1 / 10

Source: Computer Standards & Interfaces, Vol. 31, No. 4, pp. 723-728, Jun. 2009

An I mproved S mart C ard B ased P assword A uthentication S cheme with P rovable S ecurity. Source: Computer Standards & Interfaces, Vol. 31, No. 4, pp. 723-728, Jun. 2009 Author: Jing Xu, Wen-Tao Zhu and Deng-Guo Feng Speaker: Li-Tzu Chang. Outline. Review of Lee-Chiu’s scheme

kara
Download Presentation

Source: Computer Standards & Interfaces, Vol. 31, No. 4, pp. 723-728, Jun. 2009

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. An Improved Smart Card Based Password Authentication Scheme with Provable Security Source: Computer Standards & Interfaces, Vol. 31, No. 4, pp. 723-728, Jun. 2009 Author: Jing Xu, Wen-Tao Zhu and Deng-Guo Feng Speaker: Li-Tzu Chang

  2. Outline • Review of Lee-Chiu’s scheme • Forgery attack on Lee-Chiu’s scheme • Review of Lee et al.’s scheme • Offline password guessing attack on Lee et al.’s scheme • Proposed scheme • Conclusions

  3. Notations • h(.): a one-way hash function • p: a large prime number • g: a primitive root in GF(p) • q:a large prime such that p = 2q+1 • ID: user’s identification • PW: user’s password

  4. Review of Lee-Chiu’s scheme Server User Server’s secret key Registration {ID, PW} Selects ID, PW Computes A = h(ID||x) B = gA.h(PW) mod p {ID, A, B, h(.), p, g} Smart card Smart card Login and Authentication Inputs ID, PW* Verifies B ?= gA.h(PW*) mod p Computes Z = (B . A) mod p C1 = h(T⊕ B) {ID, Z, C1, T} Verifies ID, T Computes A* = h(ID||x) Verifies C1 ?= h(T ⊕ (Z / A* mod p)) No mutual authentication

  5. Forgery attack on Lee-Chiu’s scheme Adversary Steals a smart card and extracts the stored values someway Login and Authentication Computes Z’ = (B . A) mod p C1’= h(T’⊕ B) Server {ID, Z’, C1’, T’} Verifies ID, T’ Computes A* = h(ID||x) Verifies C1’ ?= h(T ⊕ (Z’ / A* mod p))

  6. Review of Lee et al.’s scheme Server User Server’s secret key Registration {ID, PW} Selects ID, PW Computes R = h(ID ⊕ x) ⊕ PW {ID, R, h(.)} Smart card Smart card Login and Authentication Inputs ID, PW* Computes C1 = R ⊕PW* C2 = h(C1 ⊕ T1) {ID, T1, C2} Verifies ID, T1 C2 ?= h( h(ID ⊕ x) ⊕T1) Computes C3 = h(h(ID ⊕ x) ⊕T3) {T3, C3} Verifies T3 C3 ?= h(C1⊕T3)

  7. Offline password guessing attack on Lee et al.’s scheme Adversary Records T1 and C2 from a successful login of a certain user Steals the smart card and reveals R from it Selects a password S Computes C’ = R ⊕S Checks h(C’⊕ T1) ?= C2 Repeats procedure offline until the correct password is yielded

  8. Proposed scheme (1/2) Registration Server’s secret key (x ∈ Zq*) Server User {ID, PW} Selects ID, PW Computes B = (h(ID)x + h(PW)) mod p {ID, B, h(.), p, g} Smart card Smart card

  9. Proposed scheme (2/2) Login and Authentication Server User Inputs ID, PW* Selects w ∈R Zq* Computes B’ = (B – h(PW*))w mod p W = h(ID)w mod p C= h(T||B’||W||ID) {ID, C, W, T} Verifies ID, T Computes B”= Wxmod p Verifies C ?= h(T||B”||W||ID) Selects m ∈R Zq* Computes M = h(ID)mmod p C’ = h(M||B”||T’||ID) {ID, C’, M, T’} Verifies T’ C’ ?= h(M||B’||T’||ID) Key agreement sk = h(ID||M||W||Wm) sk = h(ID||M||W||Mw)

  10. Conclusions • Proposes an improved smart card based password authentication scheme with formal security proof • Provides key agreement

More Related