Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security of a Remote Users Authentication Scheme Using Smart Cards

Published byRaymond Kennedy Modified over 6 years ago

Similar presentations

Presentation on theme: "Security of a Remote Users Authentication Scheme Using Smart Cards"— Presentation transcript:

1 Security of a Remote Users Authentication Scheme Using Smart Cards
Author: Her-Tyan Yeh, Hung-Min Sun, Bin-Tsan Hsieh Source: IEICE transactions on Communications, Vol. E87-B, No.1, Jan Speaker: Chih-Chiang Tsou Date:

2 Outline Introduction Elgamal’s public key cryptosystem
Hwang and Li’s scheme Chan and Cheng’s attack Proposed attack Conclusions

3 Introduction Remote password authentication User System Login
Insecure channel

4 Elgamal’s public key cryptosystem
P is a prime number, (P-1) has a large prime factor. g is the primitive element in GF(P). Ui has a secret key xi and a public key yi , If A wants to send M to B, A selects a random number r, and calculates Then A uses the public key yb of B and a random number r to encipher M:

5 Elgamal’s public key cryptosystem
A sends (C1,C2) to B B can decipher M:

6 Hwang and Li’s scheme 1. Registration 2. Login x : System secret key
P : Large prime f: one-way function S: Smart card ( f , P ) 1. Registration IDi (PWi ,S) Secure channel User (Ui) 2. Login System . random number r . After receive the Authentication message at time T’ Check the validity of IDi Check if (IDi ,C1 , C2 ,T)

7 Hwang and Li’s scheme (example)
f: one-way function S: Smart card ( f , 17 ) 1. Registration IDi=10 (14 ,S) Secure channel User (Ui) 2. Login System . random number 5 . After receive the Authentication message at time T’ Check the validity of IDi Check (10 ,6 , 8 ,T)

8 Chan and Cheng’s attack
Bob is a legitimate user. Bob has a smart card, IDb and PWb He wants to create a valid pair (IDf , PWf) He computes computes

9 Chan and Cheng’s attack (example)
Bob has a smart card, IDb=10 and PWb=14 He wants to create a valid pair (IDf , PWf) He computes Computes System checks if

10 Proposed attack If Bob wants to impersonate the legal user Ui .
Computes Submits IDE to the system for registration and then receives PWE and a smart card.

11 Proposed attack Because P is a large prime and gcd( PWE , P )=1. By quadratic residues, PWi can be easily found.

12 Proposed attack (example)
If Bob wants to impersonate the legal user Ui .(IDi = 10) Computes Submits IDE =15 to the system for registration and then receives PWE = 9 and a smart card.

13 Conclusions The authors proposed another impersonation attack to show that Hwang and Li’s scheme is not secure. This attack is more powerful than the Chan and Chen’s attack that was proposed in 2000.

Download ppt "Security of a Remote Users Authentication Scheme Using Smart Cards"

Similar presentations

Further improvement on the modified authenticated key agreement scheme Authors: N.Y. Lee and M.F. Lee Source: Applied Mathematics and Computation, Vol.157,

Further improvement on the modified authenticated key agreement scheme Authors: N.Y. Lee and M.F. Lee Source: Applied Mathematics and Computation, Vol.157,
P RIVACY -P RESERVING A UTHENTICATION OF U SERS WITH S MART C ARDS U SING O NE -T IME C REDENTIALS Author: Jun-Cheol PARK Source: IEICE TRANS. INF&SYST.

P RIVACY -P RESERVING A UTHENTICATION OF U SERS WITH S MART C ARDS U SING O NE -T IME C REDENTIALS Author: Jun-Cheol PARK Source: IEICE TRANS. INF&SYST.
A Secure Remote User Authentication Scheme with Smart Cards Manoj Kumar 報告者 : 許睿中 日期 :11.23 1.

A Secure Remote User Authentication Scheme with Smart Cards Manoj Kumar 報告者 : 許睿中 日期 :
Computer and Information Security 期末報告 學號 92321501 姓名 莊玉麟.

Computer and Information Security 期末報告 學號 姓名 莊玉麟.
1 Security analysis of an enhanced authentication key exchange protocol Authors : H.Y. Liu, G.B. Horng, F.Y. Hung Presented by F.Y. Hung Date : 2005/5/20.

1 Security analysis of an enhanced authentication key exchange protocol Authors : H.Y. Liu, G.B. Horng, F.Y. Hung Presented by F.Y. Hung Date : 2005/5/20.
A simple remote user authentication scheme 1. M. S. Hwang, C. C. Lee and Y. L. Tang, “A simple remote user authentication.

A simple remote user authentication scheme 1. M. S. Hwang, C. C. Lee and Y. L. Tang, “A simple remote user authentication.
電子商務與數位生活研討會 1 Further Security Enhancement for Optimal Strong-Password Authentication Protocol Tzung-Her Chen, Gwoboa Horng, Wei-Bin Lee,Kuang-Long Lin.

電子商務與數位生活研討會 1 Further Security Enhancement for Optimal Strong-Password Authentication Protocol Tzung-Her Chen, Gwoboa Horng, Wei-Bin Lee,Kuang-Long Lin.
1 Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment Authors : Han-Cheng Hsiang and Wei-Kuan Shih.

1 Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment Authors : Han-Cheng Hsiang and Wei-Kuan Shih.
An Improved Smart Card Based Password Authentication Scheme with Provable Security Source:Computer Standards & Interfaces, Vol. 31, No. 4, pp. 723-728,

An Improved Smart Card Based Password Authentication Scheme with Provable Security Source:Computer Standards & Interfaces, Vol. 31, No. 4, pp ,
A more efficient and secure dynamic ID- based remote user authentication scheme Yan-yan Wang, Jia-yong Liu, Feng-xia Xiao, Jing Dan in Computer Communications.

A more efficient and secure dynamic ID- based remote user authentication scheme Yan-yan Wang, Jia-yong Liu, Feng-xia Xiao, Jing Dan in Computer Communications.
Improvement of Hwang-Lo-Lin scheme based on an ID-based cryptosystem No author given (Korea information security Agency) Presented by J.Liu.

Improvement of Hwang-Lo-Lin scheme based on an ID-based cryptosystem No author given (Korea information security Agency) Presented by J.Liu.
An Enhanced Two-factor User Authentication Scheme in Wireless Sensor Networks DAOJING HE, YI GAO, SAMMY CHAN, CHUN CHEN, JIAJUN BU Ad Hoc & Sensor Wireless.

An Enhanced Two-factor User Authentication Scheme in Wireless Sensor Networks DAOJING HE, YI GAO, SAMMY CHAN, CHUN CHEN, JIAJUN BU Ad Hoc & Sensor Wireless.
多媒體網路安全實驗室 A novel user identification scheme with key distribution preserving user anonymity for distributed computer networks Date:2011/10/05 報告人:向峻霈.

多媒體網路安全實驗室 A novel user identification scheme with key distribution preserving user anonymity for distributed computer networks Date:2011/10/05 報告人:向峻霈.
Cryptanalysis of Two Dynamic ID-based Authentication

Cryptanalysis of Two Dynamic ID-based Authentication
A Risk Analysis Approach for Biometric Authentication Technology Author: Arslan Brömme Submission: International Journal of Network Security Speaker: Chun-Ta.

A Risk Analysis Approach for Biometric Authentication Technology Author: Arslan Brömme Submission: International Journal of Network Security Speaker: Chun-Ta.
1 Anonymous Roaming Authentication Protocol with ID-based Signatures Lih-Chyau Wuu Chi-Hsiang Hung Department of Electronic Engineering National Yunlin.

1 Anonymous Roaming Authentication Protocol with ID-based Signatures Lih-Chyau Wuu Chi-Hsiang Hung Department of Electronic Engineering National Yunlin.
An Authenticated Payword Scheme without Public Key Cryptosystems Author: Chia-Chi Wu, Chin-Chen Chang, and Iuon-Chang Lin. Source: International Journal.

An Authenticated Payword Scheme without Public Key Cryptosystems Author: Chia-Chi Wu, Chin-Chen Chang, and Iuon-Chang Lin. Source: International Journal.
Efficient remote mutual authentication and key agreement Improvement of Chien et al. ’ s remote user authentication scheme using smart cards An efficient.

Efficient remote mutual authentication and key agreement Improvement of Chien et al. ’ s remote user authentication scheme using smart cards An efficient.
Secure Authentication Scheme with Anonymity for Wireless Communications Speaker : Hong-Ji Wei Date : 2012-12-08.

Secure Authentication Scheme with Anonymity for Wireless Communications Speaker : Hong-Ji Wei Date :
1 Robust and Efficient Password-Authenticated Key Agreement Using Smart Cards 使用在 smart cards 的強韌及高效率密碼驗證金鑰協定 IEEE Transactions on Industrial Electronics,

1 Robust and Efficient Password-Authenticated Key Agreement Using Smart Cards 使用在 smart cards 的強韌及高效率密碼驗證金鑰協定 IEEE Transactions on Industrial Electronics,

Similar presentations

Ads by Google