an improved low computational cost user authentication scheme for mobile communication[1]
TRANSCRIPT
-
8/7/2019 An Improved Low Computational Cost User Authentication Scheme for Mobile Communication[1].
1/4
An Improved Low Computation Cost User Authentication Scheme for Mobile
Communication
Chia-Yin Lee*, Chu-Hsing Lin**, and Chin-Chen Chang*
*Department of Computer Science and Information Engineering,National Chung Cheng University, 621 Chiayi, Taiwan
{licy, ccc}@cs.ccu.edu.tw
**Department of Computer Science and Information Engineering,Tunghai University, 407 Taichung, Taiwan
Abstract
Most of existing user authentication schemes require
high computation cost of exponentiation operations for
the purpose of security. However, it is not suitable for
mobile devices. In this article, we propose a low
computation cost user authentication scheme for
mobile communication. Our scheme uses only
one-way hash functions and smart cards and can be
implemented efficiently. The proposed scheme not
only resolves the weakness appeared in existing
methods but also suits for mobile communication.
1. Introduction
User authentication is an important topic forcommunication security and there are many schemesexisted for the purpose in the literatures. In 1981,Lamport [1] proposed a user authentication scheme forcommunication in insecure channel. His schemecould resist against replaying attacks; however, it needsa password table for the verification step. Later,several ID-based authentication schemes [2]-[5] have
been proposed to avoid this kind of drawback. One ofthe characteristics that passwords are assigned to theregistered users by the server is a commondisadvantage in most of the existing user authentication
schemes. In 2003, Wu and Chieu [6] proposed a userauthentication scheme with smart cards to improve thedisadvantage. Their scheme lets users be able tochoose and change their passwords freely. However,Yang and Wang [7] have pointed out the schemesuffers from the forgery attack in 2004. Besides, their
Figure 1. User authentication architecture
scheme requires costly exponentiation computation andthus it is not suitable for mobile devices [8], [9] withlow computation capability. In this article, we
propose an improved low cost user authenticationscheme for mobile devices, shown in Figure 1, whichcan solve these problems and spend low computationalcost.
2. A Review of Related Work
In 2003, Wu and Chieu proposed a scheme withsmart cards for user authentication. Their schemeconsists of three phases: the registration phase, thelogin phase, and the authentication phase.
Proceedings of the 19th International Conference on Advanced Information Networking and Applications (AINA05)550-445X/05 $20.00 2005 IEEE
-
8/7/2019 An Improved Low Computational Cost User Authentication Scheme for Mobile Communication[1].
2/4
In the first phase, the user submits his/her
identity and a chosen password to the
server for registration. On receiving the registrationrequest, the server performs the following steps:
iU
iID iPW
1) Compute , where)||( xIDhA ii x is theservers secret key and is a collisionresistant one-way hash function.
)(h
2) Compute , wherepgB ii PWhAi mod)(
g is a public primitive element in and isa large prime number.
)(pGF p
3) The server issues each user iU a smart card,which contains s personal information
.iU
},),(,,,{ gphBAID iii
In the login phase, the user inserts his/her smart
card into the card reader and keys in his/her identity
with the corresponding password , and
then the smart card performs the following operations:
iU
iID*
iPW
1) Compute , and
(
pgB iiPWhA
i mod)(* *
)(1 iBThC T is the timestamp which
includes current date and time).
2) Send the message to
the server.
},,,{ 1*
TCBIDm ii
In the authentication phase, the server authenticatesthe user with the following steps:
1) Test the validity of , if the format of is
not correct, the server rejects the login request.iID iID
2) Test the timestamp T with 'T (current date
and time). If the time interval ,
where
TTT )( '
T denotes the expected valid timeinterval for transmission delay, then the serverrejects the login request.
3) Compute and check whether
or not. If they are equal, it means that the
password is equal to . Then the system
accepts the login request. Otherwise, it rejects thelogin request.
)( **1 iBThC
1
?*1 CC
*iPW iPW
The security of their scheme was based on thediscrete logarithm problem (DLP) and the one-wayhash function. Now, we demonstrate how the
possible attacks can be succeeded. And thus anintruder can pass the authentication phase by amodified login-message to masquerade a legal user.
2.1 The Forgery Attack
An intruder can collect the login message
, from that he (or she) can
obtain the correct value of since for a
legal user in the login phase. After that, the intrudercan forge the verifiable value by computing
},,,{ 1*
TCBIDm ii
iB ii BB *
eC1
)(1 iee BThC , where is the update timestamp.
Therefore, the intruder can send the message
to the server. We can see
that, with this , he (or she) will pass through the
verification phase and then masquerade successfullythe legal user .
eT
},1 ee T,,{*iie CBIDm
em
iU
From the above analysis, we know that Wu-Chieu
scheme suffers from the forgery attack. Besides, theirscheme uses two times of exponential computation inthe registration phase and the login phase. It meansthat the system might not be efficient for mobiledevices with low computation capability. Due to theabove reasons, we propose a more efficient scheme,which is not only against the possible attacks but alsocan reduce the computation cost. We describe the
proposed scheme in the next section.
3. The Proposed User Authentication
Scheme
We propose an improved low computation cost userauthentication scheme for mobile communication.We show it in Figure 2. The proposed scheme is alsodivided into three phases: the registration phase, thelogin phase, and the authentication phase. Besides,the notations of the scheme are the same as those inWu-Chieu scheme.
In the registration phase, the user submits
his/her identity and a chosen password to
the server. According to the submitted values
and , the server performs the following steps:
iU
iID iPW
iID
iPW
1) Use the servers private key x to obtainby computing
iA)||( xIDhA ii , where )(h is a
one-way hash function with an output sized 512bits, e.g. SHA-512 [10].
2) Compute ))(||( iii PWhAhB .
3) The server issues a smart card with the secure
Proceedings of the 19th International Conference on Advanced Information Networking and Applications (AINA05)550-445X/05 $20.00 2005 IEEE
-
8/7/2019 An Improved Low Computational Cost User Authentication Scheme for Mobile Communication[1].
3/4
User Ui Server}{
ii PWID
)}(,,,{withcardsmartaissue hBAID iii
},,,{ 12 TCCIDm i
Througha secure channel
),||( xIDhA ii
)).(||(iii PWhAhB
)),(||( ** iii PWhAhB
,*2 ii ABC
).(1 iBThC
,inKey *i
PW
,)(Check?
TTT
),||( xIDhA ii
,2*
iiACB
),( **1 iBThC
.Verify 1?
*1 CC
Figure 2. The proposed authentication scheme
information , and deliversit to the user through a secure channel.
)}(,,,{ hBAID iii
In the login phase, a user inserts his/her smart
card into the card reader and enters his/her identity
with the corresponding password . The
smart card will perform the following operations:
iU
iID*
iPW
1) It first obtains by computing
, and computes
, .
*iB
))(||( ** iii PWhAhB
ii ABC *
2 )(1 iBThC
2) Send a message to the
server.
},,,{ 12 TCCIDm i
In the authentication phase, the server first checksthe format of to make sure whether it is valid.
Then, the server authenticates the user with thefollowing steps:
iID
1) Verify the timestamp T with the current date
and time 'T . If , whereTTT ' )( T
denotes the expected valid time interval fortransmission delay, then the server rejects thelogin request.
2) Compute and obtain by
computing .
)||( xIDhA ii *iB
ii ACB 2*
3) Compute and check whether
or not. If they are equal, it means that
the password is equal to . Then
the system accepts the login request. Otherwise,it rejects the login request.
)( **1 iBThC
1
?*1 CC
*iPW iPW
4. Security Analysis
The proposed scheme can resist against not only allthe attacks described in Wu-Chieu scheme but also the
possible attacks by modifying the login message .We will analyze it as follows.
m
1) It is hard to derive the servers secret key xfrom the hash value of , by
using the security characteristic of the one-wayhash function (e.g. SHA-512).
)||( xIDhA ii
2) It is also difficult to guess a legal users password from the equation
, the reason is the same as
the above statement 1).
iPW
))(||( ** iii PWhAhB
3) Replaying attacks (An intruder might replay anold login message to
the server) cannot work because it will makeStep1 of the authentication phase fail.
},,,{ 12 TCCIDm i
4) No one can compute a valid )(1 iBThC ,
because it must be derived from and .
However, and cannot be obtained if
the servers secret key
iPW iA
iPW iA
x is unknown.5) An intruder might collect the legal login message
},,,{ 12 TCCIDm i and try to modify it into
},,,{ 12 eeie TCCIDm (where is the
current date and time). In this case, he (or she)has to compute a correct value of
eT
)(1 iee BThC . However, the parameter
cannot be obtained from because
the value of is unknown.
*ii BB 2C
iA
6) An intruder might forge the message},,,{ 12 eeeie TCCIDm , where 02 eC . In
this case, due to the parameter
, he (or she) has to compute
the verifiable value such that
. However, he
(or she) cannot obtain the correct value of
because the parameter is unknown.
iiei AACB )( 2*
eC1
)()( *1 ieiee AThBThC
eC1
iA
7) Since and are the message digests of
SHA-512 (i.e. 512 bits in length), the probability
of guessing correct values of and from
is less than
*
i
Bi
A
*iB iA
2C 512512 2
1
2
1 . It is difficult to
obtain the correct values of and by just
knowing .
*iB iA
2C
Proceedings of the 19th International Conference on Advanced Information Networking and Applications (AINA05)550-445X/05 $20.00 2005 IEEE
-
8/7/2019 An Improved Low Computational Cost User Authentication Scheme for Mobile Communication[1].
4/4
Table 1. Efficiency comparison of our scheme andWu-Chieus
Phases Wu-Chieu scheme Our scheme
Registrationphase
HMULEXP TTT 211 HT3
Login phase
XOR
HMULEXP
T
TTT
1
211
XORH TT 23
Authenticationphase
XORH TT 11 XORH TT 22
Total cost
XOR
HMULEXP
T
TTT
2
522
XORH TT 48
5. Cost Comparisons
In this section, we compare the computational costof the three phases (registration, login andauthentication) for our scheme with Wu-Chieus. Wedefine some notations as follow.
EXPT : the modular exponential computation.
HT : the one-way hash function .)(h
MULT : the multiplication computation.
XORT : the exclusive-or .)(
The comparative results are shown in Table 1. Weknow that a modular exponential computation is muchmore time consuming than a one-way hash function.
Besides, the exclusive-or operations can be performed very efficiently. From Table 1, ourproposed scheme requires only one-way hash functionsand exclusive-or operations that can be implementedefficiently.
)(
6. Conclusions
In this article, we have shown the drawbacks of theWu-Chieu scheme and then propose a novel scheme tosolve the problems. We also analyze the security andcomputation cost required for the proposed scheme.From Table 1, we can see that our scheme is muchmore efficient than Wu-Chieu scheme since it usesonly low-cost functions and thus can be executed veryefficiently. In a word, our scheme can be easilyimplemented on a mobile device with low computationcapability.
Reference
[1] L. Lamport, Password authentication with insecurecommunication, Communications of the ACM, Vol. 24,
1981, pp. 770-772.
[2] T. C. Wu, Remote login authentication scheme based ona geometric approach, Computer Communications, Vol. 18,
No. 12, 1995, pp. 959-963.
[3] M. S. Hwang, A remote password authentication schemebased on the digital signature method, International Journalof Computer Mathematics, Vol. 70, 1999, pp.657-666.
[4] M. S. Hwang and L. H. Li, A new remote userauthentication scheme using smart cards, IEEE Transactionson Consumer Electronics, Vol. 46, No. 1, 2000, pp. 28-30.
[5] H. M. Sun, An efficient remote use authenticationscheme using smart cards, IEEE Transactions on ConsumerElectronics, Vol. 46, No. 4, 2000, pp.958-961.
[6] S. T. Wu and B. C. Chieu, A user friendly remoteauthentication scheme with smart cards, Computers &Security, Vol. 22, Issue 6, 2003, pp. 547-550.
[7] C. C. Yang and R. C. Wang, Cryptanalysis of a userfriendly remote authentication scheme with smart cards,Computers & Security, Vol. 23, Issue 5, 2004, pp. 425-427.
[8] M. J. Beller, L. F. Chang, and Y. Yacobi, Privacy andauthentication on a portable communications system, IEEEJournal on Selected Areas in Communications, Vol. 11, 1993,
pp. 821-829.
[9] D. Brown, Techniques for privacy and authentication in personal communication system, IEEE PersonalCommunications, Vol. 2, 1995, pp. 6-10.
[10] NIST, U.S. Department of Commerce, Secure hashstandard, August 2002, U.S. Federal Information ProcessingStandard (FIPS) 180-2.
Proceedings of the 19th International Conference on Advanced Information Networking and Applications (AINA05)550-445X/05 $20.00 2005 IEEE