1 / 20

作者 : JongHyup LEE 出處 : 2011 Elsevier Journal of Network and Computer Applications

An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards . 作者 : JongHyup LEE 出處 : 2011 Elsevier Journal of Network and Computer Applications 報告人 : 陳鈺惠

chen
Télécharger la présentation

作者 : JongHyup LEE 出處 : 2011 Elsevier Journal of Network and Computer Applications

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards 作者:JongHyup LEE 出處:2011 Elsevier Journal of Network and Computer Applications 報告人:陳鈺惠 日期:2013/12/04

  2. Introduction 1 Overview of Sood et al.’s scheme 2 Protocol analysis 4 3 Conclusion Proposed scheme 3 5 4 4 Outline

  3. 1.Introduction(1/1) • With the rapid development of the Internet and electronic commerce technology, many services are provided through the Internet such as online shopping, online game. • This paper propose an efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards to tackle these problems.

  4. 2.Overview of Sood et al.’s scheme

  5. 2.Overview of Sood et al.’s scheme (1/8)Registration phase UiSk CS Ai=h(IDi||b) Bi=h(b⊕Pi) Ai、Bi Fi= Ai⊕yi Gi=Bi⊕h(yi)⊕h(x) Ci=Ai⊕h(yi)⊕x (Fi、Gi、h(·)) Stores (Ci、yi⊕x) Smart card Di=b⊕h(IDi||Pi) Ei=h(IDi||Pi)⊕Pi Smart card(Di、Ei、Fi、Gi、h(·)) (SIDk、SKk) Stores(SIDk、SKk⊕h(x||SIDk))

  6. 2.Overview of Sood et al.’s scheme (2/8)Login phase UiSkCS IDi* Pi*Smart cardEi*=h(IDi*||Pi*)⊕Pi*Ei*=Ei?b=Di⊕h(IDi||Pi),Ai=h(IDi||b) Bi=h(b⊕Pi),yi=Fi⊕Ai h(x)=Gi⊕Bi⊕h(yi),Zi=h2(x)⊕Ni1 CIDi=Ai⊕h(yi)⊕h(x)⊕Ni1 Mi=h(h(x)||yi||SIDk||Ni1) (SIDk、Zi、CIDi、Mi)

  7. 2.Overview of Sood et al.’s scheme (3/8)Authentication and session key agreement phase UiSk CS Ri=Ni2⊕SKk (SIDk、Zi、CIDi、Mi、Ri) Ni1=Zi⊕h2(x),Ni2=Ri⊕SKk Ci*=CIDi⊕Ni1⊕h(x)⊕x Ci*=Ci?,extracts yi Mi*=h(h(x)||yi||SIDk||Ni1) Mi*=Mi? Ki=Ni1⊕Ni3⊕h(SKk||Ni2) Xi=h(IDi||yi||Ni1)⊕h(Ni1⊕Ni2⊕Ni3) Vi=h[h(Ni1⊕Ni2⊕Ni3)||h(IDi||yi||Ni1)] Ti=Ni2⊕Ni3⊕h(yi||IDi||h(x)||Ni1) (Ki、Xi、Vi、Ti)

  8. 2.Overview of Sood et al.’s scheme(4/8)Authentication and session key agreement phase UiSk CS Ni1⊕Ni3=Ki⊕h(SKk||Ni2) h(IDi||yi||Ni1)=Xi⊕h(Ni1⊕Ni2⊕Ni3) Vi*=h[h(Ni1⊕Ni2⊕Ni3)||h(IDi||yi||Ni1)] Vi*=Vi? (Vi、Ti) Ni2⊕Ni3Ti⊕h(yi||IDi||h(x)||Ni1) Vi*=h[h(Ni1⊕Ni2⊕Ni3)||h(IDi||yi||Ni1)] Vi*=Vi? SK=h(h(IDi||yi||Ni1)||(Ni1⊕Ni2⊕Ni3))

  9. 2.Overview of Sood et al.’s scheme (5/8)Leak-of-verifier attack User have(Dk、Ek、Fk、Gk、h(·)) 、IDk、Pk User can compute bk=Dk⊕h(IDk||Pk) Ak=h(IDk||b) yk=Fk⊕Ak Bk=h(b⊕Pk) h(x)=Gk⊕Bk⊕h(yk) Get yk、h(x) If client leaked yi⊕x、Ci=Ai⊕h(yi)⊕xUk get x、h(x)、yi⊕x from ykthen get yi、Ai and h(x) Uklogin

  10. 2.Overview of Sood et al.’s scheme (6/8)Leak-of-verifier attack Ukget random number Ni′1 Compute CID′i=Ai⊕h(yi)⊕h(x)⊕Ni′1 M′i=h(h(x)||yi||SIDj||Ni′1) Z′i=h2(x)⊕Ni′1 Uk submits the login request message (SIDj、Z′i、CID′i、M′i) to Sj Sjget random number Ni′2 Compute Ri=Ni2⊕SKjsubmits to CS Compute Ni1=Z′i⊕h2(x)、Ni2=Ri⊕SKj C*i=CID′i⊕Ni′1⊕h(x)⊕x=Ai⊕h(yi)⊕x=Ci CS compute Mi*=h(h(x)||yi||SIDj||Ni′1)=M′i Uk get yi⊕x、Ci=Ai⊕h(yi)⊕x

  11. 2.Overview of Sood et al.’s scheme (7/8)Stolen smart card attack If (SIDj、Zi、CIDi、Mi) was eavesdropped and previously valid login Uk compute Ni1=Z′i⊕h2(x) Ai⊕h(yi)=CIDi⊕Ni1⊕h(x) Uk extract (Di、Ei、Fi、Gi、h(·)) Compute bi⊕Pi=Di⊕Ei h(bi⊕Pi)=Bi h(yi)=Gi⊕Bi⊕h(x) Compute Ai⊕h(yi)⊕(Ai⊕h(yi)) Get yi=Fi⊕Ai Uk get h(x)、yi

  12. 2.Overview of Sood et al.’s scheme(8/8)Incorrect authentication and session key agreement phase In registration phase,Ui submits Ai、Bi rather than true identity IDi to CS。 But in step4 Xi=h(IDi||yi||Ni1)⊕h(Ni⊕Ni2⊕Ni3) Vi=h[h(Ni1⊕Ni2⊕Ni3)||h(IDi||yi||Ni1)] Ti=Ni2⊕Ni3⊕h(yi||IDi||h(x)||Ni1)

  13. 3.Proposed scheme(1/4)Registration phase UiSjCS Chooses IDi、Pi、b Ai=h(b||Pi) (IDi、Ai) Bi=h(ID||x),Ci=h(IDi||h(y)||Ai) Di=Bi⊕h(IDi||Ai),Ei=Bi⊕h(y||x) (Ci、Di、Ei、h(·)、h(y)) Smart card Ui enter b to smart cardsmart card stores (Ci、Di、Ei、h(·)、h(y)、b)

  14. 3.Proposed scheme(2/4)Login phase UiSjCS Inputs IDi、Pismart card computes Ai=h(b||Pi),Ci′=(IDi||h(y)||Ai) Ci′=Ci? Smart card generates Ni1 Bi=Di⊕h(IDi||Ai),Fi=h(y)⊕Ni1 Pij=Ei⊕h(h(y)||Ni1||SIDj) CIDi=Ai⊕h(Bi||Fi||Ni1) Gi=h(Bi||Ai||Ni1) (Fi、Gi、Pij、CIDi)

  15. 3.Proposed scheme(3/4)Authentication and session key agreement phase UiSjCS Sjchooses Ni2 Ki=h(SIDj||y)⊕Ni2 Mi=h(h(x||y)||Ni2)) (Fi、Gi、Pij、CIDi、SIDj、Ki、Mi) Ni2=Ki⊕h(SIDj||y) Mi′=h(h(x||y)||Ni2),Mi′=Mi? Ni1=Fi⊕h(y) Bi=Pij⊕h(h(y)||Ni1||SIDj)⊕h(y||x) Ai=CIDi⊕h(Bi||Fi||Ni1) Gi′=h(Bi||Ai||Ni1),Gi′=Gi? CSgenerates Ni3 Qi=Ni1⊕Ni3⊕h(SIDj||Ni2) Ri=h(Ai||Bi)⊕h(Ni1⊕Ni2⊕Ni3) Vi=h(h(Ai||Bi)||h(Ni1⊕Ni2⊕Ni3)) Ti=Ni2⊕Ni3⊕h(Ai||Bi||Ni1)

  16. 3.Proposed scheme(4/4)Authentication and session key agreement phase UiSjCS (Qi、Ri 、Vi 、Ti) Ni1⊕Ni3=Qi⊕h(SIDj||Ni2) h(Ai||Bi)=Ri⊕h(Ni1⊕Ni3⊕Ni2) Vi′=h(h(Ai||Bi)||h(Ni1⊕Ni3⊕Ni2) Vi′=Vi? (Vi、Ti) Ni2⊕Ni3=Ti⊕h(Ai||Bi||Ni1) Vi′=h(h(Ai||Bi)||h(Ni2⊕Ni3⊕Ni1)) Vi′=Vi? SK=h(h(Ai||Bi)||(Ni1⊕Ni2⊕Ni3))

  17. 4.Protocol analysis

  18. 5.Conclusion • This paper can satisfy all the essential requirements for multi-server architecture authentication. • Compared with Sood et al.'s (2011) protocol and other related protocols, our proposed protocol keeps the efficiency and is more secure. Therefore, our protocol is more suitable for the practical applications.

  19. Thank You !

More Related