Further Security Enhancement for Optimal Strong-Password Authentication Protocol,Tzung-Her Chen, Gwoboa Horng, Wei-Bin Lee ,Kuang-Long Lin 3/27/2004,電子商務與數位生活研討會,1,Outline,Introduction Review of Ku-Chen scheme The problem of Ku-Chen scheme The proposed scheme Security Analysis Conclusions,電子商務與數位生活研討會,2,Introduction,In 2000, Sandirigama et al. proposed SAS scheme lowered storage, processing, and transmission overheads. In 2001, Lin, Sun, and Hwang proposed an enhanced password authentication scheme, called the OSPA.,電子商務與數位生活研討會,3,Introduction,In 2002,OSPA protocol has been shown vulnerable to the stolen-verifier attack and the impersonation attack. In 2003, Ku and Chen proposed a new improved version for the OSPA protocol In this paper, an improved scheme with mutual authentication is proposed.,電子商務與數位生活研討會,4,Review of Ku-Chen scheme,Notation: h(.) : collision-resistant hash function T : login times k : long-term secret key : exclusive-or operation,電子商務與數位生活研討會,5,Review of Ku-Chen scheme,Registration phase Authentication phase,電子商務與數位生活研討會,6,ID, h2(PW 1),Chooses his identity ID and password PW and computes h2(PW 1),Calculates verifier v1=h2(PW 1)h(ID k),Store ID, v1,T=1 into the verification table,電子商務與數位生活研討會,7,ID, service request,T=i,c1=h(PW i)h2(PW i) c2=h2(PW (i +1)h(PW i) c3=h(h3(PW (i +1)T),Find i from verification table by the ID,電子商務與數位生活研討會,8,Check c1, c2,c1,c2,c3,Get h2(PW i) by vi h(ID k),y1=c1h2(PW i)=h(PW i) y2=c2y1=h2(PW (i +1),Check if h(y1)=h2(PW i) h(h(y2) T)=c3,vi+1=h2(PW (i +1)h(IDk) Store ID ,T=i+1, and vi+1,電子商務與數位生活研討會,9,The problem of Ku-Chen scheme,The user is authenticated by the remote server. But, remote server is not authenticated by the user (Server impersonation attack ).,電子商務與數位生活研討會,10,The proposed scheme,Registration phase Authentication phase,電子商務與數位生活研討會,11,ID, h2(PW 1),Chooses his identity ID and password PW and computes h2(PW 1),Calculates verifier v1=h2(PW 1) h(ID k),Store ID, v1 into the verification table,電子商務與數位生活研討會,12,ID, r h2(PW i),h(r)h2(PW i),Check r c1=h(PW i)h2(PW i) c2=h2(PW (i +1) h(PW i) c3=h(h3(PW (i +1)T),choose r randomly and compute r h2(PW i),Get h2(PW i) by vi h(ID k),r =(r h2(PW i) h2(PW i),電子商務與數位生活研討會,13,Check c1, c2,c1,c2,c3,y1=c1h2(PW i)=h(PW i) y2=c2y1=h2(PW (i +1),Check if h(y1)=h2(PW i) h(h(y2)T)=c3,vi+1=h2(PW (i +1)h(IDk) Store ID and vi+1,電子商務與數位生活研討會,14,Security Analysis,Password guess attack Impersonation attack Stolen-verifier attack Server impersonation attack,電子商務與數位生活研討會,15,Conclusions,We point out the possible server impersonation problem in the Ku-Chen scheme and propose an enhanced version. The proposed concept of security enhancement is also suitable for the other SAS-like schemes.,電子商務與數位生活研討會,16,THE END,電子商務與數位生活研討會,17,