Presentation is loading. Please wait.

Presentation is loading. Please wait.

A simple remote user authentication scheme 1. M. S. Hwang, C. C. Lee and Y. L. Tang, “A simple remote user authentication.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "A simple remote user authentication scheme 1. M. S. Hwang, C. C. Lee and Y. L. Tang, “A simple remote user authentication."— Presentation transcript:

1 http://islab.iecs.fcu.edu.tw1 A simple remote user authentication scheme 1. M. S. Hwang, C. C. Lee and Y. L. Tang, “A simple remote user authentication scheme,” Mathematical and Computer Modelling, Vol. 36, No. 1-2, pp. 103-107, July 2002. 2. E. J. Yoon, E. K. Ryu and K. Y. Yoo, “An improvement of Hwang–Lee–Tang's simple remote user authentication scheme,” Computers & Security, In Press. Presented by Hsing-Bai Chen ( 陳星百 ) 17 Sep. 2004

2 http://islab.iecs.fcu.edu.tw2 Outline Introduction Design goals Hwang-Lee-Tang’s scheme (HLT’s scheme) Discussions on HLT’s scheme Improved scheme (YRY’s scheme) Security analysis Conclusion Comments

3 http://islab.iecs.fcu.edu.tw3 Introduction UserPublic channel ID, PW Remote server

4 http://islab.iecs.fcu.edu.tw4 Brief summary Remote user authentication Lamport, 1981 Hwang-Li, 2000 Modification attacks EfficiencySecurity Using smart cards to eliminate the risk and cost of maintaining verification tables.

5 http://islab.iecs.fcu.edu.tw5 Design goals Require no password or verification tables in the server side Solve replay attacks Choose and change users password freely Reveal no passwords to the server

6 http://islab.iecs.fcu.edu.tw6 HLT's scheme (1/3) Registration phase: U i Server Choose ID i, PW i ID i, h(PW i ) Compute A i = h(ID i  x)  h(PW i ) Smart card (stored h( ), A i ) Compute h(PW i )

7 http://islab.iecs.fcu.edu.tw7 HLT's scheme (2/3) Login phase: U i Server Compute B i = A i  h(PW i ) = h(ID i  x) ID i, C i, T Verify C i = h(h(ID i  x)  T) Compute C i = h(B i  T) Authentication phase: Check (T  T)   T Check ID i

8 http://islab.iecs.fcu.edu.tw8 HLT’s scheme (3/3) Password change phase: U i Server Compute B i = A i  h(PW i ) = h(ID i  x) Compute A i = B i  h(PW i new ) Select PW i new and compute h(PW i new ) Store A i

9 http://islab.iecs.fcu.edu.tw9 Discussions on HLT’s scheme Suppose the intruder has stolen x expensive to re-compute the secret hash value Suppose the smart card is stolen Altered password B i = A i  h(PW) = h(ID i  x)  h(PW i )  h(PW) A i = B i  h(PW  ) Denial of service attack Speed of detecting wrong password is slow No mutual authentication

10 http://islab.iecs.fcu.edu.tw10 YRY’s scheme (1/3) Registration phase: U i Server Choose ID i, PW i ID i, PW i Compute A i = h(ID i, T TSA, x)  PW i Smart card (stored h( ), ID i, V i, A i ) Compute V i = h(ID i, T TSA, x)

11 http://islab.iecs.fcu.edu.tw11 YRY’s scheme (2/3) Login phase: U i Server Compute B i = A i  PW i = h(ID i, T TSA, x) Verify B i = V i Compute C 1 = h(B i, T) ID i, C 1, T Authentication phase: Compute B i  = h(ID i, T TSA, x) Check (T  T)   T Check ID i Verify C 1 = h(B i , T) Compute C 2 = h (B i , C 1, T  ) C 2, T  Check (T  T  )   T Verify C 2 = h(B i, C 1, T  )

12 http://islab.iecs.fcu.edu.tw12 YRY’s scheme (3/3) Password change phase: U i Server Compute B i = A i  PW i = h(ID i, T TSA, x) Compute A i = B i  PW i new Select PW i new Store A i Verify B i = V i

13 http://islab.iecs.fcu.edu.tw13 Security analysis Protect from Forgery attacks Replay attacks Impersonation attacks Deniable of service attacks Spoofing attacks No body can compute B i = h(ID i, T TSA, x) even if x is revealed

14 http://islab.iecs.fcu.edu.tw14 Conclusion Achieve No verification table Freedom in changing password Elimination of denial of service attacks Secure hash value Mutual authentication Fast detection of wrong input password Less computational cost

Download ppt "A simple remote user authentication scheme 1. M. S. Hwang, C. C. Lee and Y. L. Tang, “A simple remote user authentication."

Similar presentations

1 東南技術學院九十二學年度第二學期 資工系第一次論文發表會 Analysis of an Improved Version of S/KEY One-Time Password Authentication Scheme Speaker: Maw-Jinn Tsaur 2004.05.12.

1 東南技術學院九十二學年度第二學期 資工系第一次論文發表會 Analysis of an Improved Version of S/KEY One-Time Password Authentication Scheme Speaker: Maw-Jinn Tsaur
多媒體網路安全實驗室 An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards 作者 :JongHyup LEE 出處.

多媒體網路安全實驗室 An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards 作者 :JongHyup LEE 出處.
Kerberos Assisted Authentication in Mobile Ad-hoc Networks Authors: Asad Amir Pirzada and Chris McDonald Sources: Proceedings of the 27th Australasian.

Kerberos Assisted Authentication in Mobile Ad-hoc Networks Authors: Asad Amir Pirzada and Chris McDonald Sources: Proceedings of the 27th Australasian.
Further improvement on the modified authenticated key agreement scheme Authors: N.Y. Lee and M.F. Lee Source: Applied Mathematics and Computation, Vol.157,

Further improvement on the modified authenticated key agreement scheme Authors: N.Y. Lee and M.F. Lee Source: Applied Mathematics and Computation, Vol.157,
1 Secure Credit Card Transactions on an Untrusted Channel Source: Information Sciences in review Presenter: Tsuei-Hung Sun ( 孫翠鴻 ) Date: 2010/9/24.

1 Secure Credit Card Transactions on an Untrusted Channel Source: Information Sciences in review Presenter: Tsuei-Hung Sun ( 孫翠鴻 ) Date: 2010/9/24.
P RIVACY -P RESERVING A UTHENTICATION OF U SERS WITH S MART C ARDS U SING O NE -T IME C REDENTIALS Author: Jun-Cheol PARK Source: IEICE TRANS. INF&SYST.

P RIVACY -P RESERVING A UTHENTICATION OF U SERS WITH S MART C ARDS U SING O NE -T IME C REDENTIALS Author: Jun-Cheol PARK Source: IEICE TRANS. INF&SYST.
A Secure Remote User Authentication Scheme with Smart Cards Manoj Kumar 報告者 : 許睿中 日期 :11.23 1.

A Secure Remote User Authentication Scheme with Smart Cards Manoj Kumar 報告者 : 許睿中 日期 :
Computer and Information Security 期末報告 學號 92321501 姓名 莊玉麟.

Computer and Information Security 期末報告 學號 姓名 莊玉麟.
An Authentication Scheme for Mobil Satellite Communication Systems Advisor: Prof. Jen-Chang Liu Graduate Student: Yi-Ching Chen( 陳怡靜 92321527) Date: 2004/05/26.

An Authentication Scheme for Mobil Satellite Communication Systems Advisor: Prof. Jen-Chang Liu Graduate Student: Yi-Ching Chen( 陳怡靜 ) Date: 2004/05/26.
電子商務與數位生活研討會 1 Further Security Enhancement for Optimal Strong-Password Authentication Protocol Tzung-Her Chen, Gwoboa Horng, Wei-Bin Lee,Kuang-Long Lin.

電子商務與數位生活研討會 1 Further Security Enhancement for Optimal Strong-Password Authentication Protocol Tzung-Her Chen, Gwoboa Horng, Wei-Bin Lee,Kuang-Long Lin.
A password authentication scheme with secure password updating SEC 期末報告 學號: 89321037 姓名:翁玉芬.

A password authentication scheme with secure password updating SEC 期末報告 學號: 姓名:翁玉芬.
CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.
1 Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment Authors : Han-Cheng Hsiang and Wei-Kuan Shih.

1 Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment Authors : Han-Cheng Hsiang and Wei-Kuan Shih.
Efficient Multi-server Password Authenticated Key Agreement Using Smart Cards Computer and Information Security 92321509 Ming-Hong Shih.

Efficient Multi-server Password Authenticated Key Agreement Using Smart Cards Computer and Information Security Ming-Hong Shih.
90321011 孫國偉 Efficient Password authenticated key agreement using smart cards Author : Wen-Shenq Juang* Date : 2003.11.26 in Computers & Security.

孫國偉 Efficient Password authenticated key agreement using smart cards Author : Wen-Shenq Juang* Date : in Computers & Security.
An Improved Smart Card Based Password Authentication Scheme with Provable Security Source:Computer Standards & Interfaces, Vol. 31, No. 4, pp. 723-728,

An Improved Smart Card Based Password Authentication Scheme with Provable Security Source:Computer Standards & Interfaces, Vol. 31, No. 4, pp ,
A more efficient and secure dynamic ID- based remote user authentication scheme Yan-yan Wang, Jia-yong Liu, Feng-xia Xiao, Jing Dan in Computer Communications.

A more efficient and secure dynamic ID- based remote user authentication scheme Yan-yan Wang, Jia-yong Liu, Feng-xia Xiao, Jing Dan in Computer Communications.
1 Security Weakness in a Three-Party Password-Based Key Exchange Protocol Using Weil Pairing From : ePrint (August 2005) Author : Junghyun Nam, Seungjoo.

1 Security Weakness in a Three-Party Password-Based Key Exchange Protocol Using Weil Pairing From : ePrint (August 2005) Author : Junghyun Nam, Seungjoo.
An Enhanced Two-factor User Authentication Scheme in Wireless Sensor Networks DAOJING HE, YI GAO, SAMMY CHAN, CHUN CHEN, JIAJUN BU Ad Hoc & Sensor Wireless.

An Enhanced Two-factor User Authentication Scheme in Wireless Sensor Networks DAOJING HE, YI GAO, SAMMY CHAN, CHUN CHEN, JIAJUN BU Ad Hoc & Sensor Wireless.

Similar presentations

Ads by Google