Chapter 3 A Secure and Efficient Password Authentication with
3.3 Summary
In this chapter, we have proposed an improvement to overcome the weaknesses of Guo and Chang’s. The proposed method can provide the following characters: (1) no password table is required for the designated servers; (2) users can freely choose their own
passwords; (3) users may update their passwords after registration phase; (4) it supplies mutual authentication between the user and the designated server; (5) session key is generated by the user and the remote server for each session; (6) user anonymity property is provided. Without any public/symmetric key cryptosystem included in the proposed scheme, it is more efficient than that of traditional protocols for the practice applications.
Chapter 4 Efficient User Authentication with Smart Card for Multi-Server Networks
The smart card based password authentication is one of the simplest and most adopted method in remote login environments [21-26]. Nowadays, ubiquitous computing has become very popular where multiple servers are involved in authenticating their users.
Namely, a user can login different servers through mobile networks to obtain diversified services. In traditional remote login methods for a multi-server architecture, a user not only has to log into various remote servers with repetitive registration, but also needs to remember the various user identities and passwords. This will make password authentication extremely inconvenient. In 2004, Lee and Chang proposed a user identification and key distribution scheme for multi-server networks [29]. In their scheme, the user registered at the registration center once and can use all the designated servers for the services.
In multi-server environments, single registration to a trusted registration center is the most important feature and any user could receive desired services from various service providers without repeating registration. Due to the limitation of computational power, a smart card may not be able to afford heavy computations. In 2008, Tsai suggested lightweight computations such as one-way hash function during multi-server authentication processes using smart cards [28]. Recently, there are many hash-based authentication schemes with smart card have been proposed in multi-server environments. Unfortunately, most of them are vulnerable to masquerade attack, insider attack, and the server or the registration center spoofing attack [21,27,35-36].
For enhancing the security of multi-server networks, in 2011, Chang and Cheng proposed a secure and lightweight user authentication method for multi-server architecture [35]. Unfortunately, Li et al. pointed out that Chang and Cheng’s scheme still suffers from
insider attack, smart card lost attack, and session key disclosure attack, and then they also proposed an improvement to overcome Chang and Cheng’s problems [36]. Furthermore, we will find that Li et al.’s scheme is still vulnerable the off-line password guessing attack.
Moreover, in Li et al.’s scheme, it is required registration center to join the authentication and construct the common session key for user and the remote service providers. It will make the registration center to be another security and performance bottleneck, which will bring more communication and computing overlay. Therefore, based on the Chebyshev chaotic maps [15,19], we will propose a new efficient user authentication protocol for multi-server networks. The proposed method not only could resist various attacks but also remedy the weaknesses of Li et al.’s. Compared with other related mechanisms, performance analysis shows that our scheme has much better performance for the real application.
The remainder of this chapter is organized as follows. In the 4.1 section, we introduce some related works. The proposed scheme is presented in section 4.2. In section 4.3, the security analyses and performance of the proposed scheme are stated. Finally, a brief of summary will be made in last section.
4.1 Preliminary
In Subsection 4.1.1, we first introduce Li et al.’s [36] authentication protocol for multi-server environments that will allow us to compare with our scheme in Section 4.3.
The weakness of Li et al.’s is described in Subsection 4.1.2.
4.1.1 Review of Li et al.’s Scheme
In this subsection, we presented Li et al.’s mutual authentication protocol for multi-server environments using smart card [36].Three entities are included: the user (Ui), the remote server (SPj), and the registration center (RC). RC is responsible for registration
of SPj and Ui. When the server (SPj) registers with RC use the identifier SIDj, RC computes a shared secret key KRSj H SID k( j )with SPj, where k is a secret key of RC and H( ) is a one-way hash function only known by RC. Li et al.’s protocol consists of five phases:
registration, login, authentication and key agreement, password change, and smart card revocation phase. The details are listed in the following.
Registration phase:
The new user Ui freely chooses an identity idi and a password pwi. Then, he/she sends the registration message to RC. The steps of this phase are as follows:
(1) Ui computes h id pw r and submits the information id( i i ) i and (h id pw r to RC i i ) through a secure channel, where r is a random number chosen by Ui and h( ) is a one-way public hash function.
(2) RC checks Ui registration information and credit. If it is not valid, RC rejects his/her registration; otherwise RC computes Ui’s account numberTIDi T idi iand stores it in
the RC’s database, whereTIDi T idi iand Ti denotes the number of times for a user Ui registering with RC. Note that the value Ti is used to revoke a smart card in case of lost or stolen of smart cards. In addition, Ti 0if Ui is a new registration user, otherwise RC setsTi n 1 , n represent the registration times, and updates Ti in Ui’s account database if Ui is re-registering in RC.
(3) RC computesi H TID k( i )h id pw r( i i ), and saves (i, (h TIDi), (.), )h Ti into Ui‘s smart card and issues it to Ui over a secure channel.
(4) Ui stores r into his/her smart card and Ui needs not to remember r after finishing this phase.
Login phase:
When Ui wants to login the remote server SPj for asking a service, Ui inserts the smart
card into the card reader and keys his/her identity idi and password pwi. Then, the smart correct, RC terminates this request; otherwise, Ui is authenticated by RC.
(2) RC computes NS 1 KRSj. Then, RC checks the freshness of Nsand the
validity ofh SID TID(( j i)NS)2. If either one is not correct, RC terminates this connection; otherwise, SPj is authenticated by RC.
(3) RC generates a nonce NU computes h N( U)NSNR ,
(4) After receiving the respond message{ , U, S, }, SPj computesh N( S) andSKS h(NS), and verifies whetherh H SID k( ( j )SKS)S. If it is not equal, SPj terminates this phase; otherwise RC and Ui are authenticated by SPj and forwards { , U}to Ui.
(5) Upon receiving the message { , U}from SPj, Ui computesh N( U) and
( )
U U
SK hN , and verifies whetherh H TID k( ( j )SKU)U. If it is not correct, Ui terminates this phase; otherwise RC and SPj are authenticated by Ui and forwards { , U}to Ui. It is obvious thatSKSKS SKU and shared between Ui , SPj, and RC.
Password change phase:
Now suppose user U would like to change his/her password, he/she only requires to i perform the following steps.
(1) U inserts the smart card into the smart card reader and then inputsi id and his/her i old pw . Then, the smart card computes i TIDi T idi i and checks whether
( i) ( i)
h TID h TID . If it is equal, the user U chooses a new passwordi PWM and performs the next steps; otherwise, the device terminates the login request for a period of time.
(2) Computei h id pw r( i i )h id( i pw ri )
(3) Replace i with i on the memory of the smart card.
Smart card revocation phase:
In case of stolen or lost of smart card,U can request RC for the revocation. First, RC i updates the value of Ti and the value of Ti is incremented by one. Then,U can register to i RC without changing his/her original identityid . i
4.1.2 Security Analysis of Li et al.’s Scheme
Li et al. proposed a new efficient mutual authentication protocol for multi-server environments with smart card [36]. They claimed that their protocol can withstand the off-line password guessing and smart card lost attacks even if the adversary can eavesdrop all transmitted messages. However, we will explicitly point out that Li et al.’s scheme is still vulnerable the off-line password guessing attack. Now suppose that the adversary (someoneU ) could extract the data (a i, (h TIDi), (.), , )h T ri which stored on
U si smart card, where TIDi T idi iand i H TID k( i )h id pw r( i i ). In general, the user only remembers a human-memorable identity number. The detail of the attack is described as follows. the adversary could extract the data which stored on one’s smart card. Moreover, in Li
et al.’s scheme, it requires RC to join the authentication and construct the common Chebyshev chaotic maps, we will propose an efficient user authentication protocol for multi-server networks environments. Three entities are included: the user (Ui), the server (SPj), and the registration center (RC). RC is responsible for registration of SPj and Ui. When the authentication, password change, and smart card revocation phase. The details are listed in the following. The login and the authentication phase is shown in Figure 1.
Registration phase:
The new user Ui freely chooses an identity idi and a password pwi. Then, he/she sends the registration message to RC. The steps of this phase are as follows:
(1) Ui computes h id pw r and submits the information id( i i ) i and (h id pw r to RC i i ) through a secure channel, where r is a random number chosen by Ui.
(2) RC checks Ui registration information and credit. If it is not valid, RC rejects his/her registration; otherwise RC computes Ui’s account numberTIDi T idi iand stores it in the RC’s database, whereTIDi T idi iand Ti denotes the number of times for a user Ui registering with RC. Note that the value Ti is used to revoke a smart card in case of lost
or stolen of smart cards. In addition, Ti 0if Ui is a new registration user, otherwise RC setsTi n 1, n represent the registration times, and updates Ti in Ui’s account database if Ui is re-registering in RC.
(3) RC computes si h TID k( i )h id pw r( i i ) and Ai h h TID k( ( i )idi) , then saves ( ,s A hi i, (.), )T into Ui i’s smart card and issues it to Ui over a secure channel.
(4) Ui stores r into his/her smart card and Ui needs not to remember r after finishing this phase.
Login and authentication phase:
When Ui wants to login the remote server SPj for asking a service, Ui inserts the smart card into the card reader and keys his/her identity idi and password pwi. Then, the smart card performs the following steps:
(1) The smart card computesTIDi T idi i, (h id pw r , andi i ) si h id pw r( i i ), then verifies whether Ai h(idi). If it does not hold, this login is terminated by the smart card; otherwise, the smart card calculates the value of Chebyshev polynomial
u( )
T x ,Bh( n SIDu j)T xu( ), C x T xu( )and yi h( T x C nu( ) u). Next,
it transmits{TID SID B C n yi, j, , , u, i} to RC, where nu , x,and u are the nonce selected by the device.
(2) After receiving the login request{TID SID B C n yi, j, , , u, i}, RC checks the validity ofTID and SIDi j. If they are not valid, RC rejects this login request; otherwise, RC computes h TID k( i ) and derives the valueT xu( ) B h( n SIDu j) . Next, RC
verifies the freshness ofnu and the validity of yi h( T x C nu( ) u). If either one is not correct, RC terminates this request; otherwise, Ui is authenticated by RC.
(3) RC computespj h KRS T x C( j u( ) ) andCij h KRS TID n( j i u)T xu( ); then sends
{p TID C n Cj, i, , u, ij}to the remote server SPj.
for a period of time.
(2) Computesi si h id pw r( i i )h id pw r( i i )
(3) Replace s with i si on the memory of the smart card.
Figure 1. The Proposed of Login and Authentication Phase
__________________________________________________________________________
Smart card revocation phase:
In case of stolen or lost of smart card,U can request RC for the revocation. First, RC i updates the value of Ti and the value of Ti is increased by one. Then,U can register to RC i again without changing his/her original identityid . i
4.3 Discussions
In this section, we are going to explore the securities and the performances of the proposed protocol.
4.3.1 Security Analyses
. In this section, we analyze the security of the improved method as follows. Based on Chebyshev chaotic maps, our scheme can overcome the weaknesses indicated above of Section 4.1.2. The security analysis between the proposed scheme and Li et al. are shown in Table 1. The proposed scheme has several security properties as follows:
(1) Security of the system secret
In our protocol, only the RC contains the secret k, the users and the remote servers know nothing about it. For a user Ui, even if he/she extracts the
In Step 1 of login and authentication phase of the proposed protocol, a random number nu
is generated by Ui which makes all login messages dynamic and valid for that session only. Therefore, the proposed method could withstand the replay attacks from the random nonce in different sessions.
(3) On-line and off-line password guessing attacks
Now assume that the malicious user has a smart card-lost of some user Ui. From the above proposed scheme, the malicious user uses this card and inputs idi and guessing the password pwi to perform the login and authentication with RC.
Accordingly, in Step1 of login and authentication phase, the device calculates
i i i
TIDT id, h id pw r( i i ), si h id pw r( i i ), and Aih(idi), then checks whether Ai Ai . If it is not equal, the device terminates this login request for a period of time. Therefore, in the on-line password guessing, it is very difficult for the adversary to guess Ui’s password and identity correctly at the same time, then verify the correction of Ai h(idi) for h TID k( i ) . Hence, without knowing the validity of idi and pw , the on-line password guessing attack will not be arisen by i the proposed method. A failed guess could be detected and logged by the device.
On the other hand, suppose that the malicious user could extract the information
Moreover, even if the adversary could eavesdrop all transmitted messages {TID SID B C n yi, j, , , u, i} , {p TID C n Cj, i, , u, ij} , { , (D h TID SK ni u)} ,
( j )
h SID SK between Ui, RC, and the server SPj. Without the right information ( ,s A hi i, (.), , )T r which is stored in one’s smart card, it is computationally i intractable to obtain the same password pw from the above all transmitted messages. i Therefore, the proposed method could resist the off-password guessing attack.
(4)The insider attack
In the registration of our method, the user Ui sends the hash value
( i i )
h id pw r instead of the password pw to the registration center RC, where r is a i random number generated by the user. The privileged insider RC cannot easily obtain the password since it is protected by the secure hash function and random number r.
Therefore, the proposed scheme could against the insider attack.
(5) The forgery attack same time, it is very difficult for the adversary to derive the right login messa ges and pass the verification process with RC. As a result, the adversary could not easily achieve forgery or impersonation attacks in our proposed method.
(6) Provide mutual authentication mechanism could achieve mutual authentication between the login user and the service provider by means of the random number nu and the session key SK. Thus, the mutual authentication property is provided for the proposed protocol.
(7) Forward and backward securities
computationally infeasible for the adversary to derive the session key SK from B and Cij. Even if an intruder obtains the current session key SK, it is not easy for him to obtain the current value and KRSj from B and Cij. That is protected under the one-way hash functionh( ) . The probability of obtaining the exactly and KRSj are equivalent to performing an exhaustive search on and KRSj. Moreover, the nonce x, u, v, andn are u used for only once. Therefore, the intruder cannot derive private messages from the past.
For SK is used for one time only, even if the intruder obtains the current session key SK, it is not helpful for him to obtain past communication or future transactions. Thus, the proposed protocol could achieve forward security and backward security even if the current session key SK has been compromised.
Table 1. Comparisons of Security analysis for two schemes
Li et al’s protocol Our protocol
Replay Attack ○ ○
Password Guessing Attack ○
Insider Attack ○ ○
Forgery Attack ○ ○
Forward/Backward Security ○
4.3.2 Performance
To the best of our knowledge, Li et al. proposed a user authentication mechanism for multi-server environments which is more efficient than most of previously proposed schemes [36]. For this reason, we only compare the proposed scheme with Li et al.’s scheme. We use the Chebyshev polynomials to achieve the mutual authentication and establish the common session key. For the Chebyshev chaotic map [15,19], given y, it is very hard to find the exact parameters x and n such thatyT xn( ). Thus, without knowing
x,T x , andu( ) T x , the adversary is computationally intractable to obtain the exact u and v v( ) from our transmission messages B, C, and D. The security of the proposed protocol no longer totally relies on the hard problem of high-degree polynomials. Therefore, it is not necessary for the user Ui and the server SPj to select larger numbers u and v to computeT x andu( ) T x in the login and authentication phase. Hence, no time-consuming v( ) modular exponential computing and scalar multiplication on elliptic are required in our authentication processes.
With regard to efficiency, we define related notations to analyze the computational complexity. The notation T means the time for one Chebyshev polynomial computation, and h denotes the time for executing the adopted one-way hash function in one’s scheme.
Note that the times for computing modular addition and exclusive-or are ignored, since they are much smaller than T and h. The detail of time complexity comparisons of login and authentication phase between the proposed scheme and Li et al. are shown in Table 2, respectively. As shown in Table 2, the proposed scheme requires six hash functions (6h) and two Chebyshev polynomial computations (2T) for the user side; four hash functions (4h) and two Chebyshev polynomial computations (2T) for the server; and only five hash functions (5h) for the registration center RC. It is obvious that the proposed scheme has better performance than Li et al,’s in the registration center RC. The overhead of computation could be reduced for the RC. It could remedy the weakness of Li et al.’s scheme. Comparing with Li et al.’s, the overhead of few additional hash function and Chebyshev polynomial computations is not significant in the user and remote server sides.
In addition, Li et al’s authentication protocol for multi-server environments is still vulnerable the off-line password guessing attack. Therefore, our proposed user authentication method for multi-server networks is more efficient than most of previously proposed schemes.
Table 2. Comparisons of computation for two schemes
Schemes Li et al.’s scheme Our proposed scheme
Computations for user to achieve authentication
6h 6h + 2T
Computations for the server to achieve authentication
3h 4h + 2T
Computations for the registration center to achieve authentication
10h 5h
4.4 Summary
Remote authentication is important to protect a network server against malicious remote users in distributed systems. Based on the Chebyshev chaotic maps, we propose a secure user authentication protocol for multi-server networks. Only one-way hash function and simple polynomial computations are involved in our protocol. It is very practical for applications. Moreover, the proposed scheme could reduce the overhead of computation for the registration center.
Chapter 5 Conclusions and Future Researches
In this dissertation, we have investigated concerning the secure and efficient user authentication with smart card for wireless networks. We give a brief review of the conclusions as follows.
In chapter 3, we have proposed a new efficient password authentication with smart card based on chaotic map. Contrary to the traditional public key cryptosystem based mutual authentication key agreement protocols, our scheme is more secure and efficient for applications. Moreover, the proposed method has the following properties: (1) no password table is required for the designated servers; (2) users can freely choose their own passwords; (3) users may update their passwords after registration phase; (4) it supplies mutual authentication between the user and the designated server; (5) session key is generated by the user and the remote server for each session; (6) user anonymity property is provided.
Nowadays, ubiquitous computing has become very popular where multiple servers are involved in authenticating their users. Namely, a user can login different servers through mobile networks to obtain diversified services. Single registration and user authentication are important issues for multi-server environments. In chapter 4, based on the Chebyshev chaotic maps [16-17], we have proposed a new efficient user authentication protocol for multi-server networks. Only one-way hash function and simple polynomial computations are involved in our protocol. It is very practical for applications. In addition, the proposed scheme could reduce the overhead of computation for the registration center.
More importantly, in these two scheme, no time-consuming modular exponential
More importantly, in these two scheme, no time-consuming modular exponential