an improved low computational cost user authentication scheme for mobile communication[1]

8/7/2019 An Improved Low Computational Cost User Authentication Scheme for Mobile Communication[1].

1/4

An Improved Low Computation Cost User Authentication Scheme for Mobile

Communication

Chia-Yin Lee*, Chu-Hsing Lin**, and Chin-Chen Chang*

*Department of Computer Science and Information Engineering,National Chung Cheng University, 621 Chiayi, Taiwan

{licy, ccc}@cs.ccu.edu.tw

**Department of Computer Science and Information Engineering,Tunghai University, 407 Taichung, Taiwan

[email protected]

Abstract

Most of existing user authentication schemes require

high computation cost of exponentiation operations for

the purpose of security. However, it is not suitable for

mobile devices. In this article, we propose a low

computation cost user authentication scheme for

mobile communication. Our scheme uses only

one-way hash functions and smart cards and can be

implemented efficiently. The proposed scheme not

only resolves the weakness appeared in existing

methods but also suits for mobile communication.

1. Introduction

User authentication is an important topic forcommunication security and there are many schemesexisted for the purpose in the literatures. In 1981,Lamport [1] proposed a user authentication scheme forcommunication in insecure channel. His schemecould resist against replaying attacks; however, it needsa password table for the verification step. Later,several ID-based authentication schemes [2]-[5] have

been proposed to avoid this kind of drawback. One ofthe characteristics that passwords are assigned to theregistered users by the server is a commondisadvantage in most of the existing user authentication

schemes. In 2003, Wu and Chieu [6] proposed a userauthentication scheme with smart cards to improve thedisadvantage. Their scheme lets users be able tochoose and change their passwords freely. However,Yang and Wang [7] have pointed out the schemesuffers from the forgery attack in 2004. Besides, their

Figure 1. User authentication architecture

scheme requires costly exponentiation computation andthus it is not suitable for mobile devices [8], [9] withlow computation capability. In this article, we

propose an improved low cost user authenticationscheme for mobile devices, shown in Figure 1, whichcan solve these problems and spend low computationalcost.

2. A Review of Related Work

In 2003, Wu and Chieu proposed a scheme withsmart cards for user authentication. Their schemeconsists of three phases: the registration phase, thelogin phase, and the authentication phase.

Proceedings of the 19th International Conference on Advanced Information Networking and Applications (AINA05)550-445X/05 $20.00 2005 IEEE


2/4

In the first phase, the user submits his/her

identity and a chosen password to the

server for registration. On receiving the registrationrequest, the server performs the following steps:

iU

iID iPW

1) Compute , where)||( xIDhA ii x is theservers secret key and is a collisionresistant one-way hash function.

)(h

2) Compute , wherepgB ii PWhAi mod)(

g is a public primitive element in and isa large prime number.

)(pGF p

3) The server issues each user iU a smart card,which contains s personal information

.iU

},),(,,,{ gphBAID iii

In the login phase, the user inserts his/her smart

card into the card reader and keys in his/her identity

with the corresponding password , and

then the smart card performs the following operations:

iU

iID*

iPW

1) Compute , and

(

pgB iiPWhA

i mod)(* *

)(1 iBThC T is the timestamp which

includes current date and time).

2) Send the message to

the server.

},,,{ 1*

TCBIDm ii

In the authentication phase, the server authenticatesthe user with the following steps:

1) Test the validity of , if the format of is

not correct, the server rejects the login request.iID iID

2) Test the timestamp T with 'T (current date

and time). If the time interval ,

where

TTT )( '

T denotes the expected valid timeinterval for transmission delay, then the serverrejects the login request.

3) Compute and check whether

or not. If they are equal, it means that the

password is equal to . Then the system

accepts the login request. Otherwise, it rejects thelogin request.

)( **1 iBThC

1

?*1 CC

*iPW iPW

The security of their scheme was based on thediscrete logarithm problem (DLP) and the one-wayhash function. Now, we demonstrate how the

possible attacks can be succeeded. And thus anintruder can pass the authentication phase by amodified login-message to masquerade a legal user.

2.1 The Forgery Attack

An intruder can collect the login message

, from that he (or she) can

obtain the correct value of since for a

legal user in the login phase. After that, the intrudercan forge the verifiable value by computing

},,,{ 1*

TCBIDm ii

iB ii BB *

eC1

)(1 iee BThC , where is the update timestamp.

Therefore, the intruder can send the message

to the server. We can see

that, with this , he (or she) will pass through the

verification phase and then masquerade successfullythe legal user .

eT

},1 ee T,,{*iie CBIDm

em

iU

From the above analysis, we know that Wu-Chieu

scheme suffers from the forgery attack. Besides, theirscheme uses two times of exponential computation inthe registration phase and the login phase. It meansthat the system might not be efficient for mobiledevices with low computation capability. Due to theabove reasons, we propose a more efficient scheme,which is not only against the possible attacks but alsocan reduce the computation cost. We describe the

proposed scheme in the next section.

3. The Proposed User Authentication

Scheme

We propose an improved low computation cost userauthentication scheme for mobile communication.We show it in Figure 2. The proposed scheme is alsodivided into three phases: the registration phase, thelogin phase, and the authentication phase. Besides,the notations of the scheme are the same as those inWu-Chieu scheme.

In the registration phase, the user submits

his/her identity and a chosen password to

the server. According to the submitted values

and , the server performs the following steps:

iU

iID iPW

iID

iPW

1) Use the servers private key x to obtainby computing

iA)||( xIDhA ii , where )(h is a

one-way hash function with an output sized 512bits, e.g. SHA-512 [10].

2) Compute ))(||( iii PWhAhB .

3) The server issues a smart card with the secure



3/4

User Ui Server}{

ii PWID

)}(,,,{withcardsmartaissue hBAID iii

},,,{ 12 TCCIDm i

Througha secure channel

),||( xIDhA ii

)).(||(iii PWhAhB

)),(||( ** iii PWhAhB

,*2 ii ABC

).(1 iBThC

,inKey *i

PW

,)(Check?

TTT

),||( xIDhA ii

,2*

iiACB

),( **1 iBThC

.Verify 1?

*1 CC

Figure 2. The proposed authentication scheme

information , and deliversit to the user through a secure channel.

)}(,,,{ hBAID iii

In the login phase, a user inserts his/her smart

card into the card reader and enters his/her identity

with the corresponding password . The

smart card will perform the following operations:

iU

iID*

iPW

1) It first obtains by computing

, and computes

, .

*iB

))(||( ** iii PWhAhB

ii ABC *

2 )(1 iBThC

2) Send a message to the

server.

},,,{ 12 TCCIDm i

In the authentication phase, the server first checksthe format of to make sure whether it is valid.

Then, the server authenticates the user with thefollowing steps:

iID

1) Verify the timestamp T with the current date

and time 'T . If , whereTTT ' )( T

denotes the expected valid time interval fortransmission delay, then the server rejects thelogin request.

2) Compute and obtain by

computing .

)||( xIDhA ii *iB

ii ACB 2*

3) Compute and check whether

or not. If they are equal, it means that

the password is equal to . Then

the system accepts the login request. Otherwise,it rejects the login request.

)( **1 iBThC

1

?*1 CC

*iPW iPW

4. Security Analysis

The proposed scheme can resist against not only allthe attacks described in Wu-Chieu scheme but also the

possible attacks by modifying the login message .We will analyze it as follows.

m

1) It is hard to derive the servers secret key xfrom the hash value of , by

using the security characteristic of the one-wayhash function (e.g. SHA-512).

)||( xIDhA ii

2) It is also difficult to guess a legal users password from the equation

, the reason is the same as

the above statement 1).

iPW

))(||( ** iii PWhAhB

3) Replaying attacks (An intruder might replay anold login message to

the server) cannot work because it will makeStep1 of the authentication phase fail.

},,,{ 12 TCCIDm i

4) No one can compute a valid )(1 iBThC ,

because it must be derived from and .

However, and cannot be obtained if

the servers secret key

iPW iA

iPW iA

x is unknown.5) An intruder might collect the legal login message

},,,{ 12 TCCIDm i and try to modify it into

},,,{ 12 eeie TCCIDm (where is the

current date and time). In this case, he (or she)has to compute a correct value of

eT

)(1 iee BThC . However, the parameter

cannot be obtained from because

the value of is unknown.

*ii BB 2C

iA

6) An intruder might forge the message},,,{ 12 eeeie TCCIDm , where 02 eC . In

this case, due to the parameter

, he (or she) has to compute

the verifiable value such that

. However, he

(or she) cannot obtain the correct value of

because the parameter is unknown.

iiei AACB )( 2*

eC1

)()( *1 ieiee AThBThC

eC1

iA

7) Since and are the message digests of

SHA-512 (i.e. 512 bits in length), the probability

of guessing correct values of and from

is less than

*

i

Bi

A

*iB iA

2C 512512 2

1

2

1 . It is difficult to

obtain the correct values of and by just

knowing .

*iB iA

2C



4/4

Table 1. Efficiency comparison of our scheme andWu-Chieus

Phases Wu-Chieu scheme Our scheme

Registrationphase

HMULEXP TTT 211 HT3

Login phase

XOR

HMULEXP

T

TTT

1

211

XORH TT 23

Authenticationphase

XORH TT 11 XORH TT 22

Total cost

XOR

HMULEXP

T

TTT

2

522

XORH TT 48

5. Cost Comparisons

In this section, we compare the computational costof the three phases (registration, login andauthentication) for our scheme with Wu-Chieus. Wedefine some notations as follow.

EXPT : the modular exponential computation.

HT : the one-way hash function .)(h

MULT : the multiplication computation.

XORT : the exclusive-or .)(

The comparative results are shown in Table 1. Weknow that a modular exponential computation is muchmore time consuming than a one-way hash function.

Besides, the exclusive-or operations can be performed very efficiently. From Table 1, ourproposed scheme requires only one-way hash functionsand exclusive-or operations that can be implementedefficiently.

)(

6. Conclusions

In this article, we have shown the drawbacks of theWu-Chieu scheme and then propose a novel scheme tosolve the problems. We also analyze the security andcomputation cost required for the proposed scheme.From Table 1, we can see that our scheme is muchmore efficient than Wu-Chieu scheme since it usesonly low-cost functions and thus can be executed veryefficiently. In a word, our scheme can be easilyimplemented on a mobile device with low computationcapability.

Reference

[1] L. Lamport, Password authentication with insecurecommunication, Communications of the ACM, Vol. 24,

1981, pp. 770-772.

[2] T. C. Wu, Remote login authentication scheme based ona geometric approach, Computer Communications, Vol. 18,

No. 12, 1995, pp. 959-963.

[3] M. S. Hwang, A remote password authentication schemebased on the digital signature method, International Journalof Computer Mathematics, Vol. 70, 1999, pp.657-666.

[4] M. S. Hwang and L. H. Li, A new remote userauthentication scheme using smart cards, IEEE Transactionson Consumer Electronics, Vol. 46, No. 1, 2000, pp. 28-30.

[5] H. M. Sun, An efficient remote use authenticationscheme using smart cards, IEEE Transactions on ConsumerElectronics, Vol. 46, No. 4, 2000, pp.958-961.

[6] S. T. Wu and B. C. Chieu, A user friendly remoteauthentication scheme with smart cards, Computers &Security, Vol. 22, Issue 6, 2003, pp. 547-550.

[7] C. C. Yang and R. C. Wang, Cryptanalysis of a userfriendly remote authentication scheme with smart cards,Computers & Security, Vol. 23, Issue 5, 2004, pp. 425-427.

[8] M. J. Beller, L. F. Chang, and Y. Yacobi, Privacy andauthentication on a portable communications system, IEEEJournal on Selected Areas in Communications, Vol. 11, 1993,

pp. 821-829.

[9] D. Brown, Techniques for privacy and authentication in personal communication system, IEEE PersonalCommunications, Vol. 2, 1995, pp. 6-10.

[10] NIST, U.S. Department of Commerce, Secure hashstandard, August 2002, U.S. Federal Information ProcessingStandard (FIPS) 180-2.


an improved low computational cost user authentication scheme for mobile communication[1]

Documents