150 likes | 315 Views
Efficient Multi-server Password Authenticated Key Agreement Using Smart Cards. Computer and Information Security 92321509 Ming-Hong Shih. Source. Wen-Shenq Juang , IEEE Transactions on Consumer Electronics, Vol. 50, No. 1,pp. 251-255, Feb. 2004.
E N D
Efficient Multi-server Password Authenticated Key AgreementUsing Smart Cards Computer and Information Security 92321509 Ming-Hong Shih
Source • Wen-Shenq Juang , IEEE Transactions on Consumer Electronics, Vol. 50, No. 1,pp. 251-255, Feb. 2004
we propose a novel user authentication and key agreement scheme using smart cards for multi-server environments with much less computational cost and more functionality. • In this scheme, we assume the registration center can be trusted.
major merits • users only need to register at the registration center once and can use permitted services in eligible servers. • the scheme does not need a verification table. • Users can freely choose their passwords. • the computation and communication cost is very low. • servers and users can authenticate each other. • it generates a session key agreed by the user and the server. • it is a nonce-based scheme which does not have a serious time-synchronization problem.
Notations • h() : a secure one-way hashing function • Ek(m) : the ciphertext of m encrypted using the secret key k of some secure symmetric cryptosystem • Dk(c) : the plaintext of c decrypted using the secret key k of the corresponding symmetric cryptosystem • ⊕ : the bitwise exclusive-or operator • RC : the registration center • Sj : server j • Ui : user i • UIDi : a unique identification of Ui • SIDj : a unique identification of Sj • x : the secret key kept secretly by RC • wj= h(x, SIDj) : the secret key shared by Sjand RC
Registration Phase RC 1. UIDi , PWi Ui 3.1 vi=h (x, UIDi) μi=vi⊕PWi vi,j=h (vi, SIDi) 2.1 2.2 3.2 Ewj(vi,j,UIDi) Smart card (UIDi, μi) Sj Ewj(vi,j,UIDi)
用來產生kth session key skk 用來確認Ui Login and Session Key Agreement Phase 1. N1 , UIDi , Evi,j(ruk,h(UIDi||N1)) Ui Sj vi=μi⊕PWi Smart card vi,j=h (vi, SIDj) Sj vi,j Dwj(Ewj(vi,j,UIDi)) Dvi,j(Evi,j(ruk,h(UIDi||N1))) Ewj(vi,j,UIDi) h(UIDi||N1)
用來產生kth session key skk 1. N1 , UIDi , Evi,j(ruk,h(UIDi||N1)) Ui Sj 2. Evi,j(rsk,N1+1,N2) Smart card Dvi,j(Evi,j(rsk,N1+1,N2))) Ui skk=h(rsk,ruk,vi,j)
1. N1 , UIDi , Evi,j(ruk,h(UIDi||N1)) Ui Sj 2. Evi,j(rsk,N1+1,N2) 3. Eskk(N2+1) Sj Dskk(Eskk(N2+1)) Ui Sj skk
Shared Key Inquiry Phase RC 1. UIDi , PWi Ui 3.1 vi=h (x, UIDi) μi=vi⊕PWi vi,j=h (vi, SIDi) μi=vi⊕PWi 2.1 2.2 3.2 Ewj(vi,j,UIDi) Smart card (UIDi, μi) Sj Ewj(vi,j,UIDi)
用來認證Sj 1. N1 , UIDi , Evi,j(ruk,h(UIDi||N1)) Ui Sj 2. Evi,j(rsk,N1+1,N2) 3. Eskk(N2+1) RC 1.1 N3 , UIDi , SIDi , Ewj(h(UIDi||SIDi||N3) RC Dwj( Ewj(h(UIDi||SIDi||N3))
Ewj(vi,j,N3+1) 1. N1 , UIDi , Evi,j(ruk,h(UIDi||N1)) Ui Sj 2. Evi,j(rsk,N1+1,N2) 3. Eskk(N2+1) 1.2 Ewj(vi,j,N3+1) RC 1.1 N3 , UIDi , SIDi , Ewj(h(UIDi||SIDi||N3) Sj vi,j is the share secrete key Dwj(Ewj(vi,j,N3+1))
SECURITY ANALYSIS • The secret μi= vi♁ PWiis stored in Ui’s smart card. • Only the real user Ui knows his password PWi can compute the secret vi= μi ♁ PWi and compute the shared secret vi,j = h(vi, SIDj) between Ui and Sj. • The replay attacks fail since the freshness of messages in the login and session key agreement phase and that in the shared key inquiry phase are preserved by the nonces N1 , N2 and N3.
The session key skk=h( rsk, ruk, vi,j) is known to nobody but Ui and Sj since the random values rsk and ruk are encrypted by the shared secret key vi,j . • A session key skl=h( rsl, rul, vi,j) is no use for computing the other session key skk=h( rsk, ruk, vi,j), since without knowing rsk , ruk ,vi,j, it is infeasible to compute skk.