Further Security Enhancement for Optimal Strong-Password Authentication Protocol電子商務與數位生活研討會1OutlinenIntroductionnReview of Ku-Chen scheme nThe problem of Ku-Chen scheme nThe proposed scheme nSecurity Analysis nConclusions 電子商務與數位生活研討會2IntroductionnIn 2000, Sandirigama et al. proposed SAS scheme lowered storage, processing, and transmission overheads.nIn 2001, Lin, Sun, and Hwang proposed an enhanced password authentication scheme, called the OSPA.電子商務與數位生活研討會3IntroductionnIn 2002,OSPA protocol has been shown vulnerable to the stolen-verifier attack and the impersonation attack. nIn 2003, Ku and Chen proposed a new improved version for the OSPA protocolnIn this paper, an improved scheme with mutual authentication is proposed.電子商務與數位生活研討會4Review of Ku-Chen schemenNotation:h(.) : collision-resistant hash functionT : login timesk : long-term secret key : exclusive-or operation電子商務與數位生活研討會5Review of Ku-Chen schemenRegistration phase nAuthentication phase 電子商務與數位生活研討會6ID, h2(PW 1)Chooses his identity ID and password PW and computes h2(PW 1) Calculates verifier v1=h2(PW 1)h(ID k)Store ID, v1,T=1 into the verification table電子商務與數位生活研討會7ID, service requestT=i c1=h(PW i)h2(PW i)c2=h2(PW (i +1)h(PW i)c3=h(h3(PW (i +1)T)Find i from verification table by the ID電子商務與數位生活研討會8Check c1, c2c1,c2,c3Get h2(PW i) by vi h(ID k)y1=c1h2(PW i)=h(PW i) y2=c2y1=h2(PW (i +1) Check if h(y1)=h2(PW i) h(h(y2) T)=c3vi+1=h2(PW (i +1)h(IDk) Store ID ,T=i+1, and vi+1電子商務與數位生活研討會9The problem of Ku-Chen schemenThe user is authenticated by the remote server.nBut, remote server is not authenticated by the user (Server impersonation attack ).電子商務與數位生活研討會10The proposed schemenRegistration phase nAuthentication phase 電子商務與數位生活研討會11ID, h2(PW 1) Chooses his identity ID and password PW and computes h2(PW 1) Calculates verifier v1=h2(PW 1) h(ID k)Store ID, v1 into the verification table電子商務與數位生活研討會12ID, r h2(PW i)h(r)h2(PW i)Check rc1=h(PW i)h2(PW i)c2=h2(PW (i +1) h(PW i)c3=h(h3(PW (i +1)T)choose r randomly and compute r h2(PW i)Get h2(PW i) by vi h(ID k) r =(r h2(PW i) h2(PW i)電子商務與數位生活研討會13Check c1, c2c1,c2,c3y1=c1h2(PW i)=h(PW i) y2=c2y1=h2(PW (i +1)Check if h(y1)=h2(PW i) h(h(y2)T)=c3vi+1=h2(PW (i +1)h(IDk) Store ID and vi+1電子商務與數位生活研討會14Security Analysis nPassword guess attacknImpersonation attacknStolen-verifier attacknServer impersonation attack 電子商務與數位生活研討會15Conclusions nWe point out the possible server impersonation problem in the Ku- Chen scheme and propose an enhanced version.nThe proposed concept of security enhancement is also suitable for the other SAS-like schemes.電子商務與數位生活研討會16THE END電子商務與數位生活研討會17