P RIVACY -P RESERVING A UTHENTICATION OF U SERS WITH S MART C ARDS U SING O NE -T IME C REDENTIALS Author: Jun-Cheol PARK Source: IEICE TRANS. INF&SYST VOL. E93-D 2010 July Presenter: Hsin-Ruey Tsai

O UTLINE Introduction Model Conclusion

I NTRODUCTION Password-based  Insecure channel ex: Internet Single ID and password in different sites  phishing, spamming One time credentials Hide ID and password from a server Random and unique session Lightweight operations

M ODEL Registration Phase Authentication Phase Verification and Update Phase

R EGISTRATION P HASE User Server Info. UserSmart card id, pw, P, rpw P=(P1||P2) 4 digits PIN Revocation pw Smart cardServer M, id’, K M=HMAC(pw, X i ||id) h^(P 1 +5) ([h^(P 2 +5) (rpw||S’s URL)]^R) m h(id’||Y’) ⊕ M id’, m, x i Revocation

A UTHENTICATION / V ERIFICATION AND U PDATE P HASE id, pw Smart cardServer id’, a, b, c, T a=m ⊕ HMAC(pw, X i ||id)= h(id’||Y’) b= h(HMAC(pw, X i ||id) ) ⊕ id’’ c= h(id’||a||id’’||T) Check h(a)=h^2 (id’||Y’) id’’=b ⊕ h(M) Verify c= h(id’||a||id’’||T) d=h(id’’||T||id’||Y’’) e= h(h(M)||id’’) ⊕ Y’’ d, e Y’’= e ⊕ h(h(M)||id’’) Verify d f= h(Y’’||id’’||id’)f Check f

R EVOCATION User Server Info. Look up for K User Server Computer SSL v z= h^(P 1 +5+v) ([h^(P 2 +5) (rpw||S’s URL)]^R) z Check h^v (K) K= h^(P 1 +5) ([h^(P 2 +5) (rpw||S’s URL)]^R)

S ECURITY Linking Authentication Sessions of a User Attacks to Obtain User ID and Password Impersonating a User Using Server Database and/or Smart Card’s Storage Replay attack Parallel Session Attack Attack of Revocation

CONCLUSION Enhance privacy Smart card  each 256bit  96Byte Server identity 4Byte