电子商务与数位生活研讨会.ppt

Further Security Enhancement for Optimal Strong-Password Authentication Protocol
Tzung-Her Chen, Gwoboa Horng,
Wei-Bin Lee ,Kuang-Long Lin

3/27/2004
電子商務與數位生活研討會
1
Outline
Introduction
Review of Ku-Chen scheme
The problem of Ku-Chen scheme
The proposed scheme
Security Analysis
Conclusions
電子商務與數位生活研討會
2
Introduction
In 2000, Sandirigama et al. proposed SAS scheme lowered storage, processing, and transmission overheads.
In 2001, Lin, Sun, and Hwang proposed an enhanced password authentication scheme, called the OSPA.
電子商務與數位生活研討會
3
Introduction
In 2002,OSPA protocol has been shown vulnerable to the stolen-verifier attack and the impersonation attack.
In 2003, Ku and Chen proposed a new improved version for the OSPA protocol
In this paper, an improved scheme with mutual authentication is proposed.
電子商務與數位生活研討會
4
Review of Ku-Chen scheme
Notation:
h(.) : collision-resistant hash function
T : login times
k : long-term secret key
: exclusive-or operation
電子商務與數位生活研討會
5
Review of Ku-Chen scheme
Registration phase

Authentication phase
電子商務與數位生活研討會
6
ID, h2(PW 1)
Chooses his identity ID and password PW putes h2(PW 1)
Calculates verifier v1=h2(PW 1)h(ID k)
Store {ID, v1,T=1} into the verification table
電子商務與數位生活研討會
7
ID, service request
T=i
c1=h(PW i)h2(PW i)
c2=h2(PW (i +1))h(PW i)
c3=h(h3(PW (i +1))T)
Find i from verification table by the ID
電子商務與數位生活研討會
8
Check c1, c2
c1,c2,c3
Get h2(PW i)
by vi h(ID k)
y1=c1h2(PW i)=h(PW i)
y2=c2y1=h2(PW (i +1))
Check if
h(y1)=h2(PW  i)
h(h(y2) T)=c3
vi+1=h2(PW (i +1))h(IDk) Store ID ,T=i+1, and vi+1
電子商務與數位生活研討會
9
The problem of Ku-Chen scheme
The user is authenticated by the remote server.
But, remote server is not authenticated by the user (Server impersonation attack ).
電子商務與數位生活研討會
10