Download
1 / 16
180 likes | 339 Vues
Secure Remote User Authentication Scheme Using Bilinear Pairings. Department of Computer Engineering, Kyungpook National University Author : Eun-Jun Yoon, Wan-Soo Lee, Kee-Young Yoo Speaker : Wan-Soo Lee (complete2@infosec.knu.ac.kr) Date : 2007.05.10. (Thu). Contents.
E N D
Secure Remote User Authentication Scheme Using Bilinear Pairings Department of Computer Engineering, Kyungpook National University Author : Eun-Jun Yoon, Wan-Soo Lee, Kee-Young Yoo Speaker : Wan-Soo Lee (complete2@infosec.knu.ac.kr) Date : 2007.05.10. (Thu)
Contents • Introduction • Review of Das et al.’s scheme • Cryptanalysis of Das el al.’s scheme • Impersonation attack • Off-Line password guessing attack • Proposed scheme • Conclusion Information Security Lab.
Introduction • Remote user authentication • Along with confidentiality and integrity, for systems that allow remote access over untrustworthy networks, like the Internet • Das et al.’s scheme (In 2006) • proposed a remote user authentication scheme using bilinear pairing • Our refutation • Insecure against the impersonation attack and off-line password guessing attack Information Security Lab.
Definition • A bilinear map from • Bilinear: • Non-degenerate: • Computability: Introduction • Bilinear Pairing • Let G1, G2 be cyclic groups of same order q. • G1 : an additive group, G2 : a multiplicative group Information Security Lab.
Definition 1 Definition 2 Introduction • Mathematical Problems Information Security Lab.
Das et al.’s Authentication Scheme • Setup Phase : • G1 : an additive cyclic group of order prime q • G2 : a multiplicative cyclic group of the same order. • P : a generator of G1 • Bilinear mapping e : G1 × G1 ∈ G2 • Hash function H : {0, 1}* → G1 • RS selects a secret key s and computes PubRS = sP. • RS publishes <G1, G2, e, q, P, PubRS , H(·)> • and keeps s secret. Information Security Lab.
Das et al.’s Authentication Scheme • Registration Phase : Select IDi, PWi IDi, PWi RegIDi← s • H(IDi)+H(PWi) Store IDi, RegIDi, H(•) in Smart Card Smart Card (Secure Channel) Information Security Lab.
Das et al.’s Authentication Scheme • Login and Verification Phase : Input IDi, Pwi Pick up T DIDi← T • RegIDi Vi ← T • H(PWi) { IDi, DIDi, Vi, T} Check (T* - T) ≤ ∆T Check e(DIDi – Vi, P)=e(H(IDi), PubRS)T Information Security Lab.
Cryptanalysis of Das el al.’s scheme • Impersonation attack { IDi, DID’i, V’i, T’} { IDi, DIDi, Vi, T} Information Security Lab.
Cryptanalysis of Das el al.’s scheme • Off-line password guessing attack { IDi, DIDi, Vi, T} Information Security Lab.
Proposed scheme • Setup Phase : • G1 : an additive cyclic group of order prime q • G2 : a multiplicative cyclic group of the same order. • P : a generator of G1 • Bilinear mapping e : G1 × G1 ∈ G2 • Hash function H : {0, 1}* → G1 • F(·) : a collision resistant one-way hash function • RS selects a secret key s and computes PubRS = sP. • RS publishes <G1, G2, e, q, P, PubRS , H(·), F(·)> • and keeps s secret. Information Security Lab.
Proposed scheme • Registration Phase : U ← H(IDi, IDs) Ki ← s • U VKi ← F(Ki) RegIDi← Ki + H(F(Pwi|N) Store U, VKi, RegIDi,H(•), F(•) in Smart Card Select IDi, Pwi, N IDi, F(Pwi|N) compute F(Pwi|N) Enter N into Smart Card Smart Card (Secure Channel) Information Security Lab.
Proposed scheme • Login and Session key agreement Phase : Input IDi, PWi Verify IDi U ← H(IDi, IDs) Ki ← RegIDi – H(F(PWi|N) { IDi, C1 } { C2, C3 } { C4 } Information Security Lab.
Comparison Information Security Lab.
Conclusion • Das el al’s scheme • is vulnerable to an impersonation attack and an off-line password guessing attack • Improved authentication scheme based on • bilinear computational D-H problem • one-way hash function »» Provides mutual authentication between the user and remote system. »» Not require time synchronization or delay-time limitations • Future work : Must be proved formally Information Security Lab.
Q & A Thank you Information Security Lab.
