Presentation is loading. Please wait.

Presentation is loading. Please wait.

P RIVACY -P RESERVING A UTHENTICATION OF U SERS WITH S MART C ARDS U SING O NE -T IME C REDENTIALS Author: Jun-Cheol PARK Source: IEICE TRANS. INF&SYST.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "P RIVACY -P RESERVING A UTHENTICATION OF U SERS WITH S MART C ARDS U SING O NE -T IME C REDENTIALS Author: Jun-Cheol PARK Source: IEICE TRANS. INF&SYST."— Presentation transcript:

1 P RIVACY -P RESERVING A UTHENTICATION OF U SERS WITH S MART C ARDS U SING O NE -T IME C REDENTIALS Author: Jun-Cheol PARK Source: IEICE TRANS. INF&SYST VOL. E93-D 2010 July Presenter: Hsin-Ruey Tsai

2 O UTLINE Introduction Model Conclusion

3 I NTRODUCTION Password-based  Insecure channel ex: Internet Single ID and password in different sites  phishing, spamming email One time credentials Hide ID and password from a server Random and unique session Lightweight operations

4 M ODEL Registration Phase Authentication Phase Verification and Update Phase

5 R EGISTRATION P HASE User Server Info. UserSmart card id, pw, P, rpw P=(P1||P2) 4 digits PIN Revocation pw Smart cardServer M, id’, K M=HMAC(pw, X i ||id) h^(P 1 +5) ([h^(P 2 +5) (rpw||S’s URL)]^R) m h(id’||Y’) ⊕ M id’, m, x i Revocation

6 A UTHENTICATION / V ERIFICATION AND U PDATE P HASE id, pw Smart cardServer id’, a, b, c, T a=m ⊕ HMAC(pw, X i ||id)= h(id’||Y’) b= h(HMAC(pw, X i ||id) ) ⊕ id’’ c= h(id’||a||id’’||T) Check h(a)=h^2 (id’||Y’) id’’=b ⊕ h(M) Verify c= h(id’||a||id’’||T) d=h(id’’||T||id’||Y’’) e= h(h(M)||id’’) ⊕ Y’’ d, e Y’’= e ⊕ h(h(M)||id’’) Verify d f= h(Y’’||id’’||id’)f Check f

7 R EVOCATION User Server Info. Look up for K User Server Computer SSL v z= h^(P 1 +5+v) ([h^(P 2 +5) (rpw||S’s URL)]^R) z Check h^v (K) K= h^(P 1 +5) ([h^(P 2 +5) (rpw||S’s URL)]^R)

8 S ECURITY Linking Authentication Sessions of a User Attacks to Obtain User ID and Password Impersonating a User Using Server Database and/or Smart Card’s Storage Replay attack Parallel Session Attack Attack of Revocation

9 CONCLUSION Enhance privacy Smart card  each 256bit  96Byte Server identity 4Byte

Download ppt "P RIVACY -P RESERVING A UTHENTICATION OF U SERS WITH S MART C ARDS U SING O NE -T IME C REDENTIALS Author: Jun-Cheol PARK Source: IEICE TRANS. INF&SYST."

Similar presentations

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
1 東南技術學院九十二學年度第二學期 資工系第一次論文發表會 Analysis of an Improved Version of S/KEY One-Time Password Authentication Scheme Speaker: Maw-Jinn Tsaur 2004.05.12.

1 東南技術學院九十二學年度第二學期 資工系第一次論文發表會 Analysis of an Improved Version of S/KEY One-Time Password Authentication Scheme Speaker: Maw-Jinn Tsaur
A Cryptographic Key Management Solution for HIPAA Privacy/Security Regulations 針對 HIPAA 隱私 / 安全規則的一種密碼金鑰管理方法 IEEE Transactions on Information Technology.

A Cryptographic Key Management Solution for HIPAA Privacy/Security Regulations 針對 HIPAA 隱私 / 安全規則的一種密碼金鑰管理方法 IEEE Transactions on Information Technology.
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
Chapter 1: Computers and Digital Basics 1 Computers and Digital Basics Chapter 1.

Chapter 1: Computers and Digital Basics 1 Computers and Digital Basics Chapter 1.
Session Hijacking Why web security depends on communications security and how TLS everywhere is the only solution. Scott Helme - 6th Aug 2013 - scotthel.me.

Session Hijacking Why web security depends on communications security and how TLS everywhere is the only solution. Scott Helme - 6th Aug scotthel.me.
1 Secure Credit Card Transactions on an Untrusted Channel Source: Information Sciences in review Presenter: Tsuei-Hung Sun ( 孫翠鴻 ) Date: 2010/9/24.

1 Secure Credit Card Transactions on an Untrusted Channel Source: Information Sciences in review Presenter: Tsuei-Hung Sun ( 孫翠鴻 ) Date: 2010/9/24.
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.

Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
A Secure Remote User Authentication Scheme with Smart Cards Manoj Kumar 報告者 : 許睿中 日期 :11.23 1.

A Secure Remote User Authentication Scheme with Smart Cards Manoj Kumar 報告者 : 許睿中 日期 :
Computer and Information Security 期末報告 學號 92321501 姓名 莊玉麟.

Computer and Information Security 期末報告 學號 姓名 莊玉麟.
A simple remote user authentication scheme 1. M. S. Hwang, C. C. Lee and Y. L. Tang, “A simple remote user authentication.

A simple remote user authentication scheme 1. M. S. Hwang, C. C. Lee and Y. L. Tang, “A simple remote user authentication.
電子商務與數位生活研討會 1 Further Security Enhancement for Optimal Strong-Password Authentication Protocol Tzung-Her Chen, Gwoboa Horng, Wei-Bin Lee,Kuang-Long Lin.

電子商務與數位生活研討會 1 Further Security Enhancement for Optimal Strong-Password Authentication Protocol Tzung-Her Chen, Gwoboa Horng, Wei-Bin Lee,Kuang-Long Lin.
1 Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment Authors : Han-Cheng Hsiang and Wei-Kuan Shih.

1 Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment Authors : Han-Cheng Hsiang and Wei-Kuan Shih.
Anonymity and Security in Public Internet Forums Ho-fung LEUNG Senior Member, IEEE Dept. of Computer Science & Engineering The Chinese University of Hong.

Anonymity and Security in Public Internet Forums Ho-fung LEUNG Senior Member, IEEE Dept. of Computer Science & Engineering The Chinese University of Hong.
90321011 孫國偉 Efficient Password authenticated key agreement using smart cards Author : Wen-Shenq Juang* Date : 2003.11.26 in Computers & Security.

孫國偉 Efficient Password authenticated key agreement using smart cards Author : Wen-Shenq Juang* Date : in Computers & Security.
An Improved Smart Card Based Password Authentication Scheme with Provable Security Source:Computer Standards & Interfaces, Vol. 31, No. 4, pp. 723-728,

An Improved Smart Card Based Password Authentication Scheme with Provable Security Source:Computer Standards & Interfaces, Vol. 31, No. 4, pp ,
A more efficient and secure dynamic ID- based remote user authentication scheme Yan-yan Wang, Jia-yong Liu, Feng-xia Xiao, Jing Dan in Computer Communications.

A more efficient and secure dynamic ID- based remote user authentication scheme Yan-yan Wang, Jia-yong Liu, Feng-xia Xiao, Jing Dan in Computer Communications.
A New Two-Server Approach for Authentication with Short Secrets John Brainard, Ari Juels,Burt Kaliski and Michael Szydlo RSA Laboratories To appear in.

A New Two-Server Approach for Authentication with Short Secrets John Brainard, Ari Juels,Burt Kaliski and Michael Szydlo RSA Laboratories To appear in.
1 Security Weakness in a Three-Party Password-Based Key Exchange Protocol Using Weil Pairing From : ePrint (August 2005) Author : Junghyun Nam, Seungjoo.

1 Security Weakness in a Three-Party Password-Based Key Exchange Protocol Using Weil Pairing From : ePrint (August 2005) Author : Junghyun Nam, Seungjoo.
Internet Security In the 21st Century Presented by Daniel Mills.

Internet Security In the 21st Century Presented by Daniel Mills.

Similar presentations

Ads by Google