New Remote Mutual Authentication Scheme using Smart Cards

Size: px

Start display at page:

Download "New Remote Mutual Authentication Scheme using Smart Cards"

Bethanie Sparks
5 years ago
Views:

1 New Remote Mutual Authentcaton Scheme usng Smart Cards Rajaram Ramasamy*, Amutha Prabakar Munyand** * Thagarajar College of Engneerng, Madura, Taml Nadu , Inda E mal: rrajaram@tce.edu ** Smart and Secure Lab, Thagarajar College of Engneerng, Madura, Taml Nadu , Inda Abstract. Remote mutual authentcaton based on smart cards s the best practcal soluton for remote accessng. Most of the schemes are password based. In ths paper we propose a new remote mutual authentcaton scheme usng smart cards wthout mantanng the password table. Ths s based on ElGamal s. It provdes hgh securty and mutual authentcaton at a reasonable computatonal cost. Furthermore t restrcts most of the current attackng mechansms. It s smple and can be adopted n any knd of lghtweght devces. 1 Introducton To access resources from a remote system, users should have proper access rghts. One of the smpler and more effcent mechansms s the use of a password authentcaton scheme. To access the resources, each user should have an dentty (ID) and a password (PW). In the exstng tradtonal setup the ID and PW are mantaned by the remote system n a verfcaton table. If a user wants to log n a remote server, he has to submt hs ID and PW to the server. The remote server receves the logn message and checks the elgblty of the user by referencng the password or verfcaton table. If the submtted ID and PW match the correspondng par stored n the server s verfcaton table, the user wll be granted access to the server. A remote password authentcaton scheme s used to authentcate the legtmacy of the remote user over an nsecure channel. In such a scheme, the password s often regarded as a secret shared between the authentcaton server (AS) and the user, and serves to authentcate the dentty of the ndvdual logn. Through knowledge of the password, the remote user can create a vald logn message to the authentcaton server. AS checks the valdty of the logn mes 141

2 142 Rajaram Ramasamy, Amutha Prabakar Munyand sage to provde the access rght. Password authentcaton schemes wth smart cards have a long hstory n the remote user authentcaton envronment. 1.1 Problems n the Tradtonal Method Two problems are found n ths exstng tradtonal mechansm. 1. The admnstrator of the server wll come to know the password, because the server mantans the password table. 2. An ntruder can mpersonate a legal user by stealng the user s ID and PW from the password table. To add to the woes, the current Internet s vulnerable to varous attacks such as denal of servce attack, forgery attack, forward secrecy attack, server spoofng attack, parallel sesson attack, guessng attack, replay attack, smart card loss attack, and stolen verfer attack. In ths paper we propose a new remote mutual authentcaton scheme usng smart cards wthout password table, whch crcumvents most of these attacks. In the proposed method the remote system does not mantan the password table, but nstead mantans the one tme regstraton date and tme of the users. In ths paper, we propose an mproved remote user authentcaton scheme based on ElGamal, usng smart cards. We have ncorporated mutual authentcaton, whch enhances the securty mechansm further. Our proposed scheme ressts most of the attackng mechansms. Ths paper s organzed as follows, n secton 2 we revew the Hwang L scheme [7] and Awasth Lal scheme [14]. In secton 3, we propose a new remote mutual authentcaton scheme wthout usng password table. In secton 4, we provde a securty analyss of our proposed scheme. In Secton5, we analyze the cost and functonalty of the related scheme. Fnally, n secton 6, we conclude our paper. 2 Related Work In 1981 Lamport [1] proposed a remote password authentcaton scheme usng a password table to acheve user authentcaton. The Lamport [1] scheme s not secure, due to some vulnerabltes. A remote user authentcaton scheme usng smart cards was proposed by Hwang L [7]. Hwang L s scheme s based on the ElGamal s [2] publc key scheme. Ths scheme can wthstand the replayng attack by ncludng tme stamp n the logn message. Moreover, the remote system does not need to store a password table for verfyng the legtmacy of the logn users. The system only needs to mantan a secret key, whch s used to compute user passwords, based on user submtted denttes n the authentca

3 New Remote Mutual Authentcaton Scheme usng Smart Card 143 ton phase. As the securty of the scheme reles on the dffculty of computng dscrete logarthms over fnte felds, t s dffcult for the users to compute the secret key of the system from known nformaton. Ths scheme s breakable only by one of ts legtmate users. A legtmate user can mpersonate other legal users by constructng vald pars of user denttes wthout knowng the secure key of the system. Later, Shen [15] analyzed mpersonaton attack of Chan [8] on Hwang L s [7] scheme, and suggested methods to repulse t. Awasth Lal [14] presented a remote user authentcaton scheme usng smart cards wth forward securty. Forward securty ensures that the prevously generated passwords n the system are secure even f the system s secret key s compromsed. Yoon et al. [23] ctng Awasth Lal [14] proposed a hash based authentcaton scheme based on the work of Chen et al.[13]. In the authentcaton phase, the system cannot valdate the logn request message to compute the password of the user. Yoon et al. [23] presents an enhancement to resolve the problems n the abovementoned scheme based on hash functon. Ths scheme enables users to change ther passwords freely and securely wthout the help of a remote server. It also provdes secure mutual authentcaton In 2004 Kumar [21] proposed a scheme, whch s secure aganst forgery. To obtan ths securty, ths scheme suggests some modfcaton n logn and authentcaton phases. Ths scheme s the modfed form of the Hwang et al. [15] scheme and uses one more functon CK to generate the check dgt of Kumar [21] for each regstered dentty. In ths scheme, only the AS can generate a vald dentty and the correspondng check dgt. Fan et al. [25] proposed a robust remote authentcaton scheme wth smart cards. He clamed that hs scheme satsfes the followng propertes: 1) low computaton for smart cards; 2) no password table; 3) password chosen by the users themselves; 4) no need for clock synchronzaton and delay tme lmtaton; 5) wthstand the replay attack; 6) server authentcaton; 7) wthstand the offlne dctonary attack wthout smart cards; 8) wthstand the offlne dctonary attack wth smart cards; 9) revokng the lost cards wthout changng the user s denttes. The major contrbuton of Fan et al. [25] scheme provdes a method for preventng the offlne dctonary attack even f the secret nformaton stored n a smart card s compromsed. The major drawbacks of hs scheme are the hgher computaton and communcaton costs, because of usng Rabn s publckey cryptosystem. Furthermore, hs scheme does not provde a functon for sesson key agreement and cannot prevent the nsder attack. Ku et al. [19] proposed an mprovement to prevent the reflecton attack mentoned by Mtchell [3] and an nsder attack dscussed by Ku et al. [16]. In addton, they showed that Chen [13] scheme s vulnerable and can be compromsed. Furthermore, Ku et al. [19] proposed an mprovement to Chen [13]

4 144 Rajaram Ramasamy, Amutha Prabakar Munyand scheme to prevent the above mentoned weaknesses. However, the mproved scheme s not only susceptble to parallel sesson attack proposed by Hsu [22], but also nsecure for changng the user s password n password changng phase. Dfferent types of password authentcaton schemes have been proposed by [4], [5], [6], [7], [9], [13], [11], [12], [10] and [20]. Hwang et al. [26] present the survey of all currently avalable passwordauthentcaton related schemes and get them classfed n terms of several crucal crtera. Tsa et al. ponted out that most of the exstng schemes are vulnerable to varous attacks and fal to serve all the purposes that an deal password authentcaton scheme should, and defne all possble attacks and goals that an deal password authentcaton scheme should wthstand and acheve. Tan e.t al. [27] show that Yoon et al. scheme [23] s subject to forgery attacks f the nformaton stored n the smart card s stolen. Ths volates the two factor securty objectve of the smart cards based remote user authentcaton schemes. Tan et al. propose an amendment to ths problem and propose two new schemes, whch are more effcent and secure than Yoon et al. s scheme. Lu Yonglang et al. [28] proposed a novel ECC based wre less authentcaton protocol. 3 New Remote Mutual Authentcaton Scheme Usng Smart Cards In ths paper, we propose a new remote mutual authentcaton scheme usng smart cards. Our proposed scheme s composed by an ntal phase, a regstraton phase, a logn phase and an authentcaton phase. Whenever a new user regsters through the regstraton phase, the server ssues the smart card and password, whch holds the related nformaton, and sends t through the secure channel. To access the remote server, user nserts hs smart card nto the devce and keys the password. The server authentcates the user n the authentcaton phase. Lee et al. [17] and Kumar [21] pont out that Awasth Lal fals to provde forward securty because the regstraton tme of the user s stored n the smart card tself. Ths does not apply to our scheme, as the regstraton tme s stored n an encrypted form n the server. The phases n our proposed scheme are explaned below. 3.1 Intal Phase The Authentcaton Server (AS) generates the followng parameters p : a large prme number

5 New Remote Mutual Authentcaton Scheme usng Smart Card 145 f (.) : A one way functon x s : the secret key of the system, mantaned by the server T R : Regstraton Tmestamp of every user, mantaned by the server n an encrypted form, usng the server s secret key. 3.2 Regstraton Phase A useru who wants to regster to access the server servces, submts ts ID to the AS. AS computes PW as PW ( ) x s = ID TR mod p Here T R s the one tme regstraton tme and date of the user U as got from the system clock and mantaned by the server. Regstraton center ssues a password PW and a smart card, ncorporated wth the publc parameters ( f (.), p ). 3.3 Logn Phase User U nserts the smart card to the smart card reader and keys ID and PW. The smart card wll perform the followng operatons, 1. Generate a random number r r 2. Compute C1 = PW mod p 3. Compute t = f( T PW ) mod( p 1), where T s the current date and tme of the smart card reader. t 4. Compute M = PW mod p t 5. Compute C2 = M( C1)mod p 6. Sends a logn request C = ( ID, C1, C2, T) to the remote system (Authentcaton Server AS). 3.4 Authentcaton Phase Assume AS receves the message C at tme T c, where Tc s the current date and tme of the AS. Then AS takes the followng actons, 1. Check the format of ID. If the dentty format s correct, then AS wll accept the logn request. Otherwse, the request wll be rejected. 2. Check the valdty of the tme nterval between T and T c. 3. Check whether the followng equaton, t 1 f ( T PW ) C ( C ) = ( PW) mod p s satsfed. It s dffcult for 2 1

6 146 Rajaram Ramasamy, Amutha Prabakar Munyand user U to compute the secret key x s and fnd the regstraton tme TR of the system from the equaton, PW ( ) x s = ID TR mod p Now mutual authentcaton message s composed as follows, t = f( Ts PW ) Here T s s the current tme of the remote system. t C mod 3 = C1 p * 4. Send the mutual authentcaton message C = ( C3, T s ) to user U. * 5. User U receves the mutual authentcaton message C and checks the valdty of the message. * t putesc mod 3 = C1 pand checks wth the receved C 3 value. If t s vald then accepts, otherwse rejects and generates a new logn request. 4 Securty Analyss of the Proposed Scheme In ths secton we dscuss the enhanced securty features of the proposed scheme. Our proposed scheme wthstands most of the attackng methods. 4.1 Denal of Servce Attack In our proposed scheme, the logn request s generated based on a password and the current tme. The logn request generaton does not depend on any prevous nformaton: every tme t s a new one wth current tme. The attacker cannot create or update the false nformaton to logn 4.2 Forgery Attack The attacker cannot create a vald password wthout knowng the regstraton tme T R and the secret key of server x s. So the attacker cannot create a vald logn request and act as a legal user 4.3 Password Guessng Attack x In our scheme, the password s computed as follows PW ( ) s = ID TR mod p. Suppose an adversary ntercepts the logn request C = ( ID, C1, C2, T) of a user U. It s not possble to recover the orgnal password from the logn re

7 New Remote Mutual Authentcaton Scheme usng Smart Card 147 quest message. The system. T R value s unque and 4.4 Parallel Sesson Attack xs s the secret key of the remote Suppose an adversary ntercepts the logn messagec = ( ID, C1, C2, T), the adversary cannot create a vald new logn message. Here C 1 and C 2 values are fresh for every tme. The adversary cannot fnd the value of r and t = ( T PW ). 4.5 Smart Card Loss Attack Suppose user U loses hs smart card, the adversary cannot use ths card wthout knowng the password of the user U. Suppose an adversary wants to change the password, he must know the orgnal password. Thus hs attempt to mpersonate user U fals. 4.6 Mutual Authentcaton The user U wants to log on to the remote system S and sends a logn request to S. Suppose an adversary ntercepts the logn request and attempts to mpersonate as remote system S. The adversary cannot calculate the vald t C mod 3 = C1 p wthout knowng the value PW, and cannot get the PW value from the logn message. The adversary agan fals to mpersonate the remote system S. 5 Analyss of Cost and Functonalty In ths secton, we present a comparson between our scheme and three other schemes. All the 4 schemes are based on ElGamal s, but only the proposed scheme facltates mutual authentcaton. Table 1 llustrates the computatonal cost for each phase. Scheme E1 E2 E3 Our Scheme 1 Ds Log 1 Hash + 2 Ds-log 2 Hash + 3 Ds-log Hwang L s [7] 1 Ds-log 1 Hash + 2 Ds-log 1 Hash + 2 Ds-log Awasth [17] 1 Ds-log 1 Hash + 2 Ds-log 1 Hash + 2 Ds-log

8 148 Rajaram Ramasamy, Amutha Prabakar Munyand Kumar [24] 1 Ds Log 1 Hash + 2 Ds log 1 Hash + 2 Ds Log Table 1: Cost comparson between Our Scheme and Related Schemes Computatonal cost comparson between our scheme and related schemes. Here, E1 stands for the computaton cost of the Regstraton phase, E2 stands for the computatonal cost for the logn phase, E3 stands for the computaton cost for the authentcaton phase, Ds log for dscrete logarthm, and Hash for hash functon. Obvously due to ncluson of mutual authentcaton, our scheme entals a hgher computatonal cost. 6 Securty Comparson Table 2 shows the securty requrements of the related schemes. Hwang s, Awasth Lal and Kumar s scheme are based on the publc key ElGamal scheme. Schemes S1 S2 S3 S4 S5 S6 S7 S8 S9 Hwang L [7] Y N N N Y Y Y Y Y Awasth [17] Y Y Y N Y Y Y Y Y Kumar [24] Y Y Y N Y Y Y Y Y Our Scheme Y Y Y Y Y Y Y Y Y Table 2: Securty Comparson wth related schemes In ths table we consder all the attacks dentfed and defned by Tsa Lee Hwang [24]. They are the ones descrbed below. In the table, Y stands for acheved and N for non acheved. S1 Denal of Servce Attacks: An attacker can update false verfcaton nformaton of a legal user for the next logn phase. Afterwards, the legal user wll not be able to logn successfully anymore S2 Forgery Attacks (Impersonaton Attacks): An attacker attempts to modfy ntercepted communcatons to masquerade the legal user and log n the system S3 Forward Secrecy: It ensures that the prevously generated passwords n the system are secure even f the system s secret key has been revealed n publc by accdent or has been stolen

9 New Remote Mutual Authentcaton Scheme usng Smart Card 149 S4 Mutual Authentcaton: The user and the server can authentcate each other. Not only can the server verfy the legal users, but the users can also verfy the legal server. Mutual authentcaton can help wthstand the server spoofng attack where an attacker pretends to be the server to manpulate senstve data of the legal users S5 Parallel Sesson Attack: Wthout knowng a user s password, an attacker can masquerade as the legal user by creatng a vald logn message out of some eavesdropped communcaton between the user and the server S6 Password Guessng Attack (Offlne dctonary attack): Most passwords have such low entropy that the system s vulnerable to password guessng attacks, where an attacker ntercepts authentcaton messages, stores them locally and then attempts to use a guessed password to verfy the correctness of hs/her guess usng these authentcaton messages S7 Replay Attacks: Havng ntercepted prevous communcatons, an attacker can mpersonate the legal user to log n the system. The attacker can replay the ntercepted messages S8 Smart Card Loss Attacks: When the smart card s lost or stolen, unauthorzed users can easly change the password of the smart card, or can guess the password of the user by usng password guessng attacks, or can mpersonate the user to log n the system S9 Stolen Verfer Attacks: An attacker who steals the password verfer (e.g., hashed passwords) from the server can use the stolen verfer to mpersonate a legal user to log n the system 7 Concluson Hwang L [7] proposed a remote user authentcaton scheme usng smart cards. Awasth Lal [14] proposed a remote user authentcaton scheme wth forward securty. Both schemes suffer dfferent types of attacks. In ths paper we propose a new remote mutual authentcaton scheme usng smart cards. Our proposed scheme wthstands most of the current attackng mechansms. Awasth Lal s scheme suffers from stolen verfer attack. In our method, stolen verfer attack wll not work. The user password s not related to any nformaton stored n the smart card and the server wll not mantan any password table. The server mantans the regstraton tme of all the users n the encrypted format by usng ts secret key. It s dffcult for the attacker to fnd the password wthout knowng the regstraton tme of the user and the secret key of the remote system.

10 150 Rajaram Ramasamy, Amutha Prabakar Munyand Acknowledgment Ths work was supported by grants from Natonal Techncal Research Organzaton, of Government of Inda. The authors thank the Prncpal and Head of the Department of Computer Scence and Engneerng of Thagarajar College of Engneerng, Madura, Inda, for the support and encouragement. References [1] L. Lamport (1981), Password authentcaton wth nsecure communcaton, Communcaton of the ACM, Vol. 24, No. 11, pp [2] T. ElGamal (1985), A publc key cryptosystem and a sgnature scheme based on dscrete logarthms, IEEE Transactons on Informaton Theory, Vol. 31, No. 4, pp , July. [3] C. Mtchell (1989), Lmtaton of challenge response entty authentcaton, Electroncs Letters, Vol. 25, No.17, pp , Aug. [4] C. C. Chang and T. C. Wu (1993), Remote password authentcaton wth smart cards, IEE Proceedngs E, Vol. 138, No. 3, pp [5] C. C. Chang and S. J. Hwang (1993), Usng smart cards to authentcate remote passwords, Computers and Mathematcs wth applcatons, Vol. 26, No. 7, pp [6] T. C. Wu (1995), Remote logn authentcaton scheme based on a geometrc approach, Computer Communcaton, Vol. 18, No. 12, pp [7] M. S. Hwang and L. H. L (2000), A new remote user authentcaton scheme usng smart cards, IEEE Transactons on Consumer Electroncs, Vol. 46, No. 1, pp , February. [8] C. K. Chan and L. M. Cheng (2000), Cryptanalyss of a remote user authentcaton scheme usng smart cards, IEEE Transactons on Consumer Electroncs, Vol. 46, pp [9] L. H. L, L. C. Ln and M. S. Hwang (2001), A remote password authentcaton scheme for mult server archtecture usng neural networks, IEEE Transactons Neural Networks, Vol. 12, No. 6, pp [10] Y. L. Tang, M. S. Hwang and C. C. Lee (2002), A smple remote user authentcaton scheme, Mathematcal and Computer Modelng, Vol. 36, pp

11 New Remote Mutual Authentcaton Scheme usng Smart Card 151 [11] C. C. Lee, M. S. Hwang and W. P. Yang (2002), A flexble remote user authentcaton scheme usng smart cards, ACM Operatng Systems Revew, Vol. 36, No. 3, pp [12] C. C. Lee, L. H. L, and M. S. Hwang (2002), A remote user authentcaton scheme usng hash functons, ACM Operatng Systems Revew, Vol. 36, No. 4, pp [13] H. Y. Chen, J. K. Jan, and Y. M. Tseng (2002), An effcent and practcal soluton to remote authentcaton: smart card, Computers & Securty, Vol. 21, No. 4, pp [14] A K. Awasth and Sunder Lal (2003), A Remote User Authentcaton Scheme usng Smart Cards wth Forward Securty, IEEE Transactons on Consumer Electroncs, Vol. 49, No. 4, pp , [15] J. J. Shen, C. W. Ln and M. S. Hwang (2003), A modfed Remote User Authentcaton Scheme usng Smart Card, IEEE Transactons on Consumer Electroncs, Vol. 49, No. 2, pp [16] W. C. Ku, C. M. Chen, and H. L. Lee (2003), Cryptanalyss of a varant of Peyravan Zunc s password authentcaton scheme, IEICE Transacton on Communcaton, Vol. E86 B, No. 5, pp , May. [17] Sung Woon Lee, Hyun Sung Km, and Kee Young Yoo (2004) Comment on a Remote User Authentcaton Scheme usng Smart Cards wth Forward Secrecy. IEEE Transactons on Consumer Electroncs, Vol 50. No 2. May. [18] M. Kumar (2004), Some Remarks on a Remote User Authentcaton Scheme Usng Smart Cards wth Forward Secrecy. IEEE Transactons on Consumer Electroncs, Vol 50. No 2. May. [19] W. C. Ku, and S. M. Chen (2004), Weakness and mprovement of an effcent password based user authentcaton scheme usng smart cards, IEEE Transactons on Consumer Electroncs, Vol. 50, No. 1, pp , Feb. [20] A. K. Awasth and S. Lal (2004), An enhanced remote user authentcaton scheme usng smart cards, IEEE Transactons on Consumer Electroncs, Vol. 50, No. 2, pp , May. [21] M. Kumar (2004), New remote user authentcaton scheme usng smart cards, IEEE Transactons on Consumer Electroncs, Vol. 50, No. 2, pp May.

12 152 Rajaram Ramasamy, Amutha Prabakar Munyand [22] C. L. Hsu (2004), Securty of Chen et al s remote user authentcaton scheme usng smart cards, Computer Standards and Interfaces, Vol. 26, No. 3, pp [23] Eun Jun Yoon, Eun Kyung Ryu, and Kee Young Yoo (2004), Further Improvement of an Effcent password based Remote Authentcaton Scheme usng smart cards, IEEE Transacton on Consumer Electroncs, Vol. 50, No. 2, pp , May. [24] Eun Jun Yoon, Eun Kyung Ryu, and Kee Young Yoo (2004), Effcent remote user authentcaton scheme based on generalzed ElGamal sgnature scheme, IEEE Transacton on Consumer Electroncs, Vol. 50, No. 2, pp , May. [25] C. Fan, Y. Chan, and Z. Zhang (2005), Robust remote authentcaton scheme wth smart cards, Computers and Securty, Vol. 24, No. 8, pp , Nov. [26] C.S. Tsa, Cheng Ch Lee, and Mn Shang Hwang (2006), Password Authentcaton Schemes: Current Status and Key Issues, Internatonal Journal of Network Securty, Vol.3, No.2, PP , Sept [27] X. Tan, Robert W. Zhu, and Duncan S. Wong (2007), Improved Effcent Remote User Authentcaton Schemes, Internatonal Journal of Network Securty, Vol.4, No.2, PP , Mar. [28] Lu Yonglang, Wen Gao, Hongxun Yao and Xnghua Yu (2007), Ellptc Curve Cryptography Based Wreless Authentcaton Protocol, Internatonal Journal of Network Securty, Vol.5, No.3, PP , Nov.

Security Enhanced Dynamic ID based Remote User Authentication Scheme for Multi-Server Environments

Security Enhanced Dynamic ID based Remote User Authentication Scheme for Multi-Server Environments Internatonal Journal of u- and e- ervce, cence and Technology Vol8, o 7 0), pp7-6 http://dxdoorg/07/unesst087 ecurty Enhanced Dynamc ID based Remote ser Authentcaton cheme for ult-erver Envronments Jun-ub