1 / 15

Efficient Multi-server Password Authenticated Key Agreement Using Smart Cards

Efficient Multi-server Password Authenticated Key Agreement Using Smart Cards. Computer and Information Security 92321509 Ming-Hong Shih. Source. Wen-Shenq Juang , IEEE Transactions on Consumer Electronics, Vol. 50, No. 1,pp. 251-255, Feb. 2004.

alagan
Download Presentation

Efficient Multi-server Password Authenticated Key Agreement Using Smart Cards

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Efficient Multi-server Password Authenticated Key AgreementUsing Smart Cards Computer and Information Security 92321509 Ming-Hong Shih

  2. Source • Wen-Shenq Juang , IEEE Transactions on Consumer Electronics, Vol. 50, No. 1,pp. 251-255, Feb. 2004

  3. we propose a novel user authentication and key agreement scheme using smart cards for multi-server environments with much less computational cost and more functionality. • In this scheme, we assume the registration center can be trusted.

  4. major merits • users only need to register at the registration center once and can use permitted services in eligible servers. • the scheme does not need a verification table. • Users can freely choose their passwords. • the computation and communication cost is very low. • servers and users can authenticate each other. • it generates a session key agreed by the user and the server. • it is a nonce-based scheme which does not have a serious time-synchronization problem.

  5. Notations • h() : a secure one-way hashing function • Ek(m) : the ciphertext of m encrypted using the secret key k of some secure symmetric cryptosystem • Dk(c) : the plaintext of c decrypted using the secret key k of the corresponding symmetric cryptosystem • ⊕ : the bitwise exclusive-or operator • RC : the registration center • Sj : server j • Ui : user i • UIDi : a unique identification of Ui • SIDj : a unique identification of Sj • x : the secret key kept secretly by RC • wj= h(x, SIDj) : the secret key shared by Sjand RC

  6. Registration Phase RC 1. UIDi , PWi Ui 3.1 vi=h (x, UIDi) μi=vi⊕PWi vi,j=h (vi, SIDi) 2.1 2.2 3.2 Ewj(vi,j,UIDi) Smart card (UIDi, μi) Sj Ewj(vi,j,UIDi)

  7. 用來產生kth session key skk 用來確認Ui Login and Session Key Agreement Phase 1. N1 , UIDi , Evi,j(ruk,h(UIDi||N1)) Ui Sj vi=μi⊕PWi Smart card vi,j=h (vi, SIDj) Sj vi,j Dwj(Ewj(vi,j,UIDi)) Dvi,j(Evi,j(ruk,h(UIDi||N1))) Ewj(vi,j,UIDi) h(UIDi||N1)

  8. 用來產生kth session key skk 1. N1 , UIDi , Evi,j(ruk,h(UIDi||N1)) Ui Sj 2. Evi,j(rsk,N1+1,N2) Smart card Dvi,j(Evi,j(rsk,N1+1,N2))) Ui skk=h(rsk,ruk,vi,j)

  9. 1. N1 , UIDi , Evi,j(ruk,h(UIDi||N1)) Ui Sj 2. Evi,j(rsk,N1+1,N2) 3. Eskk(N2+1) Sj Dskk(Eskk(N2+1)) Ui Sj skk

  10. Shared Key Inquiry Phase RC 1. UIDi , PWi Ui 3.1 vi=h (x, UIDi) μi=vi⊕PWi vi,j=h (vi, SIDi) μi=vi⊕PWi 2.1 2.2 3.2 Ewj(vi,j,UIDi) Smart card (UIDi, μi) Sj Ewj(vi,j,UIDi)

  11. 用來認證Sj 1. N1 , UIDi , Evi,j(ruk,h(UIDi||N1)) Ui Sj 2. Evi,j(rsk,N1+1,N2) 3. Eskk(N2+1) RC 1.1 N3 , UIDi , SIDi , Ewj(h(UIDi||SIDi||N3) RC Dwj( Ewj(h(UIDi||SIDi||N3))

  12. Ewj(vi,j,N3+1) 1. N1 , UIDi , Evi,j(ruk,h(UIDi||N1)) Ui Sj 2. Evi,j(rsk,N1+1,N2) 3. Eskk(N2+1) 1.2 Ewj(vi,j,N3+1) RC 1.1 N3 , UIDi , SIDi , Ewj(h(UIDi||SIDi||N3) Sj vi,j is the share secrete key Dwj(Ewj(vi,j,N3+1))

  13. SECURITY ANALYSIS • The secret μi= vi♁ PWiis stored in Ui’s smart card. • Only the real user Ui knows his password PWi can compute the secret vi= μi ♁ PWi and compute the shared secret vi,j = h(vi, SIDj) between Ui and Sj. • The replay attacks fail since the freshness of messages in the login and session key agreement phase and that in the shared key inquiry phase are preserved by the nonces N1 , N2 and N3.

  14. The session key skk=h( rsk, ruk, vi,j) is known to nobody but Ui and Sj since the random values rsk and ruk are encrypted by the shared secret key vi,j . • A session key skl=h( rsl, rul, vi,j) is no use for computing the other session key skk=h( rsk, ruk, vi,j), since without knowing rsk , ruk ,vi,j, it is infeasible to compute skk.

  15. Comparisons between this scheme and others

More Related