A Flexible Remote User Authentication Scheme Using Smart

A Flexible Remote User Authentication Scheme Using Smart Cards Source：ACM SIGOPS Operating Systems Review, July 2002 Author：Cheng-Chi Lee, Min-Shiang Hwang, Wei-Peng Yang Speaker：Yi-Chun Lo Team member： Sheng-Lung Cheng, Liang-Chi Chen Date： 12/22/2003

Outline n n Introduction Literature Reviews n n n The Hwang-Li’s Scheme The Sun’s Scheme Our Scheme Security Analysis Efficiency Conclusions

Introduction n Based on El. Gamal’s cryptosystem, Hwang and Li proposed a remote user authentication scheme using smart cards [6]. Sun proposed an efficient remote use authentication scheme using smart cards [9]. We shall propose a new scheme that allows users to freely choose and change their passwords without significantly increasing the computation cost.

Literature Reviews－ The Hwang-Li’s Scheme n Registration Phase n ：a secret key for the server P：a large prime number of 1024 bits Login Phase n n n Randomly choose an integer r Calculate where T is the current date and time, and ⊕ denotes an exclusive operation

Literature Reviews－ The Hwang-Li’s Scheme(cont. ) n n Calculate Send the messages to the server Authentication Phase n n Check the validity of where is the moment when the server receives the message from , the time interval denotes the expected legal time interval for transmission delay.

Literature Reviews－ The Hwang-Li’s Scheme(cont. ) n Calculate and Check

Literature Reviews－ The Sun’s Scheme n Registration Phase n Login Phase n n n Calculate Send the message to the server Authentication Phase n n Steps 1 and 2 are the same as those in the Hwang-Li’s scheme Calculate and then compare and

Our Scheme n Registration Phase n Login Phase n n n Calculate Send the message to the server

Our Scheme (cont. ) n Authentication Phase n n n Check the validity of Check the time interval between If Check the equation and

Our Scheme (cont. ) n If the remote user wants to change his/her password , he/she only has to perform the procedures below: n n Calculate Select his/her new password and then calculate Calculate Store into his/her smart card in place of

Security Analysis n n Because the one-way function is computationally difficult to invert , it is extremely hard for the user to derive the secret key of the server from Equation. No one can forge a valid because can only be derived from and

Security Analysis (cont. ) n n The added time-stamp T prevents the replay attack. However, if T is changed , Step 3 in the authentication phase cannot be passed. If a smart card is lost , no one can impersonate the smart card owner to login the server. The intruder will not know the user’s password , and he cannot compute. In addition , if an intruder only knows he still cannot derive and.

Efficiency

Conclusion n n In this article , we have proposed a simple and efficient remote user authentication scheme. The proposed scheme has succeeded in allowing a user to freely change and choose his password without significantly increasing the computation cost.