Improvement of Chien et al Improvement of Chien et al.'s remote user authentication scheme using smart cards Source: Computer Standards and Interfaces Volume: 27, Issue: 2, January, 2005, pp. 181-183 Authors: Lee, Sung-Woon; Kim, Hyun-Sung; Yoo, Kee-Young Speaker: Mei-Yu Lin Date: 2005/04/14

Outline Chien et al.’s scheme Chien et al.’s weakness Lee’s scheme Conclusion

Chien et al.’s scheme Ui Server (IDi, T1, C2) (T3, C3) 1.Registration phase: Compute Ri=h(IDi⊕x) ⊕PWi Store h(), Ri into Smard Card Select IDi, PWi 2.Login phase: Compute C1=Ri⊕PWi C2=h(C1⊕T1) 3.Verify phase: (IDi, T1, C2) Check IDi Verify T2-T1 <= ΔT Compute C1’= h(IDi⊕x) Verify C2?=h(C1’⊕T1) Compute C3=h(C1’⊕T3) (T3, C3) Verify C3?=h(C1⊕T3)

Chien et al.’s weakness Ui Server (IDi, T1, C2) (T3, C3) (IDi, T3, C3) 1.Registration phase: Compute Ri=h(IDi⊕x) ⊕PWi Store h(), Ri into Smard Card Select IDi, PWi 2.Login phase: 3.Verify phase: Compute C1=Ri⊕PWi C2=h(C1⊕T1) (IDi, T1, C2) Check IDi Verify T2-T1 <= ΔT Compute C1’= h(IDi⊕x) Verify C2?=h(C1’⊕T1) Compute C3=h(C1’⊕T3) (T3, C3) Verify C3?=h(C1⊕T3) Check IDi Verify T4-T3 <= ΔT Compute C1’= h(IDi⊕x) Verify C3?=h(C1’⊕T3) Compute C4=h(C1’⊕T5) (IDi, T3, C3) Parallel session attack

Lee’s scheme Ui Server (IDi, T1, C2) (T3, C3) (IDi, T3, C3) 1.Registration phase: Compute Ri=h(IDi⊕x) ⊕PWi Store h(), Ri into Smard Card Select IDi, PWi 2.Login phase: 3.Verify phase: Compute C1=Ri⊕PWi C2=h(C1⊕T1) (IDi, T1, C2) Check IDi Verify T2-T1 <= ΔT Compute C1’= h(IDi⊕x) Verify C2?=h(C1’⊕T1) Compute C3=h(h(C1’⊕T3)) (T3, C3) Verify C3?=h(h(C1⊕T3)) Check IDi Verify T4-T3 <= ΔT Compute C1’= h(IDi⊕x) Verify C3?=h(C1’⊕T3)  C3=h(h(C1’⊕T3))≠h(C1’⊕T3)  reject (IDi, T3, C3) Parallel session attack