多媒體網路安全實驗室 A novel user identification scheme with key distribution preserving...

多媒體網路安全實驗室

A novel user identification scheme with key distribution preserving user

anonymity for distributed computer networks

A novel user identification scheme with key distribution preserving user

anonymity for distributed computer networks

Date:2011/10/05報告人：向峻霈

出處 : Wen-Shenq Juang, Sian-Teng Chen, and Horng-Twu Liaw IEEE Transactions on Industrial Electronics

, VOL.55, NO.6 ,2008


Outline

Introduction1

Proposed scheme2

Security Analysis33

Functionality comparison44

Conclusion35

2


Introduction

In various network environments, if a user needs to use or control a remote server

needs to pass the authentication scheme

3


IntroductionFan et al. proposed a robust remote authentication

scheme with smart cardsAdvantages

low computation for smart cards no password table passwords chosen by the users themselves withstanding the replay attack server authentication withstanding the dictionary attack revoking the lost cards without changing the users’

identities

4


Introduction

Drawbacks

no ability of anonymity

higher computation and communication cost

no session key agreement

cannot prevent the insider attack

5


Parameter generation phase

Server sets up the system parameters Chooses a large prime number P Fp :y2 = x3 +ax+b mod P 4a3+27b2 mod P ≠ 0, G is a generator point of a large order n selects a random number x Computes a corresponding public key

Pki = Xi x G //Xi -> secret key

(PS,P,Ep,G,n) ->publish

6

Pp Z ,bZa

OGn


Registration phase

7

Client Server{ IDi,h( PWi || b) }

bi =Es( h(PW||b) ||IDi||CIi|| h(IDi||CIi||h(PWi||b)) )Vi = h(IDi,s,CIi)

Card =( IDi,CIi,bi,vi )

Card =( IDi,CIi,bi,vi,b )

CI ID

1 ID1

2 ID2

… …

n IDn

tag

smart card


e = r * Gc = r * Ps = r * x * G//as a point over Ep

Precomputation Phase c e

use in the log-in phase


Log-in phase

8

ServerEvi(e),bi

s->decrypts biVi = h(IDi,s,CIi) -> decrypts Evi(e)

IDi is in the registrationCIi is stored in the registration table------------------check okc = r * x * GMS = h(c || u || Vi)

smart card

e = r * Gc = r * Ps = r * x * GVi = h(IDi,s,CIi)

IDi||CIi||h(PWi||b))

u,Ms

Checks Ms

MU = h(h(PWi||b)||Vi||c||u)Sk = h(Vi,c,u)

MU

Checks

Checks MU

Sk = h(Vi,c,u)


Password-Changing Phase

9

ServerEsk(IDi,h(PWi*||b*))

bi* =Es( h(PWi*||b*) ||IDi||CIi|| h(IDi||CIi||h(PWi*||b*)) )

smart card


Security analysis

Mutual authenticationPreventing the replay attackPreventing the insider attackPreventing the Offline Dictionary Attack Without

the Smart cardPreventing the Offline Dictionary Attack With the

Smart Card

10


Log-in phase

11

ServerEvi(e),bi



smart card



u,Ms

Checks Ms


MU

Checks

Checks MU

Sk = h(Vi,c,u)

Mutual Authentication


Log-in phase

12

ServerEvi(e),bi



smart card



u,Ms

Checks Ms


MU

Checks

Checks MU

Sk = h(Vi,c,u)

Preventing the replay attack


Registration phase

13

Client Server{ IDi,h( PWi || b) }

bi =Es( h(PW||b) ||IDi||CIi|| h(IDi||CIi||h(PWi||b)) )Vi = h(IDi,s,CIi)

Card =( IDi,CIi,bi,vi )


CI ID

1 ID1

2 ID2

… …

n IDn

smart card


e = r * Gc = r * Ps = r * x * G//as a point over Ep

Precomputation Phase c e

use in the log-in phasePreventing the insider attack


Log-in phase

14

ServerEvi(e),bi



smart card



u,Ms

Checks Ms


MU

Checks

Checks MU

Sk = h(Vi,c,u)

Preventing the offline dictionary attack without the smart card


Log-in phase

15

ServerEvi(e),bi



smart card



u,Ms

Checks Ms


MU

Checks

Checks MU

Sk = h(Vi,c,u)

Preventing the Offline Dictionary Attack With the Smart Card


Cost and Functionality Consideration

16


17

E1: computation cost of registrationE2: computation cost of the precomputation phase for the clientE3: computation cost of login for the clientE4: computation cost of login for the server


Functionality comparison

C1 : low communication and computation cost C2 : no password table C3 : users can choose the password by themselves C4 : no Time-Synchronization Problem C5 : mutual authentication C6 : revoking a lost card without changing the user’s identity C7 : identity protection C8 : session key agreement C9 : preventing the offline dictionary attack with the secret

information stored in the smart card

18


Functionality comparison

19

Yang &Shiehscheme

Hwang &Li

scheme

Fan et alscheme

Juang scheme

Sunscheme

Chien et al

scheme

The propose

dscheme

C1 X X O O O O O

C2 O O O O O O O

C3 O X X O X O O

C4 O X X O X X O

C5 X X O O X O O

C6 X X X X X X O

C7 X X X X X X O

C8 X X O O X X O

C9 X X X X X X O


Conclusion

Low Communication and Computation Cost

No Password Table

Choosing and Changing of Passwords by Users

No Time-Synchronization Problem

Identity Protection

Revoking the Lost Cards Without Changing

Session Key Agreement20

多媒體網路安全實驗室 A novel user identification scheme with key distribution preserving...

Documents

Transcript of 多媒體網路安全實驗室 A novel user identification scheme with key distribution preserving...