A Note on a User Friendly
Remote Authentication Scheme
with Smart Cards
Author: Shyi-Tsong WU, and Bin-Chang CHIEU
Source: IEICE Trans. Fundamentals, Vol. E87-A, No. 8
August 2004, pp. 2180-2181
Speaker: Yi-Chiao Tan
Date: 2004/11/3
OUTLINE
•
•
•
•
•
Introduction
Sun’s Scheme
Wu-Chieu’s Scheme
Weakness of Wu-Chieu’s Scheme
A Modified Scheme
Introduction
• Remote authentication scheme’s three phase
– Registration phase
– Login phase
– Authentication phase
Sun’s Scheme
• Registration phase
User
PWi PWi =System
h(IDi,x)
IDi
• Login phase
User
PWi
Time = T
Card
m
=
C1, T}
C1
= {IDi,
h(T⊕PWi)
Reader
System
• Authentication phase
m = {IDi, C1, T}
C1System
?=
C1
PWi
= h(IDi,x)
C1’ = h(T⊕PWi)
Wu and Chieu’s Scheme
g
• Registration phase
User
PWi
IDi
IDi
• Login phase
User
PWi
p
Ai = h( IDi ,X )
Smart Card
System
Bi =gAi˙h(PWi) mod p
h( )
Bi
Ai
Time = T
Card
Reader
Bi*
mod p
C1=g=Ai˙h(PWi)
h (T⊕Bi)
System
• Authentication phase
m = {IDi, Bi*, C1, T}
m = {IDi, Bi*, C1, T}
System
C1’ = h(T⊕Bi*)
C1’ ?= C1
Weakness of Wu-Chieu’s
Scheme
SYSTEM
Attack
m’ = {IDi, bi*,c1,t}
bi*
C1* = h (T⊕Bi*)
A Modified Scheme
CARD READER
g
PWi
g
p
h( )
Di*
p
=gh(PWi)
p
Ai
mod
Di*
h( )
IDi
Bi
Smart Card
Ai = h( IDi ,X )
Bi
CARD READER
C1 = h (T⊕Bi)
SYSTEM
Bi*
C1* = h (T⊕Bi*)
Bi* = (Di*)Ai
Mod p
m = {IDi, Di*, C1,T}
Bi
Di*
Security Analysis
With the message m = {IDi, Di*, C1,T}
From card reader to system
• An adversary cannot forge another
message with a valid C1.
C1 = h (T⊕Bi)
• It is infeasible to calculate the legitimate
user password from Di*.
Di* =gh(PWi) mod p
• Even the password is compromised,
without the system secret key x, to pass
the authentication is also impossible.
Bi* = (Di*)Ai mod p