A_Secure_Remote_User_Authentication_Scheme_with_Smart(new).

Report
A Secure Remote User Authentication
Scheme with Smart Cards
Manoj Kumar
http://eprint.iacr.org/2008/331,2008
報告者:許睿中
日期:11.23
1
Outline
•
•
•
•
Introduction
Notations
Scheme
Conclusions
2
Introduction
Register phase
USER
SERVER
Login phase
USER
SERVER
Authentication phase
3
Introduction
• The point of vulnerabilities in a remote user
authentication scheme:
– Security vulnerabilities due to remote user
– Security vulnerabilities due to remote server
– Security vulnerabilities due to insecure channel
• To solve these vulnerabilities:
– mutual authentication
– Secure session key generation
4
Outline
•
•
•
•
Introduction
Notations
Scheme
Conclusions
5
Notations
U
denote a remote user
ID
denote an identify of a remote user U
IDS
denote an identify of a remote server
PW
denote a password corresponding to a register identify ID
AS
denote an authentication server
XS
denote a permanent secert key of an authentication server
f( . )
denote a cryptographic one way hash function
⊕
XOR operation
U↔AS:M
the user U send M to the server AS through a secert channel
U→AS:M
the user U send M to the server AS through a open channel
p
denote a large prime number
SID
the redirected identify corresponding to a registered identifity ID
CID
denote a check digit sum corresponding to a register idebtify ID
Red( . )
a function to redirect the identity ID for every user U
CK( . )
a function to generatr check digit for registered identify
6
Outline
•
•
•
•
Introduction
Notations
Schema
Conclusions
7
Scheme
• The Register phase
• The Login phase
• The Verification phase
• The Password change phase
8
The Register phase
U
R1  ID
PW
mod p
S
U  AS:J
computes
S ID  Re d(ID)
CID  CK (SID )
R2  R1X S mod p
S ID , CID , R1 ,
AS  U: Smart card
R2 , p , f
9
The Login phase
U
S
computes R3  S ID  PW
checks R1  IDPW mod p
PW 1
2
computes C 1 R
mod p
C2  f(C1  TU )
TU is thecurrentdate and time
U  AS:LR  (ID,C2 ,TU )
10
The Verification phase
S
U
receives LR at t imeTC
ckecksID
comput esSID  Re d(ID)
checksC ID  C K (SID )
checksTC -TU  ΔT K
checks C2  f(IDX S  TU ) mod p
AS select randomnumber r and comput es
C3  f(IDX S  TS ) , TS is current tmes
i
S key  f(ID,IDS ,C3 ,r)
C4  C3  S key , C5  C3  r
AS  U:(C4 ,C5 ,TS )
11
The Verification phase
U
S
U receives(C4 ,C5 ,TS ) at TL
checksTL -TS  ΔTU
comput es
C3*  f(C1  TS )
K*  C3*  C4
r*  C3*  C5
*
 f(ID,IDS ,C3* ,r* )
Skey
*
and K * for mut ualaut hent icat ion
comparesSkey
*
)
comput esC6  f(C3* ,Skey
U  AS:(ID,C6 )
checksC6  f(C3,Skey )
12
The Password change phase
U
S
U insert his smart card
checks S *ID  R3  PW and comparewith S ID
computes R3*  S ID  PWnew
-1
PWold
*PWnew
2
R R
*
2
then replaces R2 with R2*
*
3
R3 with R
13
Outline
•
•
•
•
Introduction
Notations
Scheme
Conclusions
14
Conclusions
• This scheme not only provides mutual
authentication between the user and server , but
also establishes a common session key to provide
message confidentiality.
• In the password change phase of the propose
protocol , each user can change his password
without connect to any server.
15

similar documents