[lecture notes in electrical engineering] advances in computer science and its applications volume...

6
H.-Y. Jeong et al. (eds.), Advances in Computer Science and Its Applications, Lecture Notes in Electrical Engineering 279, 423 DOI: 10.1007/978-3-642-41674-3_60, © Springer-Verlag Berlin Heidelberg 2014 Cryptanalysis of Encrypted Remote User Authentication Scheme by Using Smart Card * Jongho Mun 1 , Jiye Kim 1 , Woongryul Jeon 1 , Youngsook Lee 2 , and Dongho Won 1,** 1 College of Information and Communication Engineering, Sungkyunkwan University, 300 Cheoncheon-dong, Jangan-gu, Suwon-si, Gyeonggi-do, 440-746, Korea {jhmoon,jykim,wrjeon,dhwon}@security.re.kr 2 Department of Cyber Investigation Police, Howon University, 727 Weolha-li, Impi-Myeon, Gunsan-si, Jeonrabuk-do, 573-718, Korea [email protected] Abstract. Remote user authentication scheme is one of the most convenient authentication schemes to deal with secret data over insecure channels. In 2012, Yassin et al. proposed encrypted remote user authentication scheme by using smart card. They claimed that their scheme is secure against various attacks. In this paper, we demonstrate that their scheme is insecure and vulnerable to outsider attack, smart card stolen attack, offline password guessing attack, and masquerade attack. Keywords: Smart card, Remote user authentication, Security. 1 Introduction Smart card-based authentication schemes are becoming day by day more popular. In the view of fact that several remote user authentication schemes using smart card [1][2][3][4][5][6][7] have been proposed. In 2004, Das et al. [8] proposed a dynamic identity based remote user authentication scheme using smart cards. However, their scheme is vulnerable to various attacks. In 2009, Wang et al. [9] presented a more secure dynamic ID-based remote user authentication scheme and demonstrated the weakness of Das et al.’s scheme such as impersonate attack and lack mutual authentication. However, Wang et al.’s scheme suffers from malicious attacks and has some feasible security risks. Recently, Yassin et al. [10] demonstrated that Wang et al.’s scheme is vulnerable to password guessing attack, DOS attack and server impersonate attack and proposed an enhancement of Wang et al.’s scheme. However, in this paper, we find that Yassin et al.’s scheme is vulnerable to outsider attack and smart card stolen attack. * This research was funded by the MSIP(Ministry of Science, ICT&Future Planning), Korea in the ICT R&D Program 2013. ** Corresponding author.

Upload: james-j

Post on 23-Dec-2016

212 views

Category:

Documents


0 download

TRANSCRIPT

H.-Y. Jeong et al. (eds.), Advances in Computer Science and Its Applications, Lecture Notes in Electrical Engineering 279,

423

DOI: 10.1007/978-3-642-41674-3_60, © Springer-Verlag Berlin Heidelberg 2014

Cryptanalysis of Encrypted Remote User Authentication Scheme by Using Smart Card*

Jongho Mun1, Jiye Kim1, Woongryul Jeon1, Youngsook Lee2, and Dongho Won1,**

1 College of Information and Communication Engineering, Sungkyunkwan University,

300 Cheoncheon-dong, Jangan-gu, Suwon-si, Gyeonggi-do, 440-746, Korea {jhmoon,jykim,wrjeon,dhwon}@security.re.kr 2 Department of Cyber Investigation Police, Howon University,

727 Weolha-li, Impi-Myeon, Gunsan-si, Jeonrabuk-do, 573-718, Korea [email protected]

Abstract. Remote user authentication scheme is one of the most convenient authentication schemes to deal with secret data over insecure channels. In 2012, Yassin et al. proposed encrypted remote user authentication scheme by using smart card. They claimed that their scheme is secure against various attacks. In this paper, we demonstrate that their scheme is insecure and vulnerable to outsider attack, smart card stolen attack, offline password guessing attack, and masquerade attack.

Keywords: Smart card, Remote user authentication, Security.

1 Introduction

Smart card-based authentication schemes are becoming day by day more popular. In the view of fact that several remote user authentication schemes using smart card [1][2][3][4][5][6][7] have been proposed. In 2004, Das et al. [8] proposed a dynamic identity based remote user authentication scheme using smart cards. However, their scheme is vulnerable to various attacks. In 2009, Wang et al. [9] presented a more secure dynamic ID-based remote user authentication scheme and demonstrated the weakness of Das et al.’s scheme such as impersonate attack and lack mutual authentication. However, Wang et al.’s scheme suffers from malicious attacks and has some feasible security risks.

Recently, Yassin et al. [10] demonstrated that Wang et al.’s scheme is vulnerable to password guessing attack, DOS attack and server impersonate attack and proposed an enhancement of Wang et al.’s scheme. However, in this paper, we find that Yassin et al.’s scheme is vulnerable to outsider attack and smart card stolen attack.

*

This research was funded by the MSIP(Ministry of Science, ICT&Future Planning), Korea in the ICT R&D Program 2013.

** Corresponding author.

424 J. Mun et al.

The rest of the paper is organized as follows: Section 2 briefly reviews Yassin et al.’s authentication scheme. Section 3 describes the weaknesses of Yassin et al.’s scheme. Finally, we conclude this paper in Section 4.

2 Review in Yassin et al.’s Scheme

This section reviews an encrypted remote user authentication scheme by using smart card proposed by Yassin et al. [10]. Yassin et al.’s scheme consists of four phase; registration phase, login phase, authentication phase and password change phase. The notations used in this scheme are summarized as Table 1.

Table 1. Notations used in this paper

Notation Description U A user S A remote server

ID, PW, SC U’s identity, password, and smart card

⊕ The bitwise XOR operation

|| String concatenation

S’s secret key, which is kept secret and only known by S h(.) A collision resistant one-way hash function

2.1 Registration Phase

In this phase, the user initially registers with the remote server S as follows: 1. ⇒ S : { , h( )}. User sends his selected identity and hashed

password to the remote server S over a secure channel. 2. S computes = h( )||h( )⊕ ) , = h( )⊕h( ), where

is a secret key kept by S in private. 3. S ⇒ : {SC}. S stores the secure information {h(.), , } into a new

smart card SC and sends a smart card to user over a secure channel.

Fig. 1. Registration phase

Cryptanalysis of Encrypted Remote User Authentication Scheme 425

2.2 Login Phase

When a user wants to login S, inserts his smart card into the card reader and inputs his password . The smart card fulfills the following steps:

1. Compute h( ) = ⊕h( ) and = h( )||h( ). 2. Generate a random number . Compute = h( ⊕ ), = ⊕ ⊕) , and = ) . 3. Calculate = ⊕h T⊕ ), there T is the current time stamp of the

input device. 4. Encrypt ( , T, , ) by using . 5. SC → S : { , , ( , T, , )}. Smart card sends login request

message M to the remote server.

Fig. 2. Login phase

2.3 Authentication Phase

After receiving login request message at time , S performs the following computations:

1. S computes = ⊕ , and decrypts ( , T, , ). 2. S checks the freshness of time stamp T. If -T≤ΔT contains, S persists the

next step. Otherwise, S rejects the session. 3. S compute = ⊕ h T ⊕ ) = h( )||h( ), checks whether ⊕ ) is equal to . If so, S accepts the user ’s login request. 4. S → : { ( , )} S computes = h( || || ) and sends message

= ( , ) to .

426 J. Mun et al.

5. When receives the message = ( , ) at time , checks whether -T≤ΔT. If not hold, overthrows the message and terminate this phase. Otherwise decrypts message by using , computes = h( || || ), and compares with . If so, decides that the remote server S is authenticated.

Fig. 3. Authentication phase

2.4 Password Change Phase

When wants to change his password from to , implores this phase. The password change phase needs to pass the following steps:

1. User must have executed the above login and authentication phase. The

server S authenticates his old password . 2. After the successful mutual authentication, inserts his new password

. Then, smart card computes h( ) = ⊕h( ), = ⊕h( )||h( )⊕h( )||h( ) and replaces the old with the new .

3 Security Flaws in Yassin et al.’s Scheme

In this section, we present that Yassin et al.'s scheme is insecure and vulnerable to outsider attack, smart card stolen attack, offline password guessing attack and masquerade attack.

3.1 Outsider Attack

Any adversary who is the legal user and owns a smart card, can get information (h(.), , ), then he compute: h( ) = ⊕h( ). Thus an adversary can get

Cryptanalysis of Encrypted Remote User Authentication Scheme 427

h( ) which same for each legal user and is very sensitive information, the hash value of secret key of the server. Furthermore, an adversary can computes secret key of remote server.

1. The adversary calculates h( ) = ⊕h( ), and then ) = ⊕h( )||h( ). 2. Assume that = , and i=1. 3. Calculate =h( ). If = ) then i= else i=i+1 4. Repeat 3.

3.2 Smart Card Stolen and Offline Password Guessing Attack

Smart card stolen attack means an adversary who possessed with smart card performs any operation which the smart card and obtains any information. If an adversary steals the SC of legitimate user and obtains the parameters and , then he can easily computes out the hash value of the password of the real user by computing ⊕h( ). Now, an adversary performs an off-line password guessing to get the current password of the user.

1. The adversary calculates h( ) = ⊕h( ). 2. The adversary selects a random password , calculates h( ) and

compares it with h( ). If so, the adversary infers that is user ’s password. Otherwise the adversary selects another password nominee and performs the same processes, until he locates the valid password.

3.3 User Masquerade Attack

A legal but malicious user can get the value h( ) from his own card, which is same for each user and can get the value h( ) from legitimate user ’s smart card. If he knows the identity of user , he can easily masquerades as to login and access the remote server because he can computes .

3.4 Server Masquerade Attack

An outsider adversary can easily masquerades as to remote server because he knows secret key of remote server. If an adversary intercepts login request message { , , ( , T, , )} that the user sends to the server S. An

adversary uses his knowledge of and computes = ⊕ . Then an adversary decrypts ( , T, , ) and can computes . Thus he can easily masquerades as server S.

4 Conclusion

In this paper, we have presented a cryptanalysis of Yassin et al.’s scheme. We indicate that Yassin et al.’s scheme is vulnerable to outsider attack, smart card stolen

428 J. Mun et al.

attack, off-line guessing attack, user masquerade attack and server masquerade attack. Finally, our further research direction ought to propose a secure user authentication scheme which can solve these problems.

References

1. Chien, H., Chen, C.: A remote authentication scheme preserving user anonymity. In: Proc. Advanced Information Networking and Applications, vol. 2, pp. 245–248 (2005)

2. Lee, Y., Nam, J., Won, D.: Security enhancement of a remote user authentication scheme using smart cards. In: Meersman, R., Tari, Z., Herrero, P. (eds.) OTM 2006 Workshops. LNCS, vol. 4277, pp. 508–516. Springer, Heidelberg (2006)

3. Nam, J., Kim, S., Park, S., Won, D.: Security analysis of a nonce-based user authentication scheme using smart cards. IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences 90(1), 299–302 (2007)

4. Yi, W., Kim, S., Won, D.: Smart Card Based AKE Protocol Using Biometric Information in Pervasive Computing Environments. In: Gervasi, O., Taniar, D., Murgante, B., Laganà, A., Mun, Y., Gavrilova, M.L. (eds.) ICCSA 2009, Part II. LNCS, vol. 5593, pp. 182–190. Springer, Heidelberg (2009)

5. Jin, Q., Lee, K., Won, D.: Cryptanalysis of a two-factor user authentication scheme over insecure channels. In: ISA 2012 (2012)

6. He, D., Wu, S.: Security flaws in smart card based authentication scheme for multi server environment. Wireless Personal Communications, 0929–6212 (2012)

7. Son, K., Han, D., Won, D.: A Privacy-Protecting Authentication Scheme for Roaming Services with Smart Cards. IEICE Transactions on Communications 95(5), 1819–1821 (2012)

8. Das, M.L., Saxena, A., Gulati, V.P.: A dynamic ID-based remote user authentication scheme. IEEE Transactions on Consumer Electionics 50(2), 629–631 (2004)

9. Wang, Y.Y., Liu, J.Y., Xiao, F.X., Dan, J.: A more efficient and secure dynamic ID-based remote user authentication scheme. Computer Communications 4(32), 583–585 (2009)

10. Yassin, A.A., Jin, H., Ibrahim, A., Zou, D.: Encrypted Remote User Authentication Scheme by Using Smart Card. In: Wang, F.L., Lei, J., Gong, Z., Luo, X. (eds.) WISM 2012. LNCS, vol. 7529, pp. 314–323. Springer, Heidelberg (2012)