電子商務與數位生活研討會 1 Further Security Enhancement for Optimal Strong-Password Authentication Protocol Tzung-Her Chen, Gwoboa Horng, Wei-Bin Lee,Kuang-Long Lin.

Slides:

Advertisements

Similar presentations

1 東南技術學院九十二學年度第二學期資工系第一次論文發表會 Analysis of an Improved Version of S/KEY One-Time Password Authentication Scheme Speaker: Maw-Jinn Tsaur

Advertisements

多媒體網路安全實驗室 An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards 作者 :JongHyup LEE 出處.

Further improvement on the modified authenticated key agreement scheme Authors: N.Y. Lee and M.F. Lee Source: Applied Mathematics and Computation, Vol.157,

A Secure Remote User Authentication Scheme with Smart Cards Manoj Kumar 報告者 : 許睿中日期 :

Computer and Information Security 期末報告學號姓名莊玉麟.

1 Authenticated key agreement without using one-way hash functions Harn, L.; Lin, H.-Y. Electronics Letters, Volume: 37 Issue: 10, 10 May 2001 Presented.

1 Security analysis of an enhanced authentication key exchange protocol Authors ： H.Y. Liu, G.B. Horng, F.Y. Hung Presented by F.Y. Hung Date ： 2005/5/20.

A simple remote user authentication scheme 1. M. S. Hwang, C. C. Lee and Y. L. Tang, “A simple remote user authentication.

A Server-aided Signature Scheme Based on Secret Sharing for Mobile Commerce Source: Journal of Computers, Vol.19, No.1, April 2008 Author: Chin-Ling Chen,

A password authentication scheme with secure password updating SEC 期末報告學號：姓名：翁玉芬.

CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.

1 Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment Authors ： Han-Cheng Hsiang and Wei-Kuan Shih.

Efficient Multi-server Password Authenticated Key Agreement Using Smart Cards Computer and Information Security Ming-Hong Shih.

孫國偉 Efficient Password authenticated key agreement using smart cards Author : Wen-Shenq Juang* Date : in Computers & Security.

1 電子商務代理人與無線射頻系統上安全設計之研究 The Study of Secure Schemes on Agent-based Electronic Commerce Transaction and RFID system 指導教授 : 詹進科教授 (Prof. Jinn-Ke Jan) 陳育毅.

An Improved Smart Card Based Password Authentication Scheme with Provable Security Source:Computer Standards & Interfaces, Vol. 31, No. 4, pp ,

A more efficient and secure dynamic ID- based remote user authentication scheme Yan-yan Wang, Jia-yong Liu, Feng-xia Xiao, Jing Dan in Computer Communications.

Improvement of Hwang-Lo-Lin scheme based on an ID-based cryptosystem No author given (Korea information security Agency) Presented by J.Liu.

1 Security Weakness in a Three-Party Password-Based Key Exchange Protocol Using Weil Pairing From ： ePrint (August 2005) Author ： Junghyun Nam, Seungjoo.

An Enhanced Two-factor User Authentication Scheme in Wireless Sensor Networks DAOJING HE, YI GAO, SAMMY CHAN, CHUN CHEN, JIAJUN BU Ad Hoc & Sensor Wireless.

多媒體網路安全實驗室 A Strong User Authentication Framework for Cloud Computing Date ： Reporter : Hong Ji Wei Authors : Amlan Jyoti Choudhury, Mangal.

1 Further cryptanalysis of fingerprint-based remote user authentication scheme using smartcards Authors: W.C Ku, S.T. Chang,and M.H. Chiang Source: Electronics.

多媒體網路安全實驗室 A novel user identification scheme with key distribution preserving user anonymity for distributed computer networks Date:2011/10/05 報告人：向峻霈.

Cryptanalysis of Two Dynamic ID-based Authentication

Guomin Yang et al. IEEE Transactions on Wireless Communication Vol. 6 No. 9 September

多媒體網路安全實驗室 An Efficient RFID Authentication Protocol for Low-cost Tags Date ： Reporter : Hong Ji Wei Authors : Yanfei Liu From : 2008 IEEE/IFIP.

1 Authentication and Digital Signature Schemes and Their Applications to E-commerce ( 身份認證與數位簽章技術及其在電子商務上的應用 ) Advisor: Chin-Chen Chang 1, 2 Student: Ya-Fen.

多媒體網路安全實驗室 A novel user authentication and privacy preserving scheme with smartcards for wireless communications 作者 :Chun-Ta Li,Cgeng-Chi Lee 出處 :Mathematical.

Efficient remote mutual authentication and key agreement Improvement of Chien et al. ’ s remote user authentication scheme using smart cards An efficient.

Secure Authentication Scheme with Anonymity for Wireless Communications Speaker : Hong-Ji Wei Date :

A Secure Identification and Key Agreement Protocol with User Anonymity (SIKA) Authors: Kumar Mangipudi and Rajendra Katti Source: Computers & Security,

1 Robust and Efficient Password-Authenticated Key Agreement Using Smart Cards 使用在 smart cards 的強韌及高效率密碼驗證金鑰協定 IEEE Transactions on Industrial Electronics,

Enhanced secure anonymous authentication scheme for roaming service in global mobility networks Hyeran Mun, Kyusuk Han, Yan Sun Lee, Chan Yeob Yeun, Hyo.

Authentication of Signaling in VoIP Applications Authors: Srinivasan et al. (MIT Campus of Anna University, India) Source: IJNS review paper Reporter:

1 一個新的代理簽章法 A New Proxy Signature Scheme 作者 : 洪國寶, 許琪慧, 郭淑娟與邱文怡報告者 : 郭淑娟.

1 Efficient User Authentication and Key Management for Peer-to- Peer Live Streaming Systems Authors: X. Liu, Y. Hao, C. Lin, and C. Du Source: Tsinghua.

Department of Computer Engineering, Kyungpook National University Author : Eun-Jun Yoon, Wan-Soo Lee, Kee-Young Yoo Speaker : Wan-Soo Lee

多媒體網路安全實驗室 Robust authentication and key agreement scheme preserving Date:2011/11/05 報告人：向峻霈出處 : Ren-Chiun Wang Wen-Shenq Juang Chin-Laung Lei Computer.

Secure Communication between Set-top Box and Smart Card in DTV Broadcasting Authors: T. Jiang, Y. Hou and S. Zheng Source: IEEE Transactions on Consumer.

SPEAKER: HONG-JI WEI DATE: Secure Anonymous Authentication Scheme with Roaming for Mobile Networks.

Password-only Authenticated Key Agreement Protocols Based on Self-certified Approach Tzong-Chen Wu and Yen-Ching Lin Department of Information Management.

A flexible biometrics remote user authentication scheme Authors: Chu-Hsing Lin and Yi-Yi Lai Sources: Computer Standards & Interfaces, 27(1), pp.19-23,

User authentication schemes with pseudonymity for ubiquitous sensor network in NGN Authors: Binod Vaidya, Joel J. Rodrigues and Jong Hyuk Park Source:

SECURE MICROPAYMENT SCHEME FOR NEWSPAPER SUBSCRIPTION Pay Per Article Dr. M. Sandirigama Fasna JF. Irfan MAM. Rishadhy MJM.

Robust and Efficient Password- Authenticated Key Agreement Using Smart Cards Authors: Wen-Shenq Juang, Sian-Teng Chen and Horng-Twu Liaw Src: IEEE Transaction.

RSA-based password authenticated key exchange protocol Presenter: Jung-wen Lo( 駱榮問 )

SPEAKER: HONG-JI WEI DATE: Efficient and Secure Anonymous Authentication Scheme with Roaming Used in Mobile Networks.

Threshold password authentication against guessing attacks in Ad hoc networks ► Chai, Zhenchuan; Cao, Zhenfu; Lu, Rongxing ► Ad Hoc Networks Volume: 5,

多媒體網路安全實驗室 An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards 作者 : Xiong Li, Yongping.

Threshold password authentication against guessing attacks in Ad hoc networks Authors: Zhenchuan Chai, Zhenfu Cao, Rongxing Lu Sources: Ad Hoc Networks,

Meeting Reports  A new delegation-based authentication protocol for use in portable communication systems IEEE Transactions on Wireless Communications,

A Secure and Efficient Application Download Architecture in 3G Mobile Environment Speaker: Kuo-Zhe Chiou Laboratory of Cryptography and Information Security.

A Secure Authentication Scheme with Anonymity for Wireless Communications IEEE COMMUNICATIONS LETTERS, VOL. 12, NO. 10, OCTOBER 2008 Chia-Chun Wu, Wei-Bin.

An Efficient and Practical Authenticated Communication Scheme for Vehicular Ad Hoc Networks Source: IEEE Transactions on Vehicular Technology, Reviewing.

Non-PKI Methods for Public Key Distribution

A Dynamic ID-Based Generic Framework for Anonymous Authentication Scheme for Roaming Service in Global Mobility Networks Source: Wireless Personal Communications,

無線環境的認證方法及其在電子商務應用之研究

Author:YongBin Zhou, ZhenFeng Zhang, and DengGuo Feng Presenter:戴士桀

網路環境中通訊安全技術之研究 Secure Communication Schemes in Network Environments

A secure and traceable E-DRM system based on mobile device

A robust and anonymous patient monitoring system using wireless medical sensor networks Source: Future Generation Computer Systems, Available online 8.

Security of a Remote Users Authentication Scheme Using Smart Cards

Authors: Wei-Chi KU, Hao-Chuan TSAI, Maw-Jinn TSAUR

Authors：Debiao He, Sherali Zeadally, Neeraj Kumar and Wei Wu

Date:2011/09/28 報告人：向峻霈出處: Ren-Chiun Wang Wen-Shenq Juang

Improvement of recently proposed Remote User Authentication Schemes

II. REVIEW OF THE DAS ET AL. SCHEME

Improvement of Chien et al

Source: Sensors, Volume 19, Issue 9 (May )

Privacy Protection for E-Health Systems by

Presentation transcript:

電子商務與數位生活研討會 1 Further Security Enhancement for Optimal Strong-Password Authentication Protocol Tzung-Her Chen, Gwoboa Horng, Wei-Bin Lee,Kuang-Long Lin 3/27/2004

電子商務與數位生活研討會 2 Outline Introduction Review of Ku-Chen scheme The problem of Ku-Chen scheme The proposed scheme Security Analysis Conclusions

電子商務與數位生活研討會 3 Introduction In 2000, Sandirigama et al. proposed SAS scheme lowered storage, processing, and transmission overheads. In 2001, Lin, Sun, and Hwang proposed an enhanced password authentication scheme, called the OSPA.

電子商務與數位生活研討會 4 Introduction In 2002,OSPA protocol has been shown vulnerable to the stolen-verifier attack and the impersonation attack. In 2003, Ku and Chen proposed a new improved version for the OSPA protocol In this paper, an improved scheme with mutual authentication is proposed.

電子商務與數位生活研討會 5 Review of Ku-Chen scheme Notation: h(.) : collision-resistant hash function T : login times k : long-term secret key  : exclusive-or operation

電子商務與數位生活研討會 6 Review of Ku-Chen scheme Registration phase Authentication phase

電子商務與數位生活研討會 7 ID, h 2 (PW  1) Chooses his identity ID and password PW and computes h 2 (PW  1) Calculates verifier v 1 =h 2 (PW  1)  h(ID  k) Store {ID, v 1,T=1} into the verification table

電子商務與數位生活研討會 8 ID, service request T= i c 1 =h(PW  i )  h 2 (PW  i ) c 2 =h 2 (PW  ( i +1))  h(PW  i ) c 3 =h(h 3 (PW  ( i +1))  T) Find i from verification table by the ID

電子商務與數位生活研討會 9 Check c 1, c 2 c 1,c 2,c 3 Get h 2 (PW  i ) by v i  h(ID  k) y 1 =c 1  h 2 (PW  i )=h(PW  i ) y 2 =c 2  y 1 =h 2 (PW  ( i +1)) Check if h(y 1 )=h 2 (PW  i ) h(h(y 2 )  T)=c 3 v i+1 =h 2 (PW  ( i +1))  h(ID  k) Store ID,T= i +1, and v i +1

電子商務與數位生活研討會 10 The problem of Ku-Chen scheme The user is authenticated by the remote server. But, remote server is not authenticated by the user (Server impersonation attack ).

電子商務與數位生活研討會 11 The proposed scheme Registration phase Authentication phase

電子商務與數位生活研討會 12 ID, h 2 (PW  1) Chooses his identity ID and password PW and computes h 2 (PW  1) Calculates verifier v 1 =h 2 (PW  1)  h(ID  k) Store {ID, v 1 } into the verification table

電子商務與數位生活研討會 13 ID, r  h 2 (PW  i ) h(r)  h 2 (PW  i ) Check r c 1 =h(PW  i )  h 2 (PW  i ) c 2 =h 2 (PW  ( i +1))  h(PW  i ) c 3 =h(h 3 (PW  ( i +1))  T) choose r randomly and compute r  h 2 (PW  i ) Get h 2 (PW  i ) by v i  h(ID  k) r =(r  h 2 (PW  i ))  h 2 (PW  i )

電子商務與數位生活研討會 14 Check c 1, c 2 c 1,c 2,c 3 y 1 =c 1  h 2 (PW  i )=h(PW  i ) y 2 =c 2  y 1 =h 2 (PW  ( i +1)) Check if h(y 1 )=h 2 (PW  i ) h(h(y 2 )  T)=c 3 v i+1 =h 2 (PW  ( i +1))  h(ID  k) Store ID and v i +1

電子商務與數位生活研討會 15 Security Analysis Password guess attack Impersonation attack Stolen-verifier attack Server impersonation attack

電子商務與數位生活研討會 16 Conclusions We point out the possible server impersonation problem in the Ku- Chen scheme and propose an enhanced version. The proposed concept of security enhancement is also suitable for the other SAS-like schemes.

電子商務與數位生活研討會 17 THE END