Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.



Published on

Published in: Technology
  • Be the first to comment


  1. 1. Security Analysis of a Nonce-Based User Authentication Scheme Using Smart Cards Authors: Junghyun NAM, Seungjoo KIM, Sangjoon PARK, Dongho WON1 IEICE TRANSCATIONS on Fundamentals of Electronics, Communications and Computer Sciences Vol.E90-A No.1 pp.299-302, 2007 授課教師:張克章 教授 報告者: M9644008 詹世民
  2. 2. Outline <ul><li>Summary </li></ul><ul><li>Introduction </li></ul><ul><li>Lee et al.’s Authentication Scheme </li></ul><ul><li>Weakness in Lee et al.’s Scheme </li></ul><ul><li>Security Enhancement </li></ul><ul><li>Conclusion </li></ul><ul><li>References </li></ul>
  3. 3. Summary <ul><li>A remote user authentication scheme is a two-party protocol whereby an authentication server in a distributed system confirms the identity of a remote individual logging on to the server over an untrusted, open network. </li></ul><ul><li>Recently, Lee et al. have proposed an efficient nonce-based scheme for remote user authentication using smart cards. Our analysis shows that Lee et al.’s scheme does not achieve its basic aim of authenticating remote users and we recommend some changes to the scheme. </li></ul>
  4. 4. Introduction(1/3) <ul><li>The feasibility of password-based user authentication in remotely accessed computer systems was explored as early as the work of Lamport[11]. </li></ul><ul><li>Most password-based schemes for remote user authentication using smart cards require synchronized clock between the server and all registered users. With timestamps are commonly used to detect replay attacks. </li></ul>
  5. 5. Introduction(2/3) <ul><li>To obviate the need for timestamps : Lee et la. Proposed a new remote user authentication scheme using random numbers called nonces . </li></ul><ul><li>It does not require he server to maintain a password table for verifying the legitimacy of login users. </li></ul><ul><li>It allows users to choose and change their passwords according to their liking and hence gives more user convenience. </li></ul><ul><li>It is extremely efficient in terms of the computational cost. (only a few hash function operations.) </li></ul>
  6. 6. Introduction(3/3) <ul><li>Lee et al.’s scheme does not achieve its fundamental security goal of authenticating remote users. </li></ul><ul><li>Parallel session attack. </li></ul><ul><li>Denial of Service (DOS). </li></ul>
  7. 7. Lee et al.’s Authentication Scheme(1/5) <ul><li>The scheme consists of four phases: </li></ul><ul><li>The registration phase. </li></ul><ul><li>The login phase. </li></ul><ul><li>The verification phase. </li></ul><ul><li>Password Change Procedure. </li></ul>
  8. 8. Lee et al.’s Authentication Scheme(2/5) <ul><li>Registration phase </li></ul>U i AS x be the secret key of the authentication server h be a secure one-way hash function. A user submits his identity ID i and password PW i to the Server for registration via a secure channel.
  9. 9. Lee et al.’s Authentication Scheme(3/5) <ul><li>Login phase </li></ul>U i User inserts his smart card into a card reader and enters his identity ID i and password PW i . Given ID i and PW i , the smart card choose a random number N i and computes. AS
  10. 10. Lee et al.’s Authentication Scheme(4/5) <ul><li>Verification phase </li></ul>? ? If correct, AS accepts the login request; otherwise, AS reject it. If the verification fails, U i aborts the protocol. U i AS
  11. 11. Lee et al.’s Authentication Scheme(5/5) <ul><li>Password Change Procedure </li></ul><ul><li>U i inserts his smart card into a card reader and enters both the current password PW i and the new password PW i ’. </li></ul><ul><li>The smart card compute R i ’ and replaces R i with R i ’. </li></ul>
  12. 12. Weakness in Lee et al.’s Scheme(1/5) <ul><li>The server to accept a login request even from a party who is not registered with the server.  Parallel session attack. </li></ul><ul><li>The password change process.  Denial of Service (DOS) attack. </li></ul>
  13. 13. Weakness in Lee et al.’s Scheme(2/5) <ul><li>Parallel Session Attack </li></ul>AS E AS Original session Parallel session V s ’ is equal
  14. 14. Weakness in Lee et al.’s Scheme(3/5) <ul><li>Parallel Session Attack </li></ul>AS E launches the attack by choosing a random number C E AS chooses a random number N s , computes the values. E
  15. 15. Weakness in Lee et al.’s Scheme(4/5) <ul><li>Parallel Session Attack </li></ul>E AS AS chooses a random number N s ’, computes
  16. 16. Weakness in Lee et al.’s Scheme(5/5) <ul><li>Denial of Service Attack </li></ul><ul><li>The user U i changes R i into an arbitrary value accidentally by entering an incorrect value for the current password by mistake. </li></ul><ul><li>A malicious third party , who does not know the correct password, changes R i into an arbitrary value intentionally by gaining temporary access to U i ’s smart card. </li></ul>
  17. 17. Security Enhancement(1/2) <ul><li>Preventing the Parallel Session Attack </li></ul>
  18. 18. Security Enhancement(2/2) <ul><li>Preventing the Denial of Service Attack </li></ul><ul><li>Providing a means for checking the correctness of the user-given password. </li></ul><ul><li>Requires a password verifier to be stored in the smart card.  new kind of threat, i.e., the dictionary attack. </li></ul>
  19. 19. Conclusion <ul><li>A nonce-based scheme for remote user authentication using smart cards has been proposed in the recent work of Lee et al. </li></ul><ul><li>We have proposed a simple patch which fixes this vulnerability (parallel session attack and denial of service attack). </li></ul>
  20. 20. References(1/3) <ul><li>[1] Anti-Phishing Working Group ( </li></ul><ul><li>[2] S.M. Bellovin and M. Merritt, “Limitations of the Kerberos </li></ul><ul><li>authentication system,” ACM Comput. Commun. Rev., vol.20, </li></ul><ul><li>no.5,pp.119–132, 1990. </li></ul><ul><li>[3] R. Bird, I. Gopal, A. Herzberg, P.A. Janson, S. Kutten, R. Molva, </li></ul><ul><li>and M. Yung, “Systematic design of a family of attack-resistant au- </li></ul><ul><li>thentication protocols,” IEEE J. Sel. Areas Commun., vol.11, no.5, </li></ul><ul><li>pp.679–693, 1993. </li></ul><ul><li>[4] R. Canetti and H. Krawczyk, “Analysis of key-exchange protocols </li></ul><ul><li>and their use for building secure channels,” Eurocrypt’01, LNCS, </li></ul><ul><li>vol.2045, pp.453–474, Springer-Verlag, 2001. </li></ul><ul><li>[5] C.-C. Chang and T.-C. Wu, “Remote password authentication </li></ul><ul><li>With smart cards,” IEE Proc., Comput. Digit. Tech., vol.138, </li></ul><ul><li>no.3,pp.165–168, 1991. </li></ul>
  21. 21. References(2/3) <ul><li>[6] H.-Y. Chien, J.-K. Jan, and Y.-M. Tseng, “An efficient and practi- </li></ul><ul><li>cal solution to remote authentication: Smart card,” Comput. Secur., </li></ul><ul><li>vol.21, no.4, pp.372–375, 2002. </li></ul><ul><li>[7] W. Diffie, P.C. van Oorschot, and M.J. Wiener, “Authentication </li></ul><ul><li>And authenticated key exchange,” Des. Codes Cryptogr., vol.2, </li></ul><ul><li>no.2,pp.107–125, 1992. </li></ul><ul><li>[8] L. Gong, “A security risk of depending on synchronized clocks,” </li></ul><ul><li>ACM SIGOPS Operating Systems Review, vol.26, no.1, pp.49–53, </li></ul><ul><li>1992. </li></ul><ul><li>[9] M.-S. Hwang and L.-H. Li, “A new remote user </li></ul><ul><li>Authentication scheme using smart cards,” IEEE Trans. Consum. </li></ul><ul><li>Electron., vol.46,no.1, pp.28–30, 2000. </li></ul><ul><li>[10] P. Kocher, J. Jaffe, and B. Jun, “Differential power </li></ul><ul><li>analysis,”Crypto’99, LNCS, vol.1666, pp.388–397, Springer-Verlag, </li></ul><ul><li>1999. </li></ul>
  22. 22. References(3/3) <ul><li>[11] L. Lamport, “Password authentication with insecure </li></ul><ul><li>communica-tion,” Commun. ACM, vol.24, no.11, pp.770–772, 1981. </li></ul><ul><li>[12] S.-W. Lee, H.-S. Kim, and K.-Y. Yoo, “Efficient nonce-based re- </li></ul><ul><li>mote user authentication scheme using smart cards,” Appl. Math. </li></ul><ul><li>Comput., vol.167, no.1, pp.355–361, 2005. </li></ul><ul><li>[13] H.-M. Sun, “An efficient remote user authentication scheme </li></ul><ul><li>Using smart cards,” IEEE Trans. Consum. Electron., vol.46, no.4, </li></ul><ul><li>pp.958–961, 2000. </li></ul><ul><li>[14] W.-H. Yang and S.-P. Shieh, “Password authentication schemes </li></ul><ul><li>With smart card,” Comput. Secur., vol.18, no.8, pp.727–733, 1999. </li></ul><ul><li>[15] E.-J. Yoon, E.-K. Ryu, and K.-Y. Yoo, “An improvement of </li></ul><ul><li>Hwang-Lee-Tang’s simple remote user authentication scheme,” </li></ul><ul><li>Comput. Se-cur., vol.24, no.1, pp.50–56, 2005. </li></ul>