130 likes | 149 Views
This paper introduces the SAS-2 protocol as an optimized one-time password authentication method suitable for low-spec machines. The protocol minimizes the overhead of hash function adaptation by 40% and supports key-free systems, ensuring secure mutual authentication. The registration and authentication phases are detailed, along with definitions, inputs, and steps for both scenarios. The SAS-2 method is elaborated with consideration of variations and a proposed application for key-free systems.
E N D
A One-Time Password Authentication Method for Low Spec Machines and on Internet Protocols Author :Takasuke TSUJI,Akihiro SHIMIZU Source :IEICE Transactions on Communications, Vol.E87-B, No 6, June 2004, pp. 1594- 1600 Speaker: Z.Y.Wu(吳紫嫣) Date :2005/01/04
Outline • Introduction • SAS-2 • Application for Key-Free Systems • Conclusion
Introduction • The SAS (Simple And Secure password authentication protocol) is a one-time password authentication method that the method uses a hash function five times, but it requires high overhead on low spec machines. • In this paper, we propose a new method, SAS-2, which reduces overhead of hash function adaptation by 40%. This method has a mutual authentication phase, which maintains synchronous data communications in its authentication procedure. Moreover, SAS-2 can be applied to key-free systems
SAS-2 Protocol • The SAS-2 protocol consists of two phases: the registration phase and the authentication phase. • The registration process is performed only once, and the authentication procedure is executed every time the user login to the system.
Definitions • User is the computer user who employs the protocol for authentication. • Server is the server that authenticates users. • ID is the user’s identity. • S is the user’s password. • X, F and H are one-way hash functions. For example,H(x) means x is hashed once. • i is an integer indicating the number of authentication sessions. • Ni represents a random number corresponding to the ith authentication. • + represents the addition operation. • represents a bitwise XOR operation.
User Server Inputs ID,S Generates a random number Ni and stores Ni A =X(ID,S⊕Ni) ID,A (Secure channel) Stores ID,A Registration phase of the SAS-2.
Server Data storage : ID,A User Data storage : Ni Inputs ID,S A =X(ID,S⊕Ni) Generates a random number Ni+1 , and stores Ni+1 (Then the user can use A instead of Ni+1) C=X(ID,S⊕Ni+1) F(C)=F(ID,C) α=C⊕(F(C)+A) β=F(C)⊕A Authentication phase of the SAS-2(1/2).
F(C)=β⊕A C=α⊕(F(C)+A) False F(C)=F(ID,C)? True Authentication fail A=C γ=F(ID,F(C)) γ False γ=F(ID,F(C))? Authentication fail True Authentication phase of the SAS-2(2/2).
Application for Key-Free Systems • Definitions A lock has its own identity ID, the key’s identity K, and secret key S .
Lock Data storages:ID,S,K Key Generates a random number Ni and stores Ni A =X(ID⊕K,S⊕Ni) ID,K,A (Secure channel) Stores ID,K,A Registration phase of the key-free system.
Key Data storage : ID,K,A Lock Data storage : ID,S,K,Ni A =X(ID⊕K,S⊕Ni) Generates a random number Ni+1 , and stores Ni+1 (Then the user can use A instead of Ni+1) C=X(ID⊕K,S⊕Ni+1) F(C)=F(ID⊕K,C) α=C⊕(F(C)+A) β=F(C)⊕A ID,α,β The ith authentication phase of the key-free system(1/2). K
F(C)=β⊕A C=α⊕(F(C)+A) False F(C)=F(ID⊕K,C)? True Authentication fail A=C γ=F(ID⊕K,F(C)) γ γ=F(ID⊕K,F(C))? False Authentication fail True The ith authentication phase of the key-free system(2/2).
Conclusion • The SAS-2 method has variations, and we have considered all variations of the SAS-2 and have produced safe combinations. In addition, we suggest here an application for key-free systems using the SAS-2 method.