Presentation is loading. Please wait.

Presentation is loading. Please wait.

Robust and Efficient Password- Authenticated Key Agreement Using Smart Cards Authors: Wen-Shenq Juang, Sian-Teng Chen and Horng-Twu Liaw Src: IEEE Transaction.

Published byMeredith Ryan Modified over 9 years ago

Similar presentations

Presentation on theme: "Robust and Efficient Password- Authenticated Key Agreement Using Smart Cards Authors: Wen-Shenq Juang, Sian-Teng Chen and Horng-Twu Liaw Src: IEEE Transaction."— Presentation transcript:

1 Robust and Efficient Password- Authenticated Key Agreement Using Smart Cards Authors: Wen-Shenq Juang, Sian-Teng Chen and Horng-Twu Liaw Src: IEEE Transaction on Industrial Electronics, Vol. 55, No. 6, pp. 2551-2556, 2008 Presenter: Jung-wen Lo ( 駱榮問 ) Date: Jul. 30, 2009

2 2 Outline Chun-I Fan, Yung-Cheng Chan, and Zhi-Kai Zhang, “Robust remote authentication scheme with smart cards,” Computers & Security, vol. 24, no. 8, pp. 619–628, Nov. 2005 Wen-Shenq Juang, Sian-Teng Chen and Horng-Twu Liaw, “Robust and Efficient Password-Authenticated Key Agreement Using Smart Cards,” IEEE Transaction on Industrial Electronics, vol. 55, no. 6, pp. 2551- 2556 Comment

3 Robust remote authentication scheme with smart cards Authors: Chun-I Fan, Yung-Cheng Chan, and Zhi-Kai Zhang Src: Computers & Security, vol. 24, no. 8, pp. 619–628, Nov. 2005

4 4 Introduction Criteria for secure remote authentication scheme using smart card 1) Low computation for smart cards 2) No password table 3) Passwords chosen by the users themselves 4) Not requiring clock synchronization and delay-time limitation 5) Withstanding the replay attack 6) Server authentication 7) Withstanding the offline dictionary attack with the smart card 8) Withstanding the offline dictionary attack without the smart card 9) Revoking the lost cards without changing the users’ identities Major contribution Withstand replay attack Preventing the offline dictionary attack Two protocol Registration protocol Login protocol

5 5 Registration Protocol User System ID i, h(PW i ) Random v i b i = E s (h(PW i )||H(ID i )||CI i ||v i )) ID i CI i …… CI i,ID i, b i,n

6 6 Login Protocol User Card Reader System PW i L1L1 L 2 ={α,β} Decrypt: L 1  (b i ||h(ID i )||u) b i  h(PW i )||h(ID i )||CI i ||v i ) Verify h(ID i ),{ID i, CI i } Random r α=r  u β=h((r||u) r’=α  u h((r’||u) ?=β L 3 =h(h(PW i )||r) b i,V i,ID i,CI i Random u L i ={ID i,(b i ||h(ID i )||u) 2 mod n} h(h(PW i )||r) ?= L 3 L3L3

7 7 Performance

8 8 Conclusion Properties 1) Low computation for smart cards 2) No password table 3) Passwords chosen by the users themselves 4) Not requiring clock synchronization and delay-time limitation 5) Withstanding the replay attack 6) Server authentication 7) Withstanding the offline dictionary attack with the smart card 8) Withstanding the offline dictionary attack w/o the smart card 9) Revoking the lost cards without changing the users’ identities Major contribution  Withstand replay attack  Preventing the offline dictionary attack Major drawbacks  No ability of anonymity for the user  Higher computation and communication cost  No session key agreement  Cannot prevent the insider attack

9 Robust and Efficient Password- Authenticated Key Agreement Using Smart Cards Authors: Wen-Shenq Juang, Sian-Teng Chen and Horng-Twu Liaw Src: IEEE Transaction on Industrial Electronics, vol. 55, no. 6, pp. 2551-2556, 2008

10 10 Introduction Improve Fan-Chan-Zhang’s scheme  Session key agreement  Prevent insider attack Five Phases 1) Parameter generation phase 2) Registration phase 3) Precomputation phase 4) Log-in phase 5) Password-changing phase

11 11 Notation h(): Public one-way hash function. s: Master secret key of a symmetric cryptosystem, which is kept secret by the server. E s (): Secure symmetric encryption algorithm with the secret key s. D s (): Secure symmetric decryption algorithm with the secret key s. ||: String concatenation operator. P: Large prime. E P : Elliptic curve equation over Z P. x: Server’s private key based on elliptic curve cryptosystems. P S : Server’s public key based on elliptic curve cryptosystems. G: Generator point of a large order. Manuscript

12 12 Parameter generation phase Server side  Choose a large prime P  Select a,b ∈ Z P ; 4a 3 + 27b 2 (mod P) ≠0  Elliptic curve equation: E P : y 2 = x 3 + ax + b over Z P  Find a generator point G of order n where n × G = O  Select a random number x as its private key and safely keeps it in its secret storage.  Compute the public key P S = (x G)  Publish the parameters (P S, P, E P, G, n)

13 13 Registration/Precomputation phase User Server ID i, h(Pw i ||b) b i = E s (h(PW i ||b)||ID i ||CI i ||h(ID i ||CI i ||h(PW i ||b))) V i = h(ID i, s, CI i ). Random b ID i CI i …… b i,V i,ID i,CI i Smart Card Registration phase (Only Once) Precomputation phase Random r e=(r G) c=(rP s )=(rxG) Store (c,e) in memory b i,V i,ID i,CI i,b

14 14 Log-in phase User Card Reader Server PW i b i, E v i (e) u, M s MuMu D s (b i )  ID i,CI i Verify V i =h(ID i,s,CI i ) D v i (E v i (e))  e=(rG) c’=(ex)=(rxG) Random u M s =h(c’||u||V i ) (c,e) h(c||u||V i ) ?= M s M u =h(h(PW i ||b)||V i ||c||u) S k = h(V i,c,u) b i,V i,ID i,CI i,b b i = E s (h(PW i ||b)||ID i ||CI i ||h(ID i ||CI i ||h(PW i ||b))) Smart Card h(h(PW i ||b)||V i ||c||u)?=M u S k = h(V i,c,u)

15 15 Password-changing phase User Card Reader Server Log-in Phase E S k (ID i, h(PW * i ||b * )) E S k (b * i ) b * i = E s (h(PW * i ||b*)||ID i ||CI i ||h(ID i ||CI i ||h(PW* i ||b*))) Decrypt Store (b * i, b * ) in memory Smart Card SkSk SkSk New PW * i,b * b * i,V i,ID i,CI i,b *

16 16 Security Analysis Strong Mutual Authentication  Both believe the correction of session key Preventing the Replay Attack  Nonce r & u Preventing the Insider Attack  No password table  Protected with h(PW i ||b) Preventing the Offline Dictionary Attack Without the Smart Card  Cannot obtain PW i from messages Preventing the Offline Dictionary Attack With the Smart Card  No obvious password in card (b i )  Need server’s help to verify password

17 17 Communication and storage cost

18 18 Computation Cost

19 19 Capability Comparisons

20 20 Conclusion Advantages  Benefits of Fan et al.’s scheme  Identity protection  Session key agreement  Low communication and computation cost by using elliptic curve cryptosystems  Prevent the insider attack

21 21 Comment Register table attack  DoS attack  Eliminate the table Protect the table  Modify the data of table, eg, CI i Verify before use Performance improvement  3 ways  2 ways

22 22 Comment: Log-in phase (2 round) User Card Reader Server PW i b i, E v i (e||n) u, M s D s (b i )  ID i,CI i Verify V i =h(ID i,s,CI i ) D v i (E v i (e))  e=(rG) c’=(ex)=(rxG) Random u M s =h(c’||n||u||V i ) S k = h(V i,c,u) (c,e) Random n h(c||n||u||V i ) ?= M s S k = h(V i,c,u) b i,V i,ID i,CI i,b b i = E s (h(PW i ||b)||ID i ||CI i ||h(ID i ||CI i ||h(PW i ||b))) Smart Card

Download ppt "Robust and Efficient Password- Authenticated Key Agreement Using Smart Cards Authors: Wen-Shenq Juang, Sian-Teng Chen and Horng-Twu Liaw Src: IEEE Transaction."

Similar presentations

DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13

DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13
DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13 DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13 Digital Signatures Authentication.

DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13 DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13 Digital Signatures Authentication.
多媒體網路安全實驗室 An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards 作者 :JongHyup LEE 出處.

多媒體網路安全實驗室 An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards 作者 :JongHyup LEE 出處.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Further improvement on the modified authenticated key agreement scheme Authors: N.Y. Lee and M.F. Lee Source: Applied Mathematics and Computation, Vol.157,

Further improvement on the modified authenticated key agreement scheme Authors: N.Y. Lee and M.F. Lee Source: Applied Mathematics and Computation, Vol.157,
Cryptography and Network Security Chapter 13 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 13 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.

1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.
1 Chapter 13 – Digital Signatures & Authentication Protocols Fourth Edition by William Stallings Lecture slides by Lawrie Brown (modified by Prof. M. Singhal,

1 Chapter 13 – Digital Signatures & Authentication Protocols Fourth Edition by William Stallings Lecture slides by Lawrie Brown (modified by Prof. M. Singhal,
An Improvement on Authenticated Key Agreement Scheme Authors: Chin-Chen Chang and Shih-Yi Lin Source: 2007 International Conference on Intelligent Pervasive.

An Improvement on Authenticated Key Agreement Scheme Authors: Chin-Chen Chang and Shih-Yi Lin Source: 2007 International Conference on Intelligent Pervasive.
Mutual Authentication and Key Exchange Protocol (MAKEP) Reporter: Jung-Wen Lo ( 駱榮問 ) Date: 2008/4/18.

Mutual Authentication and Key Exchange Protocol (MAKEP) Reporter: Jung-Wen Lo ( 駱榮問 ) Date: 2008/4/18.
A Secure Remote User Authentication Scheme with Smart Cards Manoj Kumar 報告者 : 許睿中 日期 :11.23 1.

A Secure Remote User Authentication Scheme with Smart Cards Manoj Kumar 報告者 : 許睿中 日期 :
Computer and Information Security 期末報告 學號 92321501 姓名 莊玉麟.

Computer and Information Security 期末報告 學號 姓名 莊玉麟.
A simple remote user authentication scheme 1. M. S. Hwang, C. C. Lee and Y. L. Tang, “A simple remote user authentication.

A simple remote user authentication scheme 1. M. S. Hwang, C. C. Lee and Y. L. Tang, “A simple remote user authentication.
電子商務與數位生活研討會 1 Further Security Enhancement for Optimal Strong-Password Authentication Protocol Tzung-Her Chen, Gwoboa Horng, Wei-Bin Lee,Kuang-Long Lin.

電子商務與數位生活研討會 1 Further Security Enhancement for Optimal Strong-Password Authentication Protocol Tzung-Her Chen, Gwoboa Horng, Wei-Bin Lee,Kuang-Long Lin.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
1 Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment Authors : Han-Cheng Hsiang and Wei-Kuan Shih.

1 Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment Authors : Han-Cheng Hsiang and Wei-Kuan Shih.
Efficient Multi-server Password Authenticated Key Agreement Using Smart Cards Computer and Information Security 92321509 Ming-Hong Shih.

Efficient Multi-server Password Authenticated Key Agreement Using Smart Cards Computer and Information Security Ming-Hong Shih.
90321011 孫國偉 Efficient Password authenticated key agreement using smart cards Author : Wen-Shenq Juang* Date : 2003.11.26 in Computers & Security.

孫國偉 Efficient Password authenticated key agreement using smart cards Author : Wen-Shenq Juang* Date : in Computers & Security.
An Improved Smart Card Based Password Authentication Scheme with Provable Security Source:Computer Standards & Interfaces, Vol. 31, No. 4, pp. 723-728,

An Improved Smart Card Based Password Authentication Scheme with Provable Security Source:Computer Standards & Interfaces, Vol. 31, No. 4, pp ,

Similar presentations

Ads by Google