1 / 13

Enhanced SAS-2 Protocol for Efficient Authentication on Low-Spec Machines and Internet Protocols

This paper introduces the SAS-2 protocol as an optimized one-time password authentication method suitable for low-spec machines. The protocol minimizes the overhead of hash function adaptation by 40% and supports key-free systems, ensuring secure mutual authentication. The registration and authentication phases are detailed, along with definitions, inputs, and steps for both scenarios. The SAS-2 method is elaborated with consideration of variations and a proposed application for key-free systems.

fdowd
Download Presentation

Enhanced SAS-2 Protocol for Efficient Authentication on Low-Spec Machines and Internet Protocols

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. A One-Time Password Authentication Method for Low Spec Machines and on Internet Protocols Author :Takasuke TSUJI,Akihiro SHIMIZU Source :IEICE Transactions on Communications, Vol.E87-B, No 6, June 2004, pp. 1594- 1600 Speaker: Z.Y.Wu(吳紫嫣) Date :2005/01/04

  2. Outline • Introduction • SAS-2 • Application for Key-Free Systems • Conclusion

  3. Introduction • The SAS (Simple And Secure password authentication protocol) is a one-time password authentication method that the method uses a hash function five times, but it requires high overhead on low spec machines. • In this paper, we propose a new method, SAS-2, which reduces overhead of hash function adaptation by 40%. This method has a mutual authentication phase, which maintains synchronous data communications in its authentication procedure. Moreover, SAS-2 can be applied to key-free systems

  4. SAS-2 Protocol • The SAS-2 protocol consists of two phases: the registration phase and the authentication phase. • The registration process is performed only once, and the authentication procedure is executed every time the user login to the system.

  5. Definitions • User is the computer user who employs the protocol for authentication. • Server is the server that authenticates users. • ID is the user’s identity. • S is the user’s password. • X, F and H are one-way hash functions. For example,H(x) means x is hashed once. • i is an integer indicating the number of authentication sessions. • Ni represents a random number corresponding to the ith authentication. • + represents the addition operation. • represents a bitwise XOR operation.

  6. User Server Inputs ID,S Generates a random number Ni and stores Ni A =X(ID,S⊕Ni) ID,A (Secure channel) Stores ID,A Registration phase of the SAS-2.

  7. Server Data storage : ID,A User Data storage : Ni Inputs ID,S A =X(ID,S⊕Ni) Generates a random number Ni+1 , and stores Ni+1 (Then the user can use A instead of Ni+1) C=X(ID,S⊕Ni+1) F(C)=F(ID,C) α=C⊕(F(C)+A) β=F(C)⊕A Authentication phase of the SAS-2(1/2).

  8. F(C)=β⊕A C=α⊕(F(C)+A) False F(C)=F(ID,C)? True Authentication fail A=C γ=F(ID,F(C)) γ False γ=F(ID,F(C))? Authentication fail True Authentication phase of the SAS-2(2/2).

  9. Application for Key-Free Systems • Definitions A lock has its own identity ID, the key’s identity K, and secret key S .

  10. Lock Data storages:ID,S,K Key Generates a random number Ni and stores Ni A =X(ID⊕K,S⊕Ni) ID,K,A (Secure channel) Stores ID,K,A Registration phase of the key-free system.

  11. Key Data storage : ID,K,A Lock Data storage : ID,S,K,Ni A =X(ID⊕K,S⊕Ni) Generates a random number Ni+1 , and stores Ni+1 (Then the user can use A instead of Ni+1) C=X(ID⊕K,S⊕Ni+1) F(C)=F(ID⊕K,C) α=C⊕(F(C)+A) β=F(C)⊕A ID,α,β The ith authentication phase of the key-free system(1/2). K

  12. F(C)=β⊕A C=α⊕(F(C)+A) False F(C)=F(ID⊕K,C)? True Authentication fail A=C γ=F(ID⊕K,F(C)) γ γ=F(ID⊕K,F(C))? False Authentication fail True The ith authentication phase of the key-free system(2/2).

  13. Conclusion • The SAS-2 method has variations, and we have considered all variations of the SAS-2 and have produced safe combinations. In addition, we suggest here an application for key-free systems using the SAS-2 method.

More Related