Security Vulnerabilities of an Enhanced Remote User Authentication Scheme

Similar documents
Security Enhanced Dynamic ID based Remote User Authentication Scheme for Multi-Server Environments

An Improved User Authentication and Key Agreement Scheme Providing User Anonymity

Two-Factor User Authentication in Multi-Server Networks

A Secure Dynamic Identity Based Authentication Protocol with Smart Cards for Multi-Server Architecture

Weaknesses of a dynamic ID-based remote user authentication. He Debiao*, Chen Jianhua, Hu Jin

New Remote Mutual Authentication Scheme using Smart Cards

An enhanced dynamic-id-based remote user authentication protocol with smart card

A new remote user authentication scheme for multi-server architecture

Improvement ofmanik et al. s remote user authentication scheme

International Conference on Materials Engineering and Information Technology Applications (MEITA 2015)

arxiv: v1 [cs.cr] 28 May 2013

arxiv: v1 [cs.cr] 20 Jun 2013

Parallelism for Nested Loops with Non-uniform and Flow Dependences

A Time-Bound Ticket-Based Mutual Authentication Scheme for Cloud Computing

Related-Mode Attacks on CTR Encryption Mode

An Optimal Algorithm for Prufer Codes *

Privacy Models for RFID Authentication Protocols

Security analysis and design of an efficient ECC-based two-factor password authentication scheme

An efficient biometrics-based authentication scheme for telecare medicine information systems

A software agent enabled biometric security algorithm for secure file access in consumer storage devices

Security Flaws of Cheng et al. s Biometric-based Remote User Authentication Scheme Using Quadratic Residues

The Shortest Path of Touring Lines given in the Plane

A lightweight password-based authentication protocol using smart card

Analysis and Improvement of a Lightweight Anonymous Authentication Protocol for Mobile Pay-TV Systems (Full text)

Cryptanalysis and Improvement of Mutual Authentication Protocol for EPC C1G2 passive RFID Tag

Load Balancing for Hex-Cell Interconnection Network

Robust EC-PAKA Protocol for Wireless Mobile Networks

The Research of Ellipse Parameter Fitting Algorithm of Ultrasonic Imaging Logging in the Casing Hole

Cluster Analysis of Electrical Behavior

A New Security Model for Cross-Realm C2C-PAKE Protocol

Research Article Robust and Efficient Authentication Scheme for Session Initiation Protocol

A New Secure Mutual Authentication Scheme with Smart Cards Using Bilinear Pairings

Distributed Secret Key Management Based on ECC for Ad-hoc Network Yi-xuan WU, Hua-wei CHEN * and Lei WANG

Fast Computation of Shortest Path for Visiting Segments in the Plane

Empirical Distributions of Parameter Estimates. in Binary Logistic Regression Using Bootstrap

Constructing Minimum Connected Dominating Set: Algorithmic approach

International Journal of Computer Science Trends and Technology (IJCST) Volume 4 Issue 5, Sep - Oct 2016

Quality Improvement Algorithm for Tetrahedral Mesh Based on Optimal Delaunay Triangulation

Resource-Efficient Multi-Source Authentication Utilizing Split-Join One-Way Key Chain

Concurrent Apriori Data Mining Algorithms

Evaluation of an Enhanced Scheme for High-level Nested Network Mobility

Hermite Splines in Lie Groups as Products of Geodesics

Cracking of the Merkle Hellman Cryptosystem Using Genetic Algorithm

Private Information Retrieval (PIR)

Cubic Spline Interpolation for. Petroleum Engineering Data

A Practical Attack on KeeLoq

MULTISPECTRAL IMAGES CLASSIFICATION BASED ON KLT AND ATR AUTOMATIC TARGET RECOGNITION

Clock Skew Compensator for Wireless Wearable. Computer Systems

Research and Application of Fingerprint Recognition Based on MATLAB

Content Based Image Retrieval Using 2-D Discrete Wavelet with Texture Feature with Different Classifiers

Virtual Memory. Background. No. 10. Virtual Memory: concept. Logical Memory Space (review) Demand Paging(1) Virtual Memory

Real-time Motion Capture System Using One Video Camera Based on Color and Edge Distribution

A Frame Packing Mechanism Using PDO Communication Service within CANopen

A New Approach For the Ranking of Fuzzy Sets With Different Heights

Improved Resource Allocation Algorithms for Practical Image Encoding in a Ubiquitous Computing Environment

User Authentication Based On Behavioral Mouse Dynamics Biometrics

Term Weighting Classification System Using the Chi-square Statistic for the Classification Subtask at NTCIR-6 Patent Retrieval Task

Research of Multiple Text Watermarks Technique in Electric Power System Texts

Positive Semi-definite Programming Localization in Wireless Sensor Networks

The Codesign Challenge

A Low-Overhead Routing Protocol for Ad Hoc Networks with selfish nodes

A Secured Method for Image Steganography Based On Pixel Values

An Efficient Password-Only Authenticated Three-Party Key Exchange Protocol

Professional competences training path for an e-commerce major, based on the ISM method

APRAP: Another Privacy Preserving RF Authentication Protocol. Author(s)Miyaji, Atsuko; Rahman, Mohammad Sha

Enhanced Watermarking Technique for Color Images using Visual Cryptography

Conformation of EPC class 1 generation 2 standards RFID. system with mutual authentication and privacy protection

Assignment # 2. Farrukh Jabeen Algorithms 510 Assignment #2 Due Date: June 15, 2009.

Specifications in 2001

Problem Definitions and Evaluation Criteria for Computational Expensive Optimization

Compiler Design. Spring Register Allocation. Sample Exercises and Solutions. Prof. Pedro C. Diniz

Security Weaknesses of a Biometric-Based Remote User Authentication Scheme Using Smart Cards

A Fast Visual Tracking Algorithm Based on Circle Pixels Matching

Research on Categorization of Animation Effect Based on Data Mining

A Topology-aware Random Walk

An Application of the Dulmage-Mendelsohn Decomposition to Sparse Null Space Bases of Full Row Rank Matrices

Analysis of Collaborative Distributed Admission Control in x Networks

Secure and Fast Fingerprint Authentication on Smart Card

Non-Split Restrained Dominating Set of an Interval Graph Using an Algorithm

Scheduling Remote Access to Scientific Instruments in Cyberinfrastructure for Education and Research

Using Particle Swarm Optimization for Enhancing the Hierarchical Cell Relay Routing Protocol

Complex Numbers. Now we also saw that if a and b were both positive then ab = a b. For a second let s forget that restriction and do the following.

Design of the Application-Level Protocol for Synchronized Multimedia Sessions

A new attack on Jakobsson Hybrid Mix-Net

Proper Choice of Data Used for the Estimation of Datum Transformation Parameters

The Greedy Method. Outline and Reading. Change Money Problem. Greedy Algorithms. Applications of the Greedy Strategy. The Greedy Method Technique

Time-Assisted Authentication Protocol

The stream cipher MICKEY-128 (version 1) Algorithm specification issue 1.0

An Efficient Garbage Collection for Flash Memory-Based Virtual Memory Systems

Learning the Kernel Parameters in Kernel Minimum Distance Classifier

X- Chart Using ANOM Approach

Introduction. Leslie Lamports Time, Clocks & the Ordering of Events in a Distributed System. Overview. Introduction Concepts: Time

Face Recognition Based on SVM and 2DPCA

A Lossless Watermarking Scheme for Halftone Image Authentication

On the Security of a Digital Signature with Message Recovery Using Self-certified Public Key

Research Article A Game-Based Secure Localization Algorithm for Mobile Wireless Sensor Networks

A high precision collaborative vision measurement of gear chamfering profile

Available online at Available online at Advanced in Control Engineering and Information Science

Load-Balanced Anycast Routing

Course Introduction. Algorithm 8/31/2017. COSC 320 Advanced Data Structures and Algorithms. COSC 320 Advanced Data Structures and Algorithms

Transcription:

Contemporary Engneerng Scences, Vol. 7, 2014, no. 26, 1475-1482 HIKARI Ltd, www.m-hkar.com http://dx.do.org/10.12988/ces.2014.49186 Securty Vulnerabltes of an Enhanced Remote User Authentcaton Scheme Hae-Soon Ahn Faculty of Lberal Educaton, Daegu Unversty Kyungsangpuk-Do 712-830, Republc of Korea Eun-Jun Yoon 1 Department of Cyber Securty, Kyungl Unversty Kyungsangpuk-Do 712-701, Republc of Korea Copyrght c 2014 Hae-Soon Ahn and Eun-Jun Yoon. Ths s an open access artcle dstrbuted under the Creatve Commons Attrbuton Lcense, whch permts unrestrcted use, dstrbuton, and reproducton n any medum, provded the orgnal work s properly cted. Abstract In 2014, Yang et al. proposed a new dynamc ID-based user authentcaton scheme based on smart card whch s beleved to have many abltes to resst a range of network attacks. However, ths paper analyzes the securty of Yang et al. s scheme and then shows that the scheme not only s stll vulnerable to off-lne password guessng attack, but also does not provde the unlnkablty property and user anonymty because of the dentty guessng attack unlke ther clams. Keywords: User authentcaton; Dynamc dentty; Cryptanalyss; Password; Unlnkablty 1 Introducton Remote user authentcaton schemes are used to verfy the legtmacy of remote users logn request. In verfer-free authentcaton scheme, the user s logn dentty ID s always statc [1]. It means that t can be leak partal nformaton 1 Correspondng author: Eun-Jun Yoon, Fax: +82-53-600-5579

1476 Hae-Soon Ahn and Eun-Jun Yoon related wth the user s logn messages. Furthermore, an adversary can use the nformaton to forge the user s logn messages by some subtle means. One of the solutons to elmnate ths securty problem s to employ dynamc dentty ID n dfferent logn sesson [1, 2, 3, 4]. In 2004, Das et al. [1] frst proposed a dynamc ID-based remote user authentcaton scheme whch can resst replay, masquerade, and nsder attacks. In 2007, Wang et al. [2], however, ponted out that Das et al. s scheme s susceptble to smart card attack and does not provde mutual authentcaton. Then they proposed a more effcent and secure dynamc ID-based remote user authentcaton scheme. In 2011, Khan et al. [3], however, ponted out that Wang et al. s scheme stll s susceptble to nsder attack and does not provde user s anonymty and sesson key agreement. They also proposed a new dynamc ID-based remote user authentcaton scheme. In 2014, Yang et al. [4] ponted out that prevously proposed schemes have weaknesses because of usng tmestamps and lead to serous clock synchronzaton problems and then proposed an enhanced dynamc ID-based remote user authentcaton (n short, ERUA) scheme. Yang et al. clamed that the proposed ERUA scheme provdes mutual authentcaton usng a challenge-response handshake and user s anonymty. Ths paper researches Yang et al. s ERUA scheme and then shows that the ERUA scheme not only s stll vulnerable to off-lne password guessng attack, but also does not provde the unlnkablty property [5] and user anonymty because of the dentty guessng attack [6, 7] unlke ther clams. For ths reason, Yang et al. s ERUA scheme s nsecure for practcal applcaton. The remander of ths paper s organzed as follows. We revew Yang et al. s ERUA scheme n Secton 2. The securty flaws of Yang et al. s ERUA scheme are presented n Secton 3. Fnally, we draw some conclusons n Secton 4. 2 Revew of Yang et al. s ERUA Scheme Ths secton revews the Yang et al. s ERUA scheme [4]. Throughout the paper, notatons are employed n Table 1. The ERUA scheme s dvded nto four phase: regstraton phase, logn phase, authentcaton phase, and password change phase. 2.1 Regstraton phase A user U wth dentfer ID should frst carry out ths phase once before he/she can use any of the servces provded by the server S. In ths phase, U and S need to perform the followng steps: R1. U S: {ID, h(id P W )}

Securty vulnerabltes of an enhanced remote user authentcaton scheme 1477 Table 1: Notatons used n ERUA scheme U A remote user. S A trusted server. ID An dentty of the user U. P W A password of the user U. h( ) A secure one-way hash functon. x A secret key of server S. A btwse excluse-or (XOR) operaton. A concatenaton operaton. User U keys hs/her dentty ID and password P W, and hs/her smart card computes and submts {ID, h(id P W )} to S through a secure channel. R2. S U : {h( ), B, C } After recevng the request, S computes A = h(h(id ) x), B = h(id P W ) A and C = h(a ), where x s the permanent secret key of S. Then, S sends {h( ), B, C } to U through a secure channel. 2.2 Logn phase Whenever U wants to logn a server S, he/she must perform the followng steps: L1. After nsertng hs/her smart card nto the card reader, U nputs the dentty ID and password P W. Then, the smart card computes D = B h(id P W ) and E = h(d ). L2. The smart card checks whether or not E and C are equal. If yes, U passes the legtmate verfcaton and performs the followng steps; otherwse, U s rejected. L3. The smart card randomly chooses a nonce R 1 and computes F = D R 1. L4. U S: {h(id ), F } U sends the logn request message {h(id ), F } to the remote server S.

1478 Hae-Soon Ahn and Eun-Jun Yoon 2.3 Authentcaton phase A user performs the remote authentcaton phase based on the logn message for authentcaton as long as t vsts the server. U and S perform the followng steps to acheve mutual authentcaton and to establsh a sesson key: A1. After recevng the logn message {h(id ), F }, S computes G = h(h(id ) x) and R 1 = F G. Then, S chooses a nonce R 2 and computes H = G R 2. A2. S U : {H, h(r 1)} The server S sends the mutual authentcaton message {H, h(r 1)} to the user U. A3. U S: {h(r 2)} After recevng the mutual authentcaton message {H, h(r 1)} from the server S, the user U checks whether or not h(r 1) and h(r 1 ) are equal. If no, U rejects ths message and termnates the operaton; otherwse, U authentcates S successfully and computes R 2 = H D. Then, U sends {h(r 2)} to S. A4. When the server S receves {h(r 2)}, S checks whether or not h(r 2) and h(r 2 ) are equal. If no, S sends reject message to the U ; otherwse, S authentcates U. After fnshng mutual authentcaton phase, the user U and the server S each can compute a common sesson key SK = h(r 1 R 2 ) for the next data transmsson. 2.4 Password change phase The user U can change hs/her password wthout the help of the server S, and the detals of the password change procedures are as follows: C1. U nserts the smart card, and nput hs/her old password P W and the dentty ID. C2. The smart card computes A = B h(id P W ), C = h(a ), and checks whether or not C and C are equal. If the verfcaton process s correct, the smart card asks the cardholder to resubmt a new password P W new. C3. The smart card computes B new = h(id P W new ) A. C4. The smart card replaces the values of B stored n ts memory wth B new to fnsh the password change phase.

Securty vulnerabltes of an enhanced remote user authentcaton scheme 1479 3 Securty Vulnerabltes of ERUA Scheme Ths secton demonstrates that Yang et al. s ERUA scheme [4] s stll vulnerable to off-lne password guessng attack and does not provde the unlnkablty property and user anonymty because of the dentty guessng attack unlke ther clams. The detals of these flaws are descrbed as follows: 3.1 User anonymty problem Users anonymty s an mportant securty requrement that a practcal dynamc dentty-based remote authentcaton scheme should acheve [7]. In the Yang et al.s ERUA scheme, they clamed that ther proposed scheme preserves user anonymty because a user s real dentty ID s concealed n the h(id ). However, we show that Yang et al.s ERUA scheme [4] stll fals to acheve the anonymty as follows: 1. Eve ntercepts a logn message {h(id ), F } of U of a prevous sesson. 2. Eve guesses an dentty ID and then computes h(id ). 3. Eve verfes the correctness of ID by checkng whether the h(id ) and the ntercepted h(id ) are equal. If the check passes, then Eve confrms that the guessed password ID s the correct one. 4. If t s not correct, Eve chooses another dentty ID and repeatedly performs above steps (2) and (3) untl t fnds the exact dentty ID of U. The adversary Eve can easly guess the dentty ID of U by checkng all possble denttes from the search space D ID, where ndcates the cardnalty of D ID. The runnng tme of the aforementoned procedure s O( D ID ) T h, where T h represents the executon tme of hash operaton. It can be noted that for easy memorzaton, user generally chooses hs/her dentty wth low ntensty value from the set D ID havng small number of elements. Snce D ID s not large enough n practce, for example, D ID 10 6 and the tme complextes T h are also neglgble, thus Eve can complete the above procedure n polynomal tme [6, 7]. 3.2 Lnkablty attack Unlnkablty s a property whch means an adversary cannot recognze whether outputs are from the same user, and ths property s mportant wth respect to the prvacy problem n the anonymous user dentfcaton [5]. However, Yang et al. s ERUA scheme cannot provde unlnkablty property. That s, an

1480 Hae-Soon Ahn and Eun-Jun Yoon adversary Eve can eavesdrop the user U s logn request message {h(id ), F } between the user U and the server S from the publc channel; h(id ) n the logn request message {h(id ), F } s kept the same n every logn sesson. In other words, a malcous adversary Eve s capable of tracng out the user U accordng to h(id ) whch s n the U s logn request message. For example, Eve can perform the followng attack to break user prvacy and anonymty. 1. In any sesson, Eve ntercepts user s logn request message {h(id ), F }. 2. Eve checks whether both h(id ) s equal to h(id ). If ths condton s true, t means that ID ID. So, the attacker can know ths logn request message {h(id ), F } s sent from the same user U. As a result, anyone can decde whether two transactons {h(id ), F } and {h(id ), F } are of the same user U or not by checkng f the followng equaton holds: h(id )? = h(id ). The above lnkablty securty problem n the ERUA scheme happens because anyone can easly check whether the ntercepted two transactons are from the same user or not. Therefore, Yang et al. s ERUA scheme fals n unlnkablty property of U durng the logn phase. 3.3 Off-lne password guessng attack Moreover, Eve can obtan the password P W of U by usng the ID. Suppose that the user U s smart card s lost or stolen, then the attacker Eve can extract the stored secret nformaton {h( ), B, C } stored n the smart card. Eve cam extract the stored secret nformaton by montorng ther tmng nformaton, power consumpton and reverse engneerng technques. Then, Eve can perform the off-lne password guessng attack as follows: 1. Eve selects a canddate password P W 2. Eve checks f the followng equaton holds or not C? = h(b h(id P W )) (1) If the check passes, then Eve confrms that the guessed password P W s the correct one. 3. If t s not correct, Eve chooses another password P W performs above step (2) untl and repeatedly C? = h(b h(id P W )) (2)

Securty vulnerabltes of an enhanced remote user authentcaton scheme 1481 It s clear that f P W P W, then h(b h(id P W )) = h(h(id P W ) A h(id P W )) = h(a ) (3) = C Therefore, Yang et al.s ERUA scheme s vulnerable to off-lne password guessng attack. The algorthm of the off-lne password guessng attack for gettng the password P W s as follows: Off-lne Password Guessng Attack(B, C, ID, h( ), D P W ) { for := 0 to D P W { P W D P W ; A = B h(id P W ); f C? = h(a ) then return P W } } The runnng tme of the above password guessng attack s (O( D ID ) T h ) + (O( D P W ) T c T x T h ), where T c and T x represent the executon tme of concatenaton and bt-wse XOR operatons, respectvely. The search spaces D ID and D P W are unlkely to be large enough (for example, D ID 10 6 and D P W 10 6 ), and the tme complextes T c, T h and T x all can be executed wth neglgble amount of tme, thus the polynomal tme-bounded adversary Eve can fnd the exact password P W of U easly [6, 7]. 4 Conclusons Ths paper revewed Yang et al. s ERUA scheme and then ponted out that the ERUA scheme scheme s stll vulnerable to off-lne password guessng attack and does not provde the unlnkablty property and user anonymty because of the dentty guessng attack unlke ther clams. Consequently Yang et al. s ERUA scheme s nsecure for practcal applcaton. Further works wll be focused on mprovng the ERUA s scheme whch can be able to provde greater securty and to be more effcent than the exstng dynamc ID-based remote user authentcaton schemes by an accurate performance analyss.

1482 Hae-Soon Ahn and Eun-Jun Yoon Acknowledgements Ths work was supported by Basc Scence Research Program through the Natonal Research Foundaton of Korea(NRF) funded by the Mnstry of Educaton, Scence and Technology(No. 2010-0010106). References [1] M. Das, A. Saxena, P. Gulat, A dynamc ID-based remote user authentcaton scheme, IEEE Trans actons on Consumer Electroncs, 50 (2004), 629-631. [2] Y. Wang, J. Lu, F. Xao, J. Dan, A more effcent and secure dynamc ID-based remote user authentcaton scheme, Computer Communcatons, 32 (2009), 583-585. [3] M. Khan, K. Km, K. Alghathbar, Cryptanalyss and securty enhancement of a more effcent & secure dynamc ID-based remote user authentcaton scheme, Computer Communcatons, 34 (2011), 305-309. [4] X. Yang, X. Cu, Z. Cao, Z. Hu, An enhanced remote user authentcaton scheme, Engneerng, 6(1) (2014), 261-267. [5] E.Y. Yoon, K.Y. Yoo, An mprovement of the user dentfcaton and key agreement protocol wth user anonymty, Informatca, 23(1) (2012), 155172. [6] D. Florenco, C. Herley, A large-scale study of web password habts, In Proceedngs of the 16th Internatonal Conference on World Wde Web, (2007), 657-666. [7] S. Islam, G. Bswas, K. Choo, Cryptanalyss of an mproved smartcardbased remote password authentcaton scheme, Informaton Scences Letters, 3(1) (2014), 35-40. Receved: October 4, 2014; Publshed: October 28, 2014

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback