电子商务与数位生活研讨会--★【汉魅】.ppt

FurtherSecurityEnhancementforOptimalStrong PasswordAuthenticationProtocol Tzung HerChen GwoboaHorng Wei BinLee Kuang LongLin3 27 2004 Outline IntroductionReviewofKu ChenschemeTheproblemofKu ChenschemeTheproposedschemeSecurityAnalysisConclusions Introduction In2000 Sandirigamaetal proposedSASschemeloweredstorage processing andtransmissionoverheads In2001 Lin Sun andHwangproposedanenhancedpasswordauthenticationscheme calledtheOSPA Introduction In2002 OSPAprotocolhasbeenshownvulnerabletothestolen verifierattackandtheimpersonationattack In2003 KuandChenproposedanewimprovedversionfortheOSPAprotocolInthispaper animprovedschemewithmutualauthenticationisproposed ReviewofKu Chenscheme Notation h collision resistanthashfunctionT logintimesk long termsecretkey exclusive oroperation ReviewofKu Chenscheme RegistrationphaseAuthenticationphase ID h2 PW 1 ChooseshisidentityIDandpasswordPWandcomputesh2 PW 1 Calculatesverifierv1 h2 PW 1 h ID k Store ID v1 T 1 intotheverificationtable ID servicerequest T i c1 h PW i h2 PW i c2 h2 PW i 1 h PW i c3 h h3 PW i 1 T FindifromverificationtablebytheID Checkc1 c2 c1 c2 c3 Geth2 PW i byvi h ID k y1 c1 h2 PW i h PW i y2 c2 y1 h2 PW i 1 Checkifh y1 h2 PW i h h y2 T c3 vi 1 h2 PW i 1 h ID k StoreID T i 1 andvi 1 TheproblemofKu Chenscheme Theuserisauthenticatedbytheremoteserver But remoteserverisnotauthenticatedbytheuser Serverimpersonationattack Theproposedscheme RegistrationphaseAuthenticationphase ID h2 PW 1 ChooseshisidentityIDandpasswordPWandcomputesh2 PW 1 Calculatesverifierv1 h2 PW 1 h ID k Store ID v1 intotheverificationtable ID r h2 PW i h r h2 PW i Checkrc1 h PW i h2 PW i c2 h2 PW i 1 h PW i c3 h h3 PW i 1 T chooserrandomlyandcomputer h2 PW i Geth2 PW i byvi h ID k r r h2 PW i h2 PW i Checkc1 c2 c1 c2 c3 y1 c1 h2 PW i h PW i y2 c2 y1 h2 PW i 1 Checkifh y1 h2 PW i h h y2 T c3 vi 1 h2 PW i 1 h ID k StoreIDandvi 1 SecurityAnalysis PasswordguessattackImpersonationattackStolen verifierattackServerimpersonationattack Conclusions WepointoutthepossibleserverimpersonationproblemintheKu Chenschemeandpro