Presentation is loading. Please wait.

Presentation is loading. Please wait.

Efficient remote mutual authentication and key agreement Improvement of Chien et al. ’ s remote user authentication scheme using smart cards An efficient.

Published bySusanna Harrington Modified over 8 years ago

Similar presentations

Presentation on theme: "Efficient remote mutual authentication and key agreement Improvement of Chien et al. ’ s remote user authentication scheme using smart cards An efficient."— Presentation transcript:

1 Efficient remote mutual authentication and key agreement Improvement of Chien et al. ’ s remote user authentication scheme using smart cards An efficient nonce-based authentication scheme with key agreement Efficient nonce-based remote user authentication scheme using smart cards An improvement of Hwang-Lee-Tang ’ s simple remote user authentication scheme Authors: Wen-Gong Shieh and Jian-Min Wang Source: Computers & Security, 25(1), pp. 72-77, 2006. Authors: Sung-Woon Lee, Hyun-Sung Kim and Kee-Young Yoo Source: Computers Standards & Interfaces, 27(1), pp. 181-183, 2005. Authors: Yen-Cheng Chen and Lo-Yao Yeh Source: Applied Mathematics and Computation, 169(1), pp. 982-994, 2005. Authors: Sung-Woon Lee, Hyun-Sung Kim and Kee-Young Yoo Source: Applied Mathematics and Computation, 167(1), pp. 355-361, 2005. Authors: Eun-Jun Yoon, Eun-Kyung Ryu and Kee-Young Yoo Source: Computers & Security, 24(1), pp. 50-56, 2005. Reporter: Chun-Ta Li ( 李俊達 )

2 2 Outline  Introduction  Chien et al ’ s scheme and Hsu ’ s attack  Juang ’ s scheme and Shieh et al. ’ s attack  Shieh et al. ’ s scheme  Lee et al. ’ s scheme (CSI)  Chen et al. ’ s scheme  Lee et al. ’ s scheme (AMC)  Yoon et al. ’ s scheme  Comments

3 3 Introduction  Motivation Password-based authentication  Dictionary attack  Solutions: public key encryption Light computational overhead  Hashing function or symmetric encryption used in an authentication protocol Smart card-based authentication scheme  Well-chosen password is stored in a smart card Nonce-based or timestamp-based approaches

4 4 Introduction (cont.)  History In 1981, Lamport proposed first password-based remote user authentication scheme over an insecure channel (store verification table) In 1993, Chang-Wu introduced remote password authentication scheme with smart cards (can ’ t freely change passwords) In 2000, Hwang-Li proposed a password-based remote user authentication scheme using smart cards (no verification or password table) In 2002, Hwang-Lee-Tang proposed a simple remote authentication scheme (freely change passwords)

5 5 Introduction (cont.)  Requirements No verification and password table Freely changing password Mutual authentication Low computation Without synchronized clock Key agreement Some security issues

6 6 Introduction (cont.)  Classification Password-based user authentication Smart cards Without using smart cards timestampnonce mutual authentication without mutual authentication . Yoon 2004 without mutual authentication mutual authentication . Awasthi 2004 . Chen 2005 . Shieh 2006 . Lee 2005 . Chien 2002 . Juang 2004 . Wang 2005 . Lee 2005 . Yoon 2005 . Ku 2004 . Kwon 2005 . Lamport 1981 . Peyravian 2006 Share ID and PW No verification and password table

7 7 Chien et al ’ s scheme and Hsu ’ s attack  Registration phase  Login/verification phase UserServer 1. ID i, PWi 2. Ri = h(ID i ⊕ x) ⊕ PWi 3. Smart card{Ri, h(.)} UserServer 3. ID i, T, C2 1. C1 = Ri ⊕ PWi 2. C2 = h(C1 ⊕ T) 4. Check ID i and T 5. C1 ’ = h(ID i ⊕ x) 6. Check h(C1 ’ ⊕ T) ?= C2 7. C3 = h(C1 ’ ⊕ T ” ) 8. T ”, C3 9. Check T ” 10. Check h(C1 ⊕ T ” ) ?= C3

8 8 Chien et al ’ s scheme and Hsu ’ s attack (cont.)  Hsu ’ s parallel session attack (2004) // C2 = h(C1 ⊕ T) // Ri = h(IDi ⊕ x) ⊕ PWi // C1 = Ri ⊕ PWi // C3 = h(C1 ’ ⊕ T ” )

9 9 Juang ’ s scheme and Shieh et al. ’ s attack  Registration phase  Login/verification phase UserServer 1. ID i, PWi 2. Vi = h(ID i, x) 4. Smart card{Wi, ID i, h(.)} 3. Wi = Vi ⊕ PWi // C i = h(ID i || N 1 ) // V i = Wi ⊕ PWi Decrypt E V i (ru j, C i ) Check Ci ?= h(ID i || N 1 ) // session key K j = h(rs j, rs u, V i )

10 10 Juang ’ s scheme and Shieh et al. ’ s attack (cont.)  Shieh et al. ’ s off-line plain-text attack (2006) // C i = h(ID i || N 1 ) // V i = Wi ⊕ PWi = h(ID i, x)

11 11 Shieh et al. ’ s scheme  Registration phase: the same as that of Chien et al. ’ s scheme  Login/key agreement phase UserServer 3. ID i, T u, MAC u 11. T u, T s, MAC s 16. T s, MAC u ” 1. ai = Ri ⊕ PWi = h(ID i ⊕ x) 2. MAC u = h(T u || ai) and store T u temporarily until the end of the session 4. Check T u is fresh or not 5. ai ’ = h(ID i ⊕ x) and 6. MAC u ’ = h(T u || ai ’ ) 7. Check MAC u ’ ?= MAC u 8. Temporarily store (T u, T s ) and ID i 9. MAC s = h(T u || T s || ai ’ ) 10. Session key K s = h((T u || T s ) ⊕ ai ’ ) 12. MAC s ’ = h(T u || T s || ai) 13. Check MAC s ’ ?= MAC s 14. MAC u ” = h(T s || (ai+1)) 15. Session key K s = h((T u || T s ) ⊕ ai) 17. Check T s and MAC u ” 18. If above holds, accept user ’ s login

12 12 Shieh et al. ’ s scheme (cont.)  Messages transmitted in proposed scheme using synchronized clock // MAC u = h(T u || ai) // ai = Ri ⊕ PWi = h(ID i ⊕ x) // MAC s = h(T u || T s || ai ’ )

13 13 Shieh et al. ’ s scheme (cont.)  Messages transmitted in parallel session attack

14 14 Lee et al. ’ s scheme (CSI)  Registration/Login phase: the same as that of Chien et al. ’ s scheme  Verification phase: UserServer 4. Check IDi and T 5. C1 ’ = h(ID i ⊕ x) 6. Check h(C1 ’ ⊕ T) ?= C2 7. C3 = h(h(C1 ’ ⊕ T ” )) 8. T ”, C3 9. Check T ” 10. Check h(h(C1 ⊕ T ” )) ?= C3

15 15 Chen et al. ’ s scheme  Registration phase: the same as that of Chien et al. ’ s scheme  Login/Authentication phase: UserServer 1. ai = Ri ⊕ PWi = h(ID i ⊕ x) 2. M1= h 2 (ID i ⊕ x) ⊕ N 1 3. ID i, M1 4. Compute h 2 (ID i ⊕ x) and extract N 1 by computing M1 ⊕ h 2 (ID i ⊕ x) 5. M2 = h(h(ID i ⊕ x)||N 1 ) ⊕ N 2 and M3 = h(h(ID i ⊕ x)||N 1 ||N 2 ) 6. M2, M3 7. Compute h(h(ID i ⊕ x)||N 1 ) and extract N 2 by computing M2 ⊕ h(h(ID i ⊕ x)||N 1 ) 8. Verifies M3 ?= h(h(IDi ⊕ x)||N 1 ||N 2 ) 9. M4 = h(h 2 (ID i ⊕ x)||N 1 +1||N 2 +1) 10. M4 11. Verifies M4 ?= h(h 2 (ID i ⊕ x)||N 1 +1||N 2 +1) 12. Session key K s = h(h 3 (ID i ⊕ x)||N 1 +2 || N 2 +2)

16 16 Lee et al. ’ s scheme (AMC) Parallel session attack

17 17 Yoon et al. ’ s scheme  Registration phase:  Login/Authentication phase:

18 18 Comments  Comparison Mutual authentication (steps) Session key agreement Use of timestamp Computation load Shieh et al. Lee et al. (CSI) Chen et al. Lee et al. (AMC)No Yes Yes/NoYes (3) Yes (2) Yes (3) No Yes No Yes 10H + 6 ⊕ 7H + 8 ⊕ 19H + 15 ⊕ 6H + 7 ⊕ Yoon et al. Yes (2)No 6H + 2 ⊕ Yes

19 19 Comments (cont.)  Forward secrecy When compromise of the secret key x, the agreed session key can be constructed by the attacker Solutions: Diffie-Hellman key exchange algorithm  Let N 1 = g x and N 2 = g y  Session key = g xy

20 20 Comments (cont.)  Identity problems No verification tables in remote server Impersonation attack  A legitimate user can purposely obtain another valid (ID, PW) by the following tricks: The user declared that he lost his smart card To register a new valid (ID, PW) The original smart card is still legal to use

Download ppt "Efficient remote mutual authentication and key agreement Improvement of Chien et al. ’ s remote user authentication scheme using smart cards An efficient."

Similar presentations

AUTHENTICATION AND KEY DISTRIBUTION

AUTHENTICATION AND KEY DISTRIBUTION
DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13

DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13
DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13 DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13 Digital Signatures Authentication.

DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13 DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13 Digital Signatures Authentication.
1 東南技術學院九十二學年度第二學期 資工系第一次論文發表會 Analysis of an Improved Version of S/KEY One-Time Password Authentication Scheme Speaker: Maw-Jinn Tsaur 2004.05.12.

1 東南技術學院九十二學年度第二學期 資工系第一次論文發表會 Analysis of an Improved Version of S/KEY One-Time Password Authentication Scheme Speaker: Maw-Jinn Tsaur
多媒體網路安全實驗室 An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards 作者 :JongHyup LEE 出處.

多媒體網路安全實驗室 An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards 作者 :JongHyup LEE 出處.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Kerberos Assisted Authentication in Mobile Ad-hoc Networks Authors: Asad Amir Pirzada and Chris McDonald Sources: Proceedings of the 27th Australasian.

Kerberos Assisted Authentication in Mobile Ad-hoc Networks Authors: Asad Amir Pirzada and Chris McDonald Sources: Proceedings of the 27th Australasian.
CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Further improvement on the modified authenticated key agreement scheme Authors: N.Y. Lee and M.F. Lee Source: Applied Mathematics and Computation, Vol.157,

Further improvement on the modified authenticated key agreement scheme Authors: N.Y. Lee and M.F. Lee Source: Applied Mathematics and Computation, Vol.157,
A Secure Remote User Authentication Scheme with Smart Cards Manoj Kumar 報告者 : 許睿中 日期 :11.23 1.

A Secure Remote User Authentication Scheme with Smart Cards Manoj Kumar 報告者 : 許睿中 日期 :
Computer and Information Security 期末報告 學號 92321501 姓名 莊玉麟.

Computer and Information Security 期末報告 學號 姓名 莊玉麟.
A simple remote user authentication scheme 1. M. S. Hwang, C. C. Lee and Y. L. Tang, “A simple remote user authentication.

A simple remote user authentication scheme 1. M. S. Hwang, C. C. Lee and Y. L. Tang, “A simple remote user authentication.
CMSC 414 Computer and Network Security Lecture 17 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 17 Jonathan Katz.
電子商務與數位生活研討會 1 Further Security Enhancement for Optimal Strong-Password Authentication Protocol Tzung-Her Chen, Gwoboa Horng, Wei-Bin Lee,Kuang-Long Lin.

電子商務與數位生活研討會 1 Further Security Enhancement for Optimal Strong-Password Authentication Protocol Tzung-Her Chen, Gwoboa Horng, Wei-Bin Lee,Kuang-Long Lin.
CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
1 A secure broadcasting cryptosystem and its application to grid computing Eun-Jun Yoon, Kee-Young Yoo Future Generation Computer Systems (2010),doi:10.1016/j.future.2010.09.012.

1 A secure broadcasting cryptosystem and its application to grid computing Eun-Jun Yoon, Kee-Young Yoo Future Generation Computer Systems (2010),doi: /j.future
1 Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment Authors : Han-Cheng Hsiang and Wei-Kuan Shih.

1 Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment Authors : Han-Cheng Hsiang and Wei-Kuan Shih.
Efficient Multi-server Password Authenticated Key Agreement Using Smart Cards Computer and Information Security 92321509 Ming-Hong Shih.

Efficient Multi-server Password Authenticated Key Agreement Using Smart Cards Computer and Information Security Ming-Hong Shih.

Similar presentations

Ads by Google