Security of a Remote Users Authentication Scheme Using Smart Cards

Slides:

Advertisements

Similar presentations

Further improvement on the modified authenticated key agreement scheme Authors: N.Y. Lee and M.F. Lee Source: Applied Mathematics and Computation, Vol.157,

Advertisements

P RIVACY -P RESERVING A UTHENTICATION OF U SERS WITH S MART C ARDS U SING O NE -T IME C REDENTIALS Author: Jun-Cheol PARK Source: IEICE TRANS. INF&SYST.

A Secure Remote User Authentication Scheme with Smart Cards Manoj Kumar 報告者 : 許睿中日期 :

Computer and Information Security 期末報告學號姓名莊玉麟.

1 Security analysis of an enhanced authentication key exchange protocol Authors ： H.Y. Liu, G.B. Horng, F.Y. Hung Presented by F.Y. Hung Date ： 2005/5/20.

A simple remote user authentication scheme 1. M. S. Hwang, C. C. Lee and Y. L. Tang, “A simple remote user authentication.

電子商務與數位生活研討會 1 Further Security Enhancement for Optimal Strong-Password Authentication Protocol Tzung-Her Chen, Gwoboa Horng, Wei-Bin Lee,Kuang-Long Lin.

1 Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment Authors ： Han-Cheng Hsiang and Wei-Kuan Shih.

An Improved Smart Card Based Password Authentication Scheme with Provable Security Source:Computer Standards & Interfaces, Vol. 31, No. 4, pp ,

A more efficient and secure dynamic ID- based remote user authentication scheme Yan-yan Wang, Jia-yong Liu, Feng-xia Xiao, Jing Dan in Computer Communications.

Improvement of Hwang-Lo-Lin scheme based on an ID-based cryptosystem No author given (Korea information security Agency) Presented by J.Liu.

An Enhanced Two-factor User Authentication Scheme in Wireless Sensor Networks DAOJING HE, YI GAO, SAMMY CHAN, CHUN CHEN, JIAJUN BU Ad Hoc & Sensor Wireless.

多媒體網路安全實驗室 A novel user identification scheme with key distribution preserving user anonymity for distributed computer networks Date:2011/10/05 報告人：向峻霈.

Cryptanalysis of Two Dynamic ID-based Authentication

A Risk Analysis Approach for Biometric Authentication Technology Author: Arslan Brömme Submission: International Journal of Network Security Speaker: Chun-Ta.

1 Anonymous Roaming Authentication Protocol with ID-based Signatures Lih-Chyau Wuu Chi-Hsiang Hung Department of Electronic Engineering National Yunlin.

An Authenticated Payword Scheme without Public Key Cryptosystems Author: Chia-Chi Wu, Chin-Chen Chang, and Iuon-Chang Lin. Source: International Journal.

Efficient remote mutual authentication and key agreement Improvement of Chien et al. ’ s remote user authentication scheme using smart cards An efficient.

Secure Authentication Scheme with Anonymity for Wireless Communications Speaker : Hong-Ji Wei Date :

1 Robust and Efficient Password-Authenticated Key Agreement Using Smart Cards 使用在 smart cards 的強韌及高效率密碼驗證金鑰協定 IEEE Transactions on Industrial Electronics,

Department of Computer Engineering, Kyungpook National University Author : Eun-Jun Yoon, Wan-Soo Lee, Kee-Young Yoo Speaker : Wan-Soo Lee

Secure Communication between Set-top Box and Smart Card in DTV Broadcasting Authors: T. Jiang, Y. Hou and S. Zheng Source: IEEE Transactions on Consumer.

A flexible biometrics remote user authentication scheme Authors: Chu-Hsing Lin and Yi-Yi Lai Sources: Computer Standards & Interfaces, 27(1), pp.19-23,

MSN lab1 A novel deniable authentication protocol using generalized ElGamal signature scheme Source: Information Sciences, vol. 177, pp , 2007.

Password-based user authentication and key distribution protocols for client-server applications Authors: Her-Tyan Yeh and Hung-Min Sun Sources: The Journal.

Robust and Efficient Password- Authenticated Key Agreement Using Smart Cards Authors: Wen-Shenq Juang, Sian-Teng Chen and Horng-Twu Liaw Src: IEEE Transaction.

RSA-based password authenticated key exchange protocol Presenter: Jung-wen Lo( 駱榮問 )

1 An Ordered Multi-Proxy Multi-Signature Scheme Authors: Min-Shiang Hwang, Shiang-Feng Tzeng, Shu-Fen Chiou Speaker: Shu-Fen Chiou.

SPEAKER: HONG-JI WEI DATE: Efficient and Secure Anonymous Authentication Scheme with Roaming Used in Mobile Networks.

Threshold password authentication against guessing attacks in Ad hoc networks ► Chai, Zhenchuan; Cao, Zhenfu; Lu, Rongxing ► Ad Hoc Networks Volume: 5,

CS480 Cryptography and Information Security Huiping Guo Department of Computer Science California State University, Los Angeles 14. Digital signature.

An Efficient and Practical Authenticated Communication Scheme for Vehicular Ad Hoc Networks Source: IEEE Transactions on Vehicular Technology, Reviewing.

Non-PKI Methods for Public Key Distribution

Lightweight Mutual Authentication for IoT and Its Applications

A Dynamic ID-Based Generic Framework for Anonymous Authentication Scheme for Roaming Service in Global Mobility Networks Source: Wireless Personal Communications,

Source: The Journal of Systems and Software, Vol. 73, 2004, pp.507–514

無線環境的認證方法及其在電子商務應用之研究

Cryptanalyses and improvements of two cryptographic key assignment schemes for dynamic access control in a user hierarchy Source: Computer & Security,

Author:YongBin Zhou, ZhenFeng Zhang, and DengGuo Feng Presenter:戴士桀

Key Substitution Attacks on Some Provably Secure Signature Schemes

Author : Guilin Wang Source : Information Processing Letters

網路環境中通訊安全技術之研究 Secure Communication Schemes in Network Environments

Cryptanalysis on Mu–Varadharajan's e-voting schemes

A secure and traceable E-DRM system based on mobile device

Source : Future Generation Computer Systems, Vol. 68, pp , 2017

Efficient password authenticated key agreement using smart cards

A robust and anonymous patient monitoring system using wireless medical sensor networks Source: Future Generation Computer Systems, Available online 8.

Efficient Time-Bound Hierarchical Key Assignment Scheme

Chair Professor Chin-Chen Chang Feng Chia University

Authors: Wei-Chi KU, Hao-Chuan TSAI, Maw-Jinn TSAUR

Authors : Parwinder Kaur Dhillon and Sheetal Kalra

Source： Ad Hoc Networks, Vol. 71, pp , 2018

A Novel Latin Square-based Secret Sharing for M2M Communications

Lightweight IoT-based authentication scheme in cloud computing circumstance Source: Future Generation Computer Systems Volume 91, February 2019, Pages.

Lightweight IoT-based authentication scheme in cloud computing circumstance Source: Future Generation Computer Systems Volume 91, February 2019, Pages.

An efficient biometric based remote user authentication scheme for secure internet of things environment Source: Journal of Intelligent & Fuzzy Systems.

Authors：Debiao He, Sherali Zeadally, Neeraj Kumar and Wei Wu

Date:2011/09/28 報告人：向峻霈出處: Ren-Chiun Wang Wen-Shenq Juang

A lightweight biometrics based remote user authentication scheme for IoT services Source: Journal of Information Security and Applications Volume 34, Part.

Cryptology Design Fundamentals

Improvement of recently proposed Remote User Authentication Schemes

Authors: Yuh-Min TSENG, Tsu-Yang WU, Jui-DiWU

Source: Computer Networks Volume 149, 11 February 2019, Pages 29-42

II. REVIEW OF THE DAS ET AL. SCHEME

Improvement of Chien et al

Source: Sensors, Volume 19, Issue 9 (May )

Biometrics-based RSA Cryptosystem for Securing Real-Time Communication

A Distributed Sign-and-Encryption for Anonymity

Privacy Protection for E-Health Systems by

Improved Authenticated Multiple-Key Agreement Protocol

Presentation transcript:

Security of a Remote Users Authentication Scheme Using Smart Cards Author: Her-Tyan Yeh, Hung-Min Sun, Bin-Tsan Hsieh Source: IEICE transactions on Communications, Vol. E87-B, No.1, Jan. 2004. Speaker: Chih-Chiang Tsou Date: 2004.12.6

Outline Introduction Elgamal’s public key cryptosystem Hwang and Li’s scheme Chan and Cheng’s attack Proposed attack Conclusions

Introduction Remote password authentication User System Login Insecure channel

Elgamal’s public key cryptosystem P is a prime number, (P-1) has a large prime factor. g is the primitive element in GF(P). Ui has a secret key xi and a public key yi , If A wants to send M to B, A selects a random number r, and calculates Then A uses the public key yb of B and a random number r to encipher M:

Elgamal’s public key cryptosystem A sends (C1,C2) to B B can decipher M:

Hwang and Li’s scheme 1. Registration 2. Login x : System secret key P : Large prime f: one-way function S: Smart card ( f , P ) 1. Registration IDi (PWi ,S) Secure channel User (Ui) 2. Login System . random number r . After receive the Authentication message at time T’ Check the validity of IDi Check if (IDi ,C1 , C2 ,T)

Hwang and Li’s scheme (example) f: one-way function S: Smart card ( f , 17 ) 1. Registration IDi=10 (14 ,S) Secure channel User (Ui) 2. Login System . random number 5 . After receive the Authentication message at time T’ Check the validity of IDi Check (10 ,6 , 8 ,T)

Chan and Cheng’s attack Bob is a legitimate user. Bob has a smart card, IDb and PWb He wants to create a valid pair (IDf , PWf) He computes computes

Chan and Cheng’s attack (example) Bob has a smart card, IDb=10 and PWb=14 He wants to create a valid pair (IDf , PWf) He computes Computes System checks if

Proposed attack If Bob wants to impersonate the legal user Ui . Computes Submits IDE to the system for registration and then receives PWE and a smart card.

Proposed attack Because P is a large prime and gcd( PWE , P )=1. By quadratic residues, PWi can be easily found.

Proposed attack (example) If Bob wants to impersonate the legal user Ui .(IDi = 10) Computes Submits IDE =15 to the system for registration and then receives PWE = 9 and a smart card.

Conclusions The authors proposed another impersonation attack to show that Hwang and Li’s scheme is not secure. This attack is more powerful than the Chan and Chen’s attack that was proposed in 2000.