Internatonal Journal of u- and e- ervce, cence and Technology Vol8, o 7 0), pp7-6 http://dxdoorg/07/unesst087 ecurty Enhanced Dynamc ID based Remote ser Authentcaton cheme for ult-erver Envronments Jun-ub Km and Jn Kwa IT onvergence Research Insttute, ungyunwan nversty, Korea Department of Informaton and ompute Engneerng, Aou nversty, Korea smsaa@gmalcom, securty@aouacr Abstract ult-server envronments are that the user regsters the sngle regstraton server and snce the user uses the servce to authentcate on mult-server For ths, many user authentcaton schemes have been proposed for mult-server envronments In 0, L, et al, proposed dynamc ID based remote user authentcaton scheme for mult-server envronments nfortunately, ther scheme s vulnerable to forgery attacs and replay attacs In ths paper, we analye the securty vulnerabltes of L et al s scheme, and propose dynamc ID based remote user authentcaton scheme for mult-server envronments The proposed scheme ensures the safety to varous attacs such as forgery attacs and replay attacs Just le the exstng schemes, our scheme s effcent at usng the hash functon and exclusve-or operaton Keywords: Dynamc ID, utual authentcaton, Password, ult-erver Envronment Introducton ser authentcaton s used to authentcate a legtmate user through an nsecure channel Accordng to the use envronment, user authentcaton can be dvded nto user authentcaton n sngle-server envronments and user authentcaton n mult-server envronments For user authentcaton n mult-server envronments, users can regster at a regstraton center to access a server that s assocated wth the regstraton center any user authentcaton schemes have been proposed for mult-server envronments [ ] In 009, Hsang and hh proposed a secure dynamc-id-based remote user authentcaton scheme for mult-server envronments [7] They clamed that ther scheme s secure and more effcent than Lao and Wang s scheme nfortunately, Lee, et al, ponted out that Hsang and hh s scheme s vulnerable to masquerade attacs and server spoofng attacs, s not easly reparable, and cannot provde mutual authentcaton [8] To solve these problems, Lee, et al, proposed an mprovement to Hsang and hh s scheme Recently, L, et al, showed that Lee, et al s scheme does not provde authentcaton and s vulnerable to forgery attacs and server spoofng attacs [9] In addton, L et al, proposed a scheme based on Lee, et al s scheme However, ther scheme s vulnerable to forgery attacs and replay attacs In ths paper, we analye the securty vulnerabltes of L, et al s dynamc-id-based remote user authentcaton scheme and then we propose a securty enhanced dynamc ID based remote user authentcaton scheme for mult-server envronments Ths study s organed as follows: ecton descrbes a bref revew of L, et al s scheme, and ecton analye the securty vulnerabltes of L et al s scheme In ecton, we propose a securty enhanced dynamc ID based remote user authentcaton scheme for mult-server envronments In ecton, we analye our proposed scheme of the securty requrements and performance Fnally, ecton 6 presents our concluson I: 00-6 IJET opyrght c 0 ER
Internatonal Journal of u- and e- ervce, cence and Technology Vol8, o 7 0) Revew of L, et al s cheme Regstraton Phase tep R R : { ID, A } The user selects dentty ID and password PW and computes A h b PW ) where b s a random number generated by sends ID and A to R through a secure channel, tep R After recevng a regstraton message from, R computes h x y ) and h ID h y )) usng x, y, and ID, where x and y are the master secret ey and a secret number selected by R, and ID s the dentty of the server tep R R : { smart card [, D, E, h ), h y )]} R sends h x y ) and h ID h y )) to server through a secure channel and computes B h ID x ), h ID h y ) A ), D h B h x y )), and E and B h x y ) Then R ssues the smart card contanng [, D, E, h ), h y )] delvers t to tep R E, b, h ), h y )] Logn phase through a secure channel enters b nto hs/her smart card, and the smart card contans, D, [ tep L The user nserts hs/her smart card nto the devce and nputs ID and PW Then the smart card computes A h b PW ) and h ID h y ) A ) and checs whether s equal to If they are not equal, the procedure s termnated tep L Otherwse, the smart card generates a random nonce P and computes E h h ID h y )) ), ID A h D ID ), h P ID D ), and h ID h y )) tep L { P, ID,, } : sends P, ID,, and to Verfcaton Phase tep V After recevng the logn request message from, computes h ID h y )), E P h h ID h y )) ), B E h x y ), h B h x y )), A ID h D ID ), and h P ID D ) Then, checs whether s equal to If they are equal, accepts the logn request to tep V Then, generates a random nonce and computes h D A ID ) and A, and sends and to D 8 opyrght c 0 ER
Internatonal Journal of u- and e- ervce, cence and Technology Vol8, o 7 0) tep V After recevng the authentcaton message from and h D A ID ), computes Then, checs whether s equal to If they are equal, authentcates ext, computes h D A ID ) and sends to tep V After recevng the mutual authentcaton message from h D A ID ) and checs whether the procedure s termnated Otherwse, authentcaton s completed s equal to authentcates A, computes If they are equal,, and the mutual After the mutual authentcaton, and computes K h D A ID ) for future secure communcaton Vulnerablty of L, et al s cheme Forgery Attac Assume that an attacer Z s a legal user of the system, stolen s smart card, and eavesdrops the communcaton between and Then, Z extracts the parameters [, D, E, b, h ), h y )] stored n h ID h y )) and A ID h D ID ) s smart card and computes tep Z nserts hs/her smart card nto the devce and nputs ID and PW The smart card computes A h b PW ) and h ID h y ) A ) and checs whether s equal to Z generates a random number and computes P E h h ID h y )) ), ID A h D ID ), h P ID D ), and h ID h y )) tep Then, Z sends the forged logn request message { P, ID,, } to server tep After recevng the logn request message P, ID,, } {, computes h ID h y )), E P h h ID h y )) ), B E h x y ), h B h x y )), A ID h D ID ), and h P ID D ), and checs whether s equal to If they are equal, accepts the logn request to Z tep generates a random nonce, computes h D A ID ) and A, and sends and to Z tep After recevng the authentcaton message {, }, Z computes A and h D A ID ) and authentcates because s equal to Then, Z computes h D A ID ) and sends to tep 6 After recevng the mutual authentcaton message { }, computes h D A ID ) and checs whether s equal to If they are equal, D opyrght c 0 ER 9
Internatonal Journal of u- and e- ervce, cence and Technology Vol8, o 7 0) authentcates Z Therefore, L, et al s scheme s vulnerable to forgery attac Replay Attac Assume that an attacer Z eavesdrops the communcaton message P, ID,,,,, } between message { P, ID,, } to { and Then, Z sends the prevous logn request tep After recevng the logn request message P, ID,,, } {, computes h ID h y )), E P h h ID h y )) ), B E h x y ), D h B h x y )), A ID h D ID ), and h P ID D ) and checs whether s equal to If they are equal, accepts the logn request to Z tep and generates a random nonce A and computes h D A ID ) tep Then, sends and to Z tep After recevng the authentcaton message, }, Z checs whether { s equal to, where s the same value wth receved from If they are equal, Z authentcates and sends to tep After prevously recevng the mutual authentcaton message { }, computes h D A ID ) and checs whether s equal to If they are equal, authentcates Z Therefore, L, et al s scheme s vulnerable to replay attacs The Proposed cheme In ths secton, we propose securty enhanced dynamc ID based remote user authentcaton scheme for mult-server envronments Regstraton center R selects the master secret ey x and a secret number y, computes h x y ) and h ID h y )), and then shares them wth server though a secure channel Ths scheme conssts of four phases: regstraton phase, logn phase, verfcaton phase, and password change phase otaton Table shows the notaton used descrbe our proposed scheme 0 opyrght c 0 ER
Internatonal Journal of u- and e- ervce, cence and Technology Vol8, o 7 0) otaton Descrpton The th user The th server R Regstraton center ID Identty of PW Password of ID Identty of Table otaton of or cheme ID Dynamc ID of x aster secret ey of regstraton center y ecret number of regstraton center h ) A one-way hash functon Exclusve OR operaton oncatenaton operaton A B : X X s transmtted from A to B Regstraton Phase When a user wants to regster wth R, he/she performs the followng steps: tep R R { ID, h ID ), h b PW )} : selects dentty ID and password PW, and computes h ID ) and h b PW ), where b s a random number generated by Then sends h ID ), and h b PW ) to R for regstraton through a secure channel ID, tep R R : { smart card [ A,, D, h ), h y )]} R computes the followngs: A h h ID ) h b PW )) B h x ID ) D E h ID ) h B h x y )) B h x y ) Then, R ssues a smart card contanng [ A, D, E, h ), h y )] and delvers t to through a secure channel tep R enters b nto hs/her smart card and, and the smart card contans [ A, D, E, b, h ), h y )] Fgure Regstraton Phase n our cheme opyrght c 0 ER
Internatonal Journal of u- and e- ervce, cence and Technology Vol8, o 7 0) Logn Phase tep L password nserts hs/her smart card nto the devce and nputs dentty ID and PW The smart card computes ID ) h, b PW ) h, and h h ID ) h b PW )) and checs whether A s equal to A If they are not equal, the procedure s termnated Otherwse, proceeds the followng steps tep L The smart card computes the followngs: ID h b PW ) h h ID ) ID ) A h ID h y )) h h ID h y )) ) E h E h ID h y )) ) D h h b PW ) ID D E ), where s a random nonce generated by tep L { ID,,,, } : sends ID,,,, and to Verfcaton Phase tep V E B D computes the followngs: h ID h y )) E h h ID h y )) h x y ) h E h ID ) h y )) h ID ) D h B h x y )) h b PW ) ID h h ID ) ID ) h h b PW ) ID D E ) ) tep V checs whether s equal to If they are equal, generates random nonce Then, computes the followngs: h b PW ) h h b PW ) h ID ) ID ), 6 and sends and 6 to tep V computes the followngs: h b PW ) 6 h h b PW ) h ID ) ID ), and checs whether 6 s equal to 6 If they are equal, authentcates computes 7 h h b PW ) h ID ) ID ) and sends 7 to tep V whether Then, computes h h b PW ) h ID ) ID ) and checs 7 s equal to 7 authentcates 7 If they are not equal, the procedure s termnated Otherwse, and the mutual authentcaton s completed opyrght c 0 ER
Internatonal Journal of u- and e- ervce, cence and Technology Vol8, o 7 0) After the mutual authentcaton, and computes K h h b PW ) h ID ) ID ) for future secure communcaton Password hange Phase tep P password Fgure Logn and Verfcaton Phase n our cheme nserts hs/her smart card nto the devce and nputs dentty PW ID and tep P The smart card computes ID ) h b PW )), and checs whether s termnated Otherwse, b h, b PW ) A s equal to h, and A h h ID ) A If they are not equal, the procedure nputs a password PW and a random number tep P The smart card computes ID ) h, h b ), A h h ID PW ) h b )), and D D h ID ) h ID ) tep P Fnally, the smart card replaces A wth A, and D wth D Fgure Password hange Phase n our cheme opyrght c 0 ER
Internatonal Journal of u- and e- ervce, cence and Technology Vol8, o 7 0) Analyses ecurty Analyss Table compares the securty of exstng schemes wth our proposed scheme Our scheme has the followng securty propertes: Known-ey ecrecy: If an attacer obtans the sesson ey K n the prevous sesson, he/she cannot compute sesson ey n later sesson As the nature of a one-way hash functon, an attacer cannot obtan h ID ) and h b PW ) n sesson ey Also f an attacer are stolen s smart card or eavesdrops the prevous message, he/she compute the sesson ey from t Forward ecrecy: If an attacer obtans the master secret ey x, he/she cannot compute the sesson ey of the prevous sesson The reason cannot now b, ID, and PW Although an attacer are stolen s smart card or eavesdrops the prevous message, he/she compute the prevous sesson ey wthout nowng b, ID, and PW Replay Attac: Assume that an attacer eavesdrops on the logn request message { ID,,,,,, 6, 7 } for the prevous sesson An attacer s replayng the eavesdroppng message to authentcate, but he/she cannot authentcate from the server Forgery Attac: Because an attacer cannot now b, ID, PW,, h y ), E, and D, he/she cannot compute the logn request message { ID,,,, } Although an attacer are a legtmate user of the system, he/she cannot compute the logn request message because of wthout nowng b, PW, and ID Even though an attacer also obtan user s smart card, he/she cannot compute the logn request message because of wthout nowng ID and PW erver poofng Attac and Regstraton enter poofng Attac: When an attacer masquerade as a legtmate server, he/she cannot obtan h ID ) and h b PW ) because of wthout nowng h x y ) Also because a legtmate server cannot now h y ), he/she cannot masquerade as the other server An attacer cannot masquerade as a legtmate regstraton center because of wthout nowng x and y tolen mart ard Attac: Assume that an attacer obtans s smart card or extracts nformaton of s smart card But an attacer cannot compute the logn request message because of wthout nowng ID and PW Also an attacer cannot obtan ID and PW through the extracted nformaton The reason cannot obtan ID and PW from the extracted nformaton by the nature of a one-way hash functon utual Authentcaton: The user can authentcate the server by checng 6 and the server can authentcate the user by checng 7 opyrght c 0 ER
Internatonal Journal of u- and e- ervce, cence and Technology Vol8, o 7 0) Table ecurty Analyss of the ompared chemes Proposed scheme Hsang, et al [7] Lee, et al [8] L, et al [9] Known-ey secrecy Yes Yes Yes Yes Forward secrecy Yes Yes Yes Yes Replay attac Yes Yes Yes o Forgery attac Yes o o o erver spoofng attac and regstraton center Yes o o Yes spoofng attac tolen smart card attac Yes Yes Yes Yes utual authentcaton Yes o o Yes Performance Analyss Table compares the performance of exstng schemes wth our proposed scheme Fgure show the measured results for users performng the logn and verfcaton phase As shown n Fgure, our proposed scheme ncurs less computatonal tme than Hsang, et als scheme and ncurs lttle more computatonal tme as Lee, et als scheme and L, et als scheme However our scheme s more secure aganst varous attacs Table Performance Analyss of the ompared chemes cheme Proposed Hsang, et al Lee, et al L, et al scheme [7] [8] [9] Regstraton ser Th)+T ) Th)+T ) Th)+T ) Th)+T ) Phase R 6TT)+T ) TT)+T ) 6TT)+T ) 6TT)+T ) Logn & ser Th)+7T ) 0Th)+7T ) 0Th)+T ) 9Th)+6T ) Verfcaton erver 8Th)+8T ) 9Th)+6T ) 8Th)+T ) 7Th)+6T ) Phase R Th)+6T ) Total 7Th)+8T ) 8Th)+T ) Th)+8T ) Th)+T ) Fgure Analyss of Tme Accordng To umber of sers opyrght c 0 ER
Internatonal Journal of u- and e- ervce, cence and Technology Vol8, o 7 0) onclusons In ths paper, we examned the securty vulnerabltes of L, et al s scheme and proposed a securty enhanced dynamc ID based remote user authentcaton scheme for mult-server envronments Our scheme provdes mutual authentcaton and ey establshment between user and server In addton, our scheme has been proved that securty to varous attacs Although our scheme ncurs a lttle more computatonal costs than Lee, et als scheme and L, et als scheme, t s more secure aganst varous attacs than Lee, et als scheme and L, et als scheme Acnowledgments Ths wor was supported by the atonal Research Foundaton of Korea RF) grant funded by the Korea government IP) o RF-0RAAA0088) References [] W Tsaur, A Flexble ser Authentcaton cheme for ult-server Internet ervces, Lecture otes n omputer cence, vol 09, 00), pp 7-8 [] L L, I Ln and Hwang, A remote password authentcaton scheme for multserver archtecture usng neural networs, IEEE Transactons on eural etwors, vol, no 6, 00), pp 98-0 [] I Ln, Hwang and L L, A remote user authentcaton scheme for mult-server archtecture, Future Generaton omputer ystems, vol 9, no, 00), pp - [] W Juang, Effcent mult-server password authentcated ey agreement usng smart cards, IEEE Transactons on onsumer Electroncs, vol 0, no, 00), pp - [] hang and J Lee, An effcent and secure mult-server password authentcaton scheme usng smart cards, Proc Internatonal onference on yberworlds, 00), pp 7- [6] Y Lao and Wang, A secure dynamc ID based remote user authentcaton scheme for mult-server envronment, omputer tandards & Interfaces, vol, no, 009), pp -9 [7] H Hsang and W hh, Improvement of the secure dynamc ID based remote user authentcaton scheme for mult-server envronment, omputer tandards & Interfaces, vol, no 6, 009), pp 8- [8] Lee, T Ln and R hang, A secure dynamc ID based remote user authentcaton scheme for multserver envronment usng smart cards, Expert ystems wth Applcatons, vol 8, no, 0), pp 86-870 [9] X L, J a, W Wang, Y Xong and J Zhang, A novel smart card and dynamc ID based remote user authentcaton scheme for mult-server envronments, athematcal and omputer odellng, vol 8, no -, 0), pp 8-9 [0] Lee, Y La and L, An Improved ecure Dynamc ID Based Remote ser Authentcaton cheme for ult-erver Envronment, IJIA, vol 6, no, 0), pp 0-09 [] L, Weng and Fan, Two-Factor ser Authentcaton n ult-erver etwors, IJIA, vol 6, no, 0), pp 6-67 [] L, Lee, H e and Yang, A Password and mart ard Based ser Authentcaton echansm for ult-erver Envronments, IJFG, vol, no, 0), pp -6 6 opyrght c 0 ER