Efficient multiserver authentication scheme based on oneway hash

  • Slides: 18
Download presentation
Efficient multi-server authentication scheme based on one-way hash function without verification table Jia-Lun Tsai

Efficient multi-server authentication scheme based on one-way hash function without verification table Jia-Lun Tsai Computers & Security Volume 27, Issues 3 -4, May-June 2008, Pages 115 -121

Outline Introduction n Proposed scheme n Comparisons n Conclusions n Comments n 2

Outline Introduction n Proposed scheme n Comparisons n Conclusions n Comments n 2

Introduction Password-based security mechanism (with verification table) Single server authentication scheme Multi-server authentication scheme

Introduction Password-based security mechanism (with verification table) Single server authentication scheme Multi-server authentication scheme 3

The proposed scheme n 3 roles: ¨ Users ¨ Servers ¨ Registration n center

The proposed scheme n 3 roles: ¨ Users ¨ Servers ¨ Registration n center 4 phases: ¨ User registration phase ¨ Login phase ¨ Authentication server and registration center phase ¨ Authentication server and user phase 4

Notations (Nc, Ns, NRC) x : the user secret key maintained by the RC

Notations (Nc, Ns, NRC) x : the user secret key maintained by the RC y : the server secret key maintained by the RC 5

User Registration Phase Registration Center RC User Uu Secure channel Server Sj 6

User Registration Phase Registration Center RC User Uu Secure channel Server Sj 6

Login Phase User Uu Server Sj 7

Login Phase User Uu Server Sj 7

Authentication Server and Registration Center Phase (case 1) Server Sj Registration Center RC Verify

Authentication Server and Registration Center Phase (case 1) Server Sj Registration Center RC Verify Sj Verify RC 8

Authentication Server and Registration Center Phase (case 2) Server Sj Registration Center RC 9

Authentication Server and Registration Center Phase (case 2) Server Sj Registration Center RC 9

Authentication Server and User Phase User Uu Server Sj Verify Uu 10

Authentication Server and User Phase User Uu Server Sj Verify Uu 10

Security Analysis (1/2) n Replay Attack ¨ Random n nonces differ among sessions Stolen-verifier

Security Analysis (1/2) n Replay Attack ¨ Random n nonces differ among sessions Stolen-verifier Attack ¨ No verification table Server Spoofing ¨ An attacker must has Security of Session key ¨ Session key is generated from 11

Security Analysis (2/2) n n n Registration Center Spoofing ¨ Server can use to

Security Analysis (2/2) n n n Registration Center Spoofing ¨ Server can use to verify the RC Security of the User Authentication Key ¨ User authentication key Impersonation Attack ¨ Use to protect 12

Efficiency comparison 13

Efficiency comparison 13

Comparison 14

Comparison 14

Conclusions The proposed scheme is based on the nonce and one-way hash function. n

Conclusions The proposed scheme is based on the nonce and one-way hash function. n The computation cost is low. n It is necessary to select a safe one-way hash function. n 15

Comments RFID n Uu 匿名 n ¨ IDu NC Sj 不知IDu , NC RC

Comments RFID n Uu 匿名 n ¨ IDu NC Sj 不知IDu , NC RC knows SK between Uu and Sj n C 8 移除 n 16

IDu Nc 17

IDu Nc 17

18

18