1 / 20

A Pairing-Based User Authentication Scheme for Wireless Clients with Smart Cards

A Pairing-Based User Authentication Scheme for Wireless Clients with Smart Cards. Authors: Yuh-Min TSENG, Tsu-Yang WU, Jui-DiWU Source: Informatica: International Journal , Vol.19, No.2, pp.285-302, 2008. Outline. Introduction The Giri–Srivastava scheme The proposed scheme Conclusions

paloma
Download Presentation

A Pairing-Based User Authentication Scheme for Wireless Clients with Smart Cards

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A Pairing-Based User Authentication Scheme for Wireless Clients with Smart Cards Authors: Yuh-Min TSENG, Tsu-Yang WU, Jui-DiWU Source: Informatica: International Journal, Vol.19, No.2, pp.285-302, 2008

  2. Outline • Introduction • The Giri–Srivastava scheme • The proposed scheme • Conclusions • Comments

  3. Introduction Das, M.L., A. Saxena, V.P. Gulati and D.B. Phatak (2006). A novel remote user authentication scheme using bilinear pairings. Computers and Security, 25(3), 184–189. forgery attack computational cost multi-server Giri, D., and P.D. Srivastava (2006). An improved remote user authentication scheme with smart cards using bilinear pairings. In Cryptology ePrint Archive. The proposed scheme

  4. Bilinear Pairings Bilinear Pairing Let G1, G2 be cyclic groups of same order q. G1 : an additive groupE(Fp) G2 : a multiplicative group P : a generator of G1 Definition • A bilinear map • Bilinear: • Non-degenerate: • Computability:

  5. Notations • RS : a registration server • SS : a service server • Ui : a legal user • IDi: the identity of the user Ui • IDss: the identity of the service server SS • pwi: the password of the user Ui • P: a generator of the group G1 • s: the master private key of the RS in Zq∗ • PRS: the public key of the RS s.t. PRS= s · P • H1(): a one-way hash function {0,1}* →{0, 1}n • H2(): a map-to-point function {0,1}*→ G1 • T: a current time stamp • ⊕: a simple XOR operation in G1

  6. Framework • 3 roles: • Ui • SS • RS • 4 phases: • The registration phase • The login phase • The verification phase • The password change phase

  7. The Giri–Srivastava Scheme

  8. Smart card: The Registration Phase Registration Server RS User Ui

  9. The login and verification phase Smart card: User Ui Server Choose r T ?

  10. Smart card: The password change Phase • The smart card performs:

  11. The proposed scheme

  12. The Registration Phase Registration Server RS User Ui (s.QIDi)Wi

  13. The login and verification phase RegiWi

  14. The password change Phase • The smart card performs: Smart card:

  15. Security proof • Computational Diffie–Hellman (CDH) problem: • Given P, xP, yP∈ G1, finding xyP. • Computational Diffie–Hellman (CDH) assumption: • No probabilistic algorithm can solve the CDH problem with non-negligible advantage within polynomial time.

  16. Challenger C PRS= xP QIDi= H2(IDi) = yP (P, xP, yP) Login rT,xT U = rT · QIDi, V = (rT+ h) · xT H1( ) L1:(τ,Rh) τ = (IDi, IDSS, T, U) Rh T σ = (IDi, IDSS, T, U, V ) Attacker A IDiIDSS Forking Lemma A can generate two valid message σ = (IDi, IDSS, T, U, V ) and σ = (IDi, IDSS, T, U, V ) xyP xyP = (V − V')/(h − h')

  17. Discussions • Eviction mechanism • A black ID list • A positive list • Clock synchronization problem • The smart card should acquire a time stamp or a random challenge from the server • Increase extra transmission between the user and server but it does not affect the computational cost required by the smart card • Smart card security • Poor reparability • Insider attack

  18. Performance(1/2) • TGe: the time of executing the bilinear pairing operation e: G1 × G1 → G2 • TGmul: the time for point scalar multiplication on the group G1 • TGH: the time of executing the map-to-point hash function H2() • TGadd: the time for point addition on the group G1 • TH: the time of executing the one way hash function H1() • Tmul: the time for modular multiplication in Zq

  19. Performance(2/2)

  20. Conclusions • Mutual authentication • Session key establishment

More Related