1 / 22

Robust and Efficient Password-Authenticated Key Agreement Using Smart Cards

Robust and Efficient Password-Authenticated Key Agreement Using Smart Cards. Authors: Wen-Shenq Juang, Sian-Teng Chen and Horng-Twu Liaw Src: IEEE Transaction on Industrial Electronics, Vol. 55, No. 6, pp. 2551-2556, 2008 Presenter: Jung-wen Lo ( 駱榮問 ) Date: Jul. 30, 2009. Outline.

colman
Télécharger la présentation

Robust and Efficient Password-Authenticated Key Agreement Using Smart Cards

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Robust and Efficient Password-Authenticated Key Agreement Using Smart Cards Authors: Wen-Shenq Juang, Sian-Teng Chen and Horng-Twu LiawSrc: IEEE Transaction on Industrial Electronics, Vol. 55, No. 6, pp. 2551-2556, 2008 Presenter: Jung-wen Lo (駱榮問) Date: Jul. 30, 2009

  2. Outline • Chun-I Fan, Yung-Cheng Chan, and Zhi-Kai Zhang, “Robust remote authentication scheme with smart cards,” Computers & Security, vol. 24, no. 8, pp. 619–628, Nov. 2005 • Wen-Shenq Juang, Sian-Teng Chen and Horng-Twu Liaw, “Robust and Efficient Password-Authenticated Key Agreement Using Smart Cards,” IEEE Transaction on Industrial Electronics, vol. 55, no. 6, pp. 2551-2556 • Comment

  3. Robust remote authentication scheme with smart cards Authors: Chun-I Fan, Yung-Cheng Chan, and Zhi-Kai Zhang Src: Computers & Security, vol. 24, no. 8, pp. 619–628, Nov. 2005

  4. Introduction • Criteria for secure remote authentication scheme using smart card 1) Low computation for smart cards 2) No password table 3) Passwords chosen by the users themselves 4) Not requiring clock synchronization and delay-time limitation 5) Withstanding the replay attack 6) Server authentication 7) Withstanding the offline dictionary attack with the smart card 8) Withstanding the offline dictionary attack without the smart card 9) Revoking the lost cards without changing the users’ identities • Major contribution • Withstand replay attack • Preventing the offline dictionary attack • Two protocol • Registration protocol • Login protocol

  5. Registration Protocol System User IDi, h(PWi) Random vibi = Es(h(PWi)||H(IDi)||CIi||vi)) CIi,IDi, bi,n CIi,IDi, bi,n

  6. Login Protocol User System bi,Vi,IDi,CIi Card Reader PWi Random uLi={IDi,(bi||h(IDi)||u)2 mod n} L1 Decrypt:L1(bi||h(IDi)||u) bih(PWi)||h(IDi)||CIi||vi) Verify h(IDi),{IDi, CIi}Random rα=ruβ=h((r||u) L2={α,β} r’=αuh((r’||u) ?=β L3=h(h(PWi)||r) L3 h(h(PWi)||r) ?= L3

  7. Performance

  8. Conclusion • Properties 1) Low computation for smart cards 2) No password table 3) Passwords chosen by the users themselves 4) Not requiring clock synchronization and delay-time limitation 5) Withstanding the replay attack 6) Server authentication 7) Withstanding the offline dictionary attack with the smart card 8) Withstanding the offline dictionary attack w/o the smart card 9) Revoking the lost cards without changing the users’ identities • Major contribution • Withstand replay attack • Preventing the offline dictionary attack • Major drawbacks • No ability of anonymity for the user • Higher computation and communication cost • No session key agreement • Cannot prevent the insider attack

  9. Robust and Efficient Password-Authenticated Key Agreement Using Smart Cards Authors: Wen-Shenq Juang, Sian-Teng Chen and Horng-Twu Liaw Src: IEEE Transaction on Industrial Electronics, vol. 55, no. 6, pp. 2551-2556, 2008

  10. Introduction • Improve Fan-Chan-Zhang’s scheme • Session key agreement • Prevent insider attack • Five Phases 1) Parameter generation phase 2) Registration phase 3) Precomputation phase 4) Log-in phase 5) Password-changing phase

  11. Notation • h(): Public one-way hash function. • s: Master secret key of a symmetric cryptosystem, which is kept secret by the server. • Es(): Secure symmetric encryption algorithm with the secret key s. • Ds(): Secure symmetric decryption algorithm with the secret key s. • ||: String concatenation operator. • P: Large prime. • EP: Elliptic curve equation over ZP . • x: Server’s private key based on elliptic curve cryptosystems. • PS: Server’s public key based on elliptic curvecryptosystems. • G: Generator point of a large order.Manuscript

  12. Parameter generation phase • Server side • Choose a large prime P • Select a,b∈ZP; 4a3 + 27b2(mod P) ≠0 • Elliptic curve equation: EP : y2 = x3 + ax + b over ZP • Find a generator point G of order n where n × G = O • Select a random number x as its private key and safely keeps it in its secret storage. • Compute the public keyPS= (x • G) • Publish the parameters (PS, P, EP, G, n)

  13. Registration/Precomputation phase Server User IDi, h(Pwi||b) Random b Registration phase (Only Once) bi = Es(h(PWi||b)||IDi||CIi||h(IDi||CIi||h(PWi||b))) Vi = h(IDi, s, CIi). bi,Vi,IDi,CIi bi,Vi,IDi,CIi,b Smart Card Random re=(r•G)c=(r•Ps)=(r•x•G)Store (c,e) in memory Precomputation phase

  14. Log-in phase Card Reader Server User bi,Vi,IDi,CIi,b bi, Evi(e) (c,e) PWi Ds(bi)IDi,CIiVerifyVi=h(IDi,s,CIi)Dvi(Evi(e)) e=(r•G) c’=(e•x)=(r•x•G)Random uMs=h(c’||u||Vi) Smart Card u, Ms h(c||u||Vi) ?= MsMu=h(h(PWi||b)||Vi||c||u)Sk = h(Vi,c,u) Mu h(h(PWi||b)||Vi||c||u)?=MuSk = h(Vi,c,u) bi = Es(h(PWi||b)||IDi||CIi||h(IDi||CIi||h(PWi||b)))

  15. Password-changing phase Card Reader Server User Log-in Phase Sk Sk ESk(IDi, h(PW*i||b*)) New PW*i,b* b*i = Es(h(PW*i||b*)||IDi||CIi||h(IDi||CIi||h(PW*i||b*))) Smart Card ESk(b*i) DecryptStore (b*i,b*) in memory b*i,Vi,IDi,CIi,b*

  16. Security Analysis • Strong Mutual Authentication • Both believe the correction of session key • Preventing the Replay Attack • Nonce r & u • Preventing the Insider Attack • No password table • Protected with h(PWi||b) • Preventing the Offline Dictionary Attack Without the Smart Card • Cannot obtain PWi from messages • Preventing the Offline Dictionary Attack With the Smart Card • No obvious password in card (bi) • Need server’s help to verify password

  17. Communication and storage cost

  18. Computation Cost

  19. Capability Comparisons

  20. Conclusion • Advantages • Benefits of Fan et al.’s scheme • Identity protection • Session key agreement • Low communication and computation cost by using elliptic curve cryptosystems • Prevent the insider attack

  21. Comment • Register table attack DoS attack • Eliminate the table • Protect the table • Modify the data of table, eg, CIi • Verify before use • Performance improvement • 3 ways  2 ways

  22. Comment: Log-in phase (2 round) Card Reader Server User bi,Vi,IDi,CIi,b bi, Evi(e||n) Ds(bi)IDi,CIiVerifyVi=h(IDi,s,CIi)Dvi(Evi(e)) e=(r•G) c’=(e•x)=(r•x•G)Random uMs=h(c’||n||u||Vi)Sk = h(Vi,c,u) (c,e)Randomn PWi Smart Card u, Ms h(c||n||u||Vi) ?= MsSk = h(Vi,c,u) bi = Es(h(PWi||b)||IDi||CIi||h(IDi||CIi||h(PWi||b)))

More Related