2007

378 views
349 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
378
On SlideShare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • The Institute of Electronics, Information and Communication Engineers. Nonce :其實就是亂數,與亂數的區在於其定義此亂數值僅只能被使用過一次,每次使用的亂數不會出現重覆的情況。 優點:可以避免重送攻擊,且解決系統時間同步的問題。 缺點:遠端伺服器內須儲存相關資訊的資料表,用以記錄曾經使用過的 nonce 值,才可確保傳送過來的認證資訊確實有進行更新。
  • 2007

    1. 1. Security Analysis of a Nonce-Based User Authentication Scheme Using Smart Cards Authors: Junghyun NAM, Seungjoo KIM, Sangjoon PARK, Dongho WON1 IEICE TRANSCATIONS on Fundamentals of Electronics, Communications and Computer Sciences Vol.E90-A No.1 pp.299-302, 2007 授課教師:張克章 教授 報告者: M9644008 詹世民
    2. 2. Outline <ul><li>Summary </li></ul><ul><li>Introduction </li></ul><ul><li>Lee et al.’s Authentication Scheme </li></ul><ul><li>Weakness in Lee et al.’s Scheme </li></ul><ul><li>Security Enhancement </li></ul><ul><li>Conclusion </li></ul><ul><li>References </li></ul>
    3. 3. Summary <ul><li>A remote user authentication scheme is a two-party protocol whereby an authentication server in a distributed system confirms the identity of a remote individual logging on to the server over an untrusted, open network. </li></ul><ul><li>Recently, Lee et al. have proposed an efficient nonce-based scheme for remote user authentication using smart cards. Our analysis shows that Lee et al.’s scheme does not achieve its basic aim of authenticating remote users and we recommend some changes to the scheme. </li></ul>
    4. 4. Introduction(1/3) <ul><li>The feasibility of password-based user authentication in remotely accessed computer systems was explored as early as the work of Lamport[11]. </li></ul><ul><li>Most password-based schemes for remote user authentication using smart cards require synchronized clock between the server and all registered users. With timestamps are commonly used to detect replay attacks. </li></ul>
    5. 5. Introduction(2/3) <ul><li>To obviate the need for timestamps : Lee et la. Proposed a new remote user authentication scheme using random numbers called nonces . </li></ul><ul><li>It does not require he server to maintain a password table for verifying the legitimacy of login users. </li></ul><ul><li>It allows users to choose and change their passwords according to their liking and hence gives more user convenience. </li></ul><ul><li>It is extremely efficient in terms of the computational cost. (only a few hash function operations.) </li></ul>
    6. 6. Introduction(3/3) <ul><li>Lee et al.’s scheme does not achieve its fundamental security goal of authenticating remote users. </li></ul><ul><li>Parallel session attack. </li></ul><ul><li>Denial of Service (DOS). </li></ul>
    7. 7. Lee et al.’s Authentication Scheme(1/5) <ul><li>The scheme consists of four phases: </li></ul><ul><li>The registration phase. </li></ul><ul><li>The login phase. </li></ul><ul><li>The verification phase. </li></ul><ul><li>Password Change Procedure. </li></ul>
    8. 8. Lee et al.’s Authentication Scheme(2/5) <ul><li>Registration phase </li></ul>U i AS x be the secret key of the authentication server h be a secure one-way hash function. A user submits his identity ID i and password PW i to the Server for registration via a secure channel.
    9. 9. Lee et al.’s Authentication Scheme(3/5) <ul><li>Login phase </li></ul>U i User inserts his smart card into a card reader and enters his identity ID i and password PW i . Given ID i and PW i , the smart card choose a random number N i and computes. AS
    10. 10. Lee et al.’s Authentication Scheme(4/5) <ul><li>Verification phase </li></ul>? ? If correct, AS accepts the login request; otherwise, AS reject it. If the verification fails, U i aborts the protocol. U i AS
    11. 11. Lee et al.’s Authentication Scheme(5/5) <ul><li>Password Change Procedure </li></ul><ul><li>U i inserts his smart card into a card reader and enters both the current password PW i and the new password PW i ’. </li></ul><ul><li>The smart card compute R i ’ and replaces R i with R i ’. </li></ul>
    12. 12. Weakness in Lee et al.’s Scheme(1/5) <ul><li>The server to accept a login request even from a party who is not registered with the server.  Parallel session attack. </li></ul><ul><li>The password change process.  Denial of Service (DOS) attack. </li></ul>
    13. 13. Weakness in Lee et al.’s Scheme(2/5) <ul><li>Parallel Session Attack </li></ul>AS E AS Original session Parallel session V s ’ is equal
    14. 14. Weakness in Lee et al.’s Scheme(3/5) <ul><li>Parallel Session Attack </li></ul>AS E launches the attack by choosing a random number C E AS chooses a random number N s , computes the values. E
    15. 15. Weakness in Lee et al.’s Scheme(4/5) <ul><li>Parallel Session Attack </li></ul>E AS AS chooses a random number N s ’, computes
    16. 16. Weakness in Lee et al.’s Scheme(5/5) <ul><li>Denial of Service Attack </li></ul><ul><li>The user U i changes R i into an arbitrary value accidentally by entering an incorrect value for the current password by mistake. </li></ul><ul><li>A malicious third party , who does not know the correct password, changes R i into an arbitrary value intentionally by gaining temporary access to U i ’s smart card. </li></ul>
    17. 17. Security Enhancement(1/2) <ul><li>Preventing the Parallel Session Attack </li></ul>
    18. 18. Security Enhancement(2/2) <ul><li>Preventing the Denial of Service Attack </li></ul><ul><li>Providing a means for checking the correctness of the user-given password. </li></ul><ul><li>Requires a password verifier to be stored in the smart card.  new kind of threat, i.e., the dictionary attack. </li></ul>
    19. 19. Conclusion <ul><li>A nonce-based scheme for remote user authentication using smart cards has been proposed in the recent work of Lee et al. </li></ul><ul><li>We have proposed a simple patch which fixes this vulnerability (parallel session attack and denial of service attack). </li></ul>
    20. 20. References(1/3) <ul><li>[1] Anti-Phishing Working Group (http://www.antiphishing.org). </li></ul><ul><li>[2] S.M. Bellovin and M. Merritt, “Limitations of the Kerberos </li></ul><ul><li>authentication system,” ACM Comput. Commun. Rev., vol.20, </li></ul><ul><li>no.5,pp.119–132, 1990. </li></ul><ul><li>[3] R. Bird, I. Gopal, A. Herzberg, P.A. Janson, S. Kutten, R. Molva, </li></ul><ul><li>and M. Yung, “Systematic design of a family of attack-resistant au- </li></ul><ul><li>thentication protocols,” IEEE J. Sel. Areas Commun., vol.11, no.5, </li></ul><ul><li>pp.679–693, 1993. </li></ul><ul><li>[4] R. Canetti and H. Krawczyk, “Analysis of key-exchange protocols </li></ul><ul><li>and their use for building secure channels,” Eurocrypt’01, LNCS, </li></ul><ul><li>vol.2045, pp.453–474, Springer-Verlag, 2001. </li></ul><ul><li>[5] C.-C. Chang and T.-C. Wu, “Remote password authentication </li></ul><ul><li>With smart cards,” IEE Proc., Comput. Digit. Tech., vol.138, </li></ul><ul><li>no.3,pp.165–168, 1991. </li></ul>
    21. 21. References(2/3) <ul><li>[6] H.-Y. Chien, J.-K. Jan, and Y.-M. Tseng, “An efficient and practi- </li></ul><ul><li>cal solution to remote authentication: Smart card,” Comput. Secur., </li></ul><ul><li>vol.21, no.4, pp.372–375, 2002. </li></ul><ul><li>[7] W. Diffie, P.C. van Oorschot, and M.J. Wiener, “Authentication </li></ul><ul><li>And authenticated key exchange,” Des. Codes Cryptogr., vol.2, </li></ul><ul><li>no.2,pp.107–125, 1992. </li></ul><ul><li>[8] L. Gong, “A security risk of depending on synchronized clocks,” </li></ul><ul><li>ACM SIGOPS Operating Systems Review, vol.26, no.1, pp.49–53, </li></ul><ul><li>1992. </li></ul><ul><li>[9] M.-S. Hwang and L.-H. Li, “A new remote user </li></ul><ul><li>Authentication scheme using smart cards,” IEEE Trans. Consum. </li></ul><ul><li>Electron., vol.46,no.1, pp.28–30, 2000. </li></ul><ul><li>[10] P. Kocher, J. Jaffe, and B. Jun, “Differential power </li></ul><ul><li>analysis,”Crypto’99, LNCS, vol.1666, pp.388–397, Springer-Verlag, </li></ul><ul><li>1999. </li></ul>
    22. 22. References(3/3) <ul><li>[11] L. Lamport, “Password authentication with insecure </li></ul><ul><li>communica-tion,” Commun. ACM, vol.24, no.11, pp.770–772, 1981. </li></ul><ul><li>[12] S.-W. Lee, H.-S. Kim, and K.-Y. Yoo, “Efficient nonce-based re- </li></ul><ul><li>mote user authentication scheme using smart cards,” Appl. Math. </li></ul><ul><li>Comput., vol.167, no.1, pp.355–361, 2005. </li></ul><ul><li>[13] H.-M. Sun, “An efficient remote user authentication scheme </li></ul><ul><li>Using smart cards,” IEEE Trans. Consum. Electron., vol.46, no.4, </li></ul><ul><li>pp.958–961, 2000. </li></ul><ul><li>[14] W.-H. Yang and S.-P. Shieh, “Password authentication schemes </li></ul><ul><li>With smart card,” Comput. Secur., vol.18, no.8, pp.727–733, 1999. </li></ul><ul><li>[15] E.-J. Yoon, E.-K. Ryu, and K.-Y. Yoo, “An improvement of </li></ul><ul><li>Hwang-Lee-Tang’s simple remote user authentication scheme,” </li></ul><ul><li>Comput. Se-cur., vol.24, no.1, pp.50–56, 2005. </li></ul>

    ×