.1 E wj (v i,j,UID i ) Registration Phase

7 Login and Session Key Agreement Phase UiUi N 1, UID i, E v i,j (ru k,h(UID i ||N 1 )) Smart card 1. v i =μ i ⊕ PW i v i,j =h (v i, SID j ) SjSj D w j (E w j (v i,j,UID i )) 用來產生 kth session key sk k 用來確認 U i SjSj D v i,j (E v i,j (ru k,h(UID i ||N 1 ))) v i,j h(UID i ||N 1 ) E wj (v i,j,UID i )

8 UiUi UiUi N 1, UID i, E v i,j (ru k,h(UID i ||N 1 )) Smart card 1. SjSj E v i,j (rs k,N 1 +1,N 2 ) 2. 用來產生 kth session key sk k sk k =h(rs k,ru k,v i,j ) D v i,j (E v i,j (rs k,N 1 +1,N 2 )))

9 UiUi N 1, UID i, E v i,j (ru k,h(UID i ||N 1 )) 1. SjSj E v i,j (rs k,N 1 +1,N 2 ) 2. E sk k (N 2 +1) 3. SjSj D sk k (E sk k (N 2 +1)) UiUi SjSj sk k

10 Shared Key Inquiry Phase UiUi RC UID i, PW i v i =h (x, UID i ) μ i =v i ⊕ PW i Smart card (UID i, μ i ) 1. 2.1 2.2 v i,j =h (v i, SID i ) μ i =v i ⊕ PW i SjSj E wj (v i,j,UID i ) 3.2 3.1 E wj (v i,j,UID i )

11 UiUi N 1, UID i, E v i,j (ru k,h(UID i ||N 1 )) 1. SjSj E v i,j (rs k,N 1 +1,N 2 ) 2. E sk k (N 2 +1) 3. RC N 3, UID i, SID i, E w j (h(UID i ||SID i ||N 3 ) 1.1 RC D w j ( E w j (h(UID i ||SID i ||N 3 )) 用來認證 S j

12 UiUi N 1, UID i, E v i,j (ru k,h(UID i ||N 1 )) 1. SjSj E v i,j (rs k,N 1 +1,N 2 ) 2. E sk k (N 2 +1) 3. RC N 3, UID i, SID i, E w j (h(UID i ||SID i ||N 3 ) 1.1 E w j (v i,j,N 3 +1) 1.2 SjSj D w j (E w j (v i,j,N 3 +1)) v i,j is the share secrete key E wj (v i,j,N 3 +1)

13 SECURITY ANALYSIS  The secret μ i = v i ♁ PW i is stored in U i ’s smart card.  Only the real user U i knows his password PW i can compute the secret v i = μ i ♁ PW i and compute the shared secret v i,j = h(v i, SID j ) between U i and S j.  The replay attacks fail since the freshness of messages in the login and session key agreement phase and that in the shared key inquiry phase are preserved by the nonces N 1, N 2 and N 3.

14  The session key sk k =h( rs k, ru k, v i,j ) is known to nobody but U i and S j since the random values rs k and ru k are encrypted by the shared secret key v i,j.  A session key sk l =h( rs l, ru l, v i,j ) is no use for computing the other session key sk k =h( rs k, ru k, v i,j ), since without knowing rs k, ru k,v i,j, it is infeasible to compute sk k.

15 Comparisons between this scheme and others ThisLinJuang No verification tableYes Freely chosen passwordYes Communication and computation cost Very LowMedium Very Low Mutual authenticationYesNoYes Session key agreementYesNoYes Single registrationYes No No time synchronization problem YesNoYes

Download ppt "Efficient Multi-server Password Authenticated Key Agreement Using Smart Cards Computer and Information Security 92321509 Ming-Hong Shih."

Similar presentations

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
1 東南技術學院九十二學年度第二學期 資工系第一次論文發表會 Analysis of an Improved Version of S/KEY One-Time Password Authentication Scheme Speaker: Maw-Jinn Tsaur 2004.05.12.

1 東南技術學院九十二學年度第二學期 資工系第一次論文發表會 Analysis of an Improved Version of S/KEY One-Time Password Authentication Scheme Speaker: Maw-Jinn Tsaur
多媒體網路安全實驗室 An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards 作者 :JongHyup LEE 出處.

多媒體網路安全實驗室 An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards 作者 :JongHyup LEE 出處.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.

CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.
CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Further improvement on the modified authenticated key agreement scheme Authors: N.Y. Lee and M.F. Lee Source: Applied Mathematics and Computation, Vol.157,

Further improvement on the modified authenticated key agreement scheme Authors: N.Y. Lee and M.F. Lee Source: Applied Mathematics and Computation, Vol.157,
Public-key based. Public-key Techniques based Protocols –may use either weak or strong passwords –high computation complexity (Slow) –high deployment.

Public-key based. Public-key Techniques based Protocols –may use either weak or strong passwords –high computation complexity (Slow) –high deployment.
A Secure Remote User Authentication Scheme with Smart Cards Manoj Kumar 報告者 : 許睿中 日期 :11.23 1.

A Secure Remote User Authentication Scheme with Smart Cards Manoj Kumar 報告者 : 許睿中 日期 :
A simple remote user authentication scheme 1. M. S. Hwang, C. C. Lee and Y. L. Tang, “A simple remote user authentication.

A simple remote user authentication scheme 1. M. S. Hwang, C. C. Lee and Y. L. Tang, “A simple remote user authentication.
A Server-aided Signature Scheme Based on Secret Sharing for Mobile Commerce Source: Journal of Computers, Vol.19, No.1, April 2008 Author: Chin-Ling Chen,

A Server-aided Signature Scheme Based on Secret Sharing for Mobile Commerce Source: Journal of Computers, Vol.19, No.1, April 2008 Author: Chin-Ling Chen,
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.

Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
電子商務與數位生活研討會 1 Further Security Enhancement for Optimal Strong-Password Authentication Protocol Tzung-Her Chen, Gwoboa Horng, Wei-Bin Lee,Kuang-Long Lin.

電子商務與數位生活研討會 1 Further Security Enhancement for Optimal Strong-Password Authentication Protocol Tzung-Her Chen, Gwoboa Horng, Wei-Bin Lee,Kuang-Long Lin.
A password authentication scheme with secure password updating SEC 期末報告 學號: 89321037 姓名:翁玉芬.

A password authentication scheme with secure password updating SEC 期末報告 學號: 姓名:翁玉芬.
CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
1 A secure broadcasting cryptosystem and its application to grid computing Eun-Jun Yoon, Kee-Young Yoo Future Generation Computer Systems (2010),doi:10.1016/j.future.2010.09.012.

1 A secure broadcasting cryptosystem and its application to grid computing Eun-Jun Yoon, Kee-Young Yoo Future Generation Computer Systems (2010),doi: /j.future
1 Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment Authors : Han-Cheng Hsiang and Wei-Kuan Shih.

1 Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment Authors : Han-Cheng Hsiang and Wei-Kuan Shih.
90321011 孫國偉 Efficient Password authenticated key agreement using smart cards Author : Wen-Shenq Juang* Date : 2003.11.26 in Computers & Security.

孫國偉 Efficient Password authenticated key agreement using smart cards Author : Wen-Shenq Juang* Date : in Computers & Security.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

Similar presentations

Ads by Google