A Pairing-Based User Authentication Scheme for Wireless Clients with Smart Cards
description
Transcript of A Pairing-Based User Authentication Scheme for Wireless Clients with Smart Cards
![Page 1: A Pairing-Based User Authentication Scheme for Wireless Clients with Smart Cards](https://reader035.fdocuments.in/reader035/viewer/2022062806/56814e56550346895dbbea53/html5/thumbnails/1.jpg)
A Pairing-Based User Authentication Scheme for Wireless Clients with
Smart Cards
Authors: Yuh-Min TSENG, Tsu-Yang WU, Jui-DiWU
Source: Informatica: International Journal, Vol.19, No.2, pp.285-302, 2008
![Page 2: A Pairing-Based User Authentication Scheme for Wireless Clients with Smart Cards](https://reader035.fdocuments.in/reader035/viewer/2022062806/56814e56550346895dbbea53/html5/thumbnails/2.jpg)
2
Outline
Introduction The Giri–Srivastava scheme The proposed scheme Conclusions Comments
![Page 3: A Pairing-Based User Authentication Scheme for Wireless Clients with Smart Cards](https://reader035.fdocuments.in/reader035/viewer/2022062806/56814e56550346895dbbea53/html5/thumbnails/3.jpg)
3
IntroductionDas, M.L., A. Saxena, V.P. Gulati and D.B. Phat
ak (2006). A novel remote user authentication scheme usin
g bilinear pairings. Computers and Security, 25(3), 184–189.
Giri, D., and P.D. Srivastava (2006). An improved remote user authentication scheme
with smart cards using bilinear pairings.In Cryptology ePrint Archive.
forgery attack
computational costmulti-server
The proposed scheme
![Page 4: A Pairing-Based User Authentication Scheme for Wireless Clients with Smart Cards](https://reader035.fdocuments.in/reader035/viewer/2022062806/56814e56550346895dbbea53/html5/thumbnails/4.jpg)
4
Bilinear Pairings Bilinear Pairing
Let G1, G2 be cyclic groups of same order q.
G1 : an additive group E(Fp)
G2 : a multiplicative group
P : a generator of G1
Definition
A bilinear map
1. Bilinear:
2. Non-degenerate:
3. Computability: 1there is an efficient algorithm to compute ( , ) for all ,e P Q P Q G
1there exists , such that ( , ) 1P Q G e P Q
*1 , and , allfor ,),(),( q
ab ZbaGQPQPebQaPe
1 1 2:e G G G
![Page 5: A Pairing-Based User Authentication Scheme for Wireless Clients with Smart Cards](https://reader035.fdocuments.in/reader035/viewer/2022062806/56814e56550346895dbbea53/html5/thumbnails/5.jpg)
5
Notations RS : a registration server SS : a service server Ui : a legal user IDi: the identity of the user Ui
IDss: the identity of the service server SS pwi: the password of the user Ui
P: a generator of the group G1
s: the master private key of the RS in Zq∗
PRS: the public key of the RS s.t. PRS = s · P H1(): a one-way hash function {0,1}* → {0, 1}n
H2(): a map-to-point function {0,1}*→ G1 T: a current time stamp ⊕: a simple XOR operation in G1
![Page 6: A Pairing-Based User Authentication Scheme for Wireless Clients with Smart Cards](https://reader035.fdocuments.in/reader035/viewer/2022062806/56814e56550346895dbbea53/html5/thumbnails/6.jpg)
6
Framework
3 roles: Ui
SS RS
4 phases: The registration phase The login phase The verification phase The password change phase
![Page 7: A Pairing-Based User Authentication Scheme for Wireless Clients with Smart Cards](https://reader035.fdocuments.in/reader035/viewer/2022062806/56814e56550346895dbbea53/html5/thumbnails/7.jpg)
7
The Giri–Srivastava Scheme
![Page 8: A Pairing-Based User Authentication Scheme for Wireless Clients with Smart Cards](https://reader035.fdocuments.in/reader035/viewer/2022062806/56814e56550346895dbbea53/html5/thumbnails/8.jpg)
8
The Registration Phase
,i iID pw
2
( )i i RS
i i i
SP pw P
Reg s H ID SP
=
= +
g
gcardSmart
User UiRegistration Server RS
ipw s
2 , , , (), RS i i iP SP Reg H IDSmart card:
![Page 9: A Pairing-Based User Authentication Scheme for Wireless Clients with Smart Cards](https://reader035.fdocuments.in/reader035/viewer/2022062806/56814e56550346895dbbea53/html5/thumbnails/9.jpg)
9
The login and verification phaseUser Ui Serveripw
Choose r
2 , ,Re , (), RS i i iP SP g H IDSmart card:
T ?
2( - , ) ( , ) ( ( ), )i ie D Y P e T B P e T sH ID P= × = ×
2 2( ( ), ) ( ( ), )T Ti RS ie H ID P e H ID s P= ×
![Page 10: A Pairing-Based User Authentication Scheme for Wireless Clients with Smart Cards](https://reader035.fdocuments.in/reader035/viewer/2022062806/56814e56550346895dbbea53/html5/thumbnails/10.jpg)
10
The password change Phase
• The smart card performs:
' '
' '
' '
checks and
-
stores and
i i RS
i i
i i RS
i i i i
i i
SP pw P
ID SP
SP pw P
Reg Reg SP SP
SP Reg
= ×
= ×
= +
'i ipw pw
2 , ,Re , (), RS i i iP SP g H IDSmart card:
![Page 11: A Pairing-Based User Authentication Scheme for Wireless Clients with Smart Cards](https://reader035.fdocuments.in/reader035/viewer/2022062806/56814e56550346895dbbea53/html5/thumbnails/11.jpg)
11
The proposed scheme
![Page 12: A Pairing-Based User Authentication Scheme for Wireless Clients with Smart Cards](https://reader035.fdocuments.in/reader035/viewer/2022062806/56814e56550346895dbbea53/html5/thumbnails/12.jpg)
12
The Registration Phase
,i iID pw
cardSmart
User UiRegistration Server RS
ipw s
(s. QIDi) Wi
![Page 13: A Pairing-Based User Authentication Scheme for Wireless Clients with Smart Cards](https://reader035.fdocuments.in/reader035/viewer/2022062806/56814e56550346895dbbea53/html5/thumbnails/13.jpg)
13
The login and verification phase
2
( , ) ( , ( ) )
( , ( ) ( ))i
e P V e P r h DIDi
e P r h s H ID
= + ×
= + ××
2
( , ) ( , )
( , ( ) ) ( , ( ) ( ))RS i i i
i i
e P U h QID e s P r QID h QID
e s P r h QID e s P r h H ID
+ × = × × + ×
= × + × = × + ×
Regi Wi
![Page 14: A Pairing-Based User Authentication Scheme for Wireless Clients with Smart Cards](https://reader035.fdocuments.in/reader035/viewer/2022062806/56814e56550346895dbbea53/html5/thumbnails/14.jpg)
14
The password change Phase
• The smart card performs:
1
' '
' '1
'
'
( )
checks and
( )
stores and
i i
i i
i i
i i
i i
'i i i i
'i i
W pw P
CW H W
ID CW
W pw P
CW H W
Reg Reg W W
CW Reg
= ×
=
= ×
=
= Å Å
'i ipw pw
Smart card:
![Page 15: A Pairing-Based User Authentication Scheme for Wireless Clients with Smart Cards](https://reader035.fdocuments.in/reader035/viewer/2022062806/56814e56550346895dbbea53/html5/thumbnails/15.jpg)
15
Security proof
Computational Diffie–Hellman (CDH) problem: Given P, xP, yP ∈ G1, finding xyP.
Computational Diffie–Hellman (CDH) assumption: No probabilistic algorithm can solve the CDH
problem with non-negligible advantage within polynomial time.
![Page 16: A Pairing-Based User Authentication Scheme for Wireless Clients with Smart Cards](https://reader035.fdocuments.in/reader035/viewer/2022062806/56814e56550346895dbbea53/html5/thumbnails/16.jpg)
16
Challenger C
(P, xP, yP)
xyP
PRS = xP QIDi = H2(IDi) = yP
Attacker AIDi IDSS
H1( )
L1:(τ,Rh)
τ = (IDi, IDSS, T, U) Rh T σ = (IDi, IDSS, T, U, V )
LoginrT, xT
U = rT · QIDi,
V = (rT + h) · xT
A can generate two valid message σ = (IDi, IDSS, T, U, V ) and σ = (IDi, IDSS, T, U, V )
Forking Lemma
xyP = (V − V')/(h − h')
![Page 17: A Pairing-Based User Authentication Scheme for Wireless Clients with Smart Cards](https://reader035.fdocuments.in/reader035/viewer/2022062806/56814e56550346895dbbea53/html5/thumbnails/17.jpg)
17
Discussions Eviction mechanism
A black ID list A positive list
Clock synchronization problem The smart card should acquire a time stamp or a
random challenge from the server Increase extra transmission between the user and
server but it does not affect the computational cost required by the smart card
Smart card security Poor reparability Insider attack
![Page 18: A Pairing-Based User Authentication Scheme for Wireless Clients with Smart Cards](https://reader035.fdocuments.in/reader035/viewer/2022062806/56814e56550346895dbbea53/html5/thumbnails/18.jpg)
18
Performance(1/2)
TGe: the time of executing the bilinear pairing operation e: G1 × G1 → G2
TGmul: the time for point scalar multiplication on the group G1
TGH: the time of executing the map-to-point hash function H2()
TGadd: the time for point addition on the group G1
TH: the time of executing the one way hash function H1() Tmul: the time for modular multiplication in Zq
![Page 19: A Pairing-Based User Authentication Scheme for Wireless Clients with Smart Cards](https://reader035.fdocuments.in/reader035/viewer/2022062806/56814e56550346895dbbea53/html5/thumbnails/19.jpg)
19
Performance(2/2)
![Page 20: A Pairing-Based User Authentication Scheme for Wireless Clients with Smart Cards](https://reader035.fdocuments.in/reader035/viewer/2022062806/56814e56550346895dbbea53/html5/thumbnails/20.jpg)
20
Conclusions
Mutual authentication Session key establishment