A Secured and Improved Dynamic ID
based Remote User Authentication Scheme
using Smart Card and Hash Function for
Distributed Systems
S.Ramesh
Assistant Professor, Department of Computer Science and Engineering Paavai College of Engineering
Namakkal, India raameshs@gmail.com
Dr. V.Murali Bhaskaran
Professor, Department of Computer Science and Engineering Dhirajlal Gandhi College of Technology
Salem, India murali66@gmail.com
Abstract—Authentication is a major concern for accessing remote service residing over on server in an
distributed systems. It is difficult to remember different identities and passwords for users. In order to solve the flaws encountered in many remote user authentication schemes in multi-server environment, only authentic user login to the remote server has been used. These remote schemes resist various attacks and have some weakness. Leu and Hsieh proposed an efficient and secure dynamic ID based remote user authentication for distributed environment using smart cards but is vulnerable to impersonation attack, leak verifier attack, stolen smart card attack. We propose a strong authentication scheme with user anonymity and secured dynamic ID based remote user authentication using smart cards that remove aforementioned weakness in distributed systems. The function and performance efficiency of our scheme was analysed and proved to provide a strong mutual authentication between user and server when compared with the existing methods.
Keywords-Smart Card; hash function; authentication; security; Dynamic ID
I. INTRODUCTION
Security breaches are the major issue in the communication environment over the Internet. Authentication is mechanism that allow only the legitimate network users want to access the remote servers provide resources over open public network through insecure channel. The remote user utilizes both identity and password for authentication to access the services stored on the remote server. In traditional authentication schemes, the server maintains the password table or verifier table to save the identity and passwords of the registered users [7]. Two problems are possible in the authentication scheme are being the administrator viewing the password table and the other is that the intruder can impersonate as a legal user and can steal the user ID and password. At worst case the distributed network is vulnerable to various attacks such as forgery attack, server spoofing attack, replay attack, stolen smart card attacks. A secure and efficient remote user authentication scheme must satisfy the following six requirements[9,11]: (1) Single registration (2) Low computational and communication cost (3) No password table (4) Withstand against security attacks (5) Freely chosen password and (6) Proper mutual authentication. In this paper we analyze the security weakness of the recent dynamic ID based multi-server remote user authentication scheme proposed by Lue and Hsieh[10] and we propose a more secure smartcard and dynamic ID based remote user authentication for multi-server environment to tackle the problems. The rest of the paper is organized as follows .Section II shows the related work of the dynamic identity based remote user authentication scheme. In section III we review the Leu Shieh’ dynamic ID based remote user authentication scheme[10] using smart card. Section IV describes a cryptanalysis of Leu-Shieh scheme. The proposed remote user authentication scheme and the corresponding security, functionality and performance analysis are discussed in sections VI, VII and VII respectively. Finally we conclude the article in section VIII.
II. RELATED WORK
authenticated key exchange protocol in public insecure network. In 2008, Tsai [5] proposed an efficient multi-server authentication scheme without verification table that use the nonce and hash function. It is suitable for distributed networks use less computational cost. Previous schemes are based on static ID which might be intercepted by an adversary from the public network and be used to trace the legal user. In 2009, Liao and Wang [16] first proposed a dynamic ID based remote user authentication scheme for multi- server environment. However, Hsiang and Shih [15] found that Liao et al.’s scheme [16] vulnerable to insider attack, masquerade attack, server spoofing attack, registration server spoofing attack and is not repairable .Moreover, Liao et al.’s scheme cannot provide mutual authentication. In 2011, Lee et al. [11] pointed out that Hsiang et al. scheme is still vulnerable to a masquerade attack, server spoofing attack and is not repairable, cannot provide mutual authentication. Sood et al. scheme [18] is vulnerable to leak of verifier attack, stolen smart card attack and had a fatal mistake. X.Li et al. [8, 9] proposed scheme is suitable for distributed multi-server architecture since it provide user anonymity, mutual authentication, efficient and security in 2012&2013. Hence through the literature we understand the prevalence of security breaches in distributed systems. Therefore we propose a more secured and improved dynamic identity based remote user authentication scheme that removes the security flaws and increase its efficiency.
III. REVIEWOFLEU–HISEH AUTHENTICATIONSCHEME
In this section we review Leu-Hsieh dynamic identity based remote authentication scheme [10] using smart card for multiserver environment which has four phases namely registration phase, login phase, verification phase and password change phase. In this scheme three entities are involved: the user (
U
i), the server (S
j) and the registration center (RC
). TheRC
selects the master secret keyx
and a secret numbery
to compute( || )
h x y
andh y
( )
.and then share them withS
j through a secure channel. Figure 1 shows the entire protocol structure of Hsieh-Leu scheme. The notations used throughout this paper are summarized in TABLE I.TABLEI
Notations used in the schemes
Symbol Description
Ui Client / User
Sj Server
IDi User i’s Identity
PWi Ui’s Password
h(. ) One way hash function
SIDj Server Identity
CIDi Dynamic User Identity
X Master secret key
Y Secret number
B User’s random number
Rs Server Si’s random number
|| Concatenation operator
۩ XOR operator
→
Communication channelA. Registration Phase
The user
U
i wants to login to the remote serverS
jthe user initially register with the registration serverRC
and perform the following activities.Step 1.
U
i
RC
:I
D
i, (
h b
PW
i)
. UserU
iselect his/her identityID
iand passwordPW
iand choose a random numberb
. The userU
i computes the masked passwordh b
(
PW
i)
. Then userU
i sendsID
i and(
i)
h b
PW
to the registration centerRC
through a secure communication channel. Step 2.RC
computes
A
i
h R
(
c|
|
x
)
B
i
R
c
ID
i
h b
(
PW
i)
C
i
A
i
h
(
I
D
i|| (
h
b
PW
i))
D
i
h b
(
PW
i)
ID
i
h h b
( (
P
W
i
R
c) || ( || ))
h x
y
E
i
h A
( )
iStep 3.
RC
U
i:SC
. The registration centerRC
stores the valuesh
.
andB C D E h y
i,
i,
i,
i, ( )
on thesmart card
SC
and issues it to the userU
i via a secure channel.Step 4. After receive the smart card, the user
U
i enterb
into his/her smart card. Finally the smart card contains, ,
i i,
i,
i, ( )
b B C D E h y
andh
.
. At the end of this phase, userU
ineed not rememberb
.B. Login Phase
When the user
U
i wants to login to the remote serverS
j after receive the smart cardSC
from the registration centerRC
the following steps to be performed.Step 1. User
U
i inserts his/her smart card into the smart card reader and enters his/her identityID
i , password iPW
and server identitySIDj. Step 2. The smart card computes
R
c
B
i
ID
i
h b
(
PW
i)
A
i
C
i
h ID
(
i|| (
h b
PW
i))
E
i'
h A
( )
iAnd check whether the computed
E
i' is equal toE
i.If they are equal, userU
i is a legal user and proceeds with next steps. Otherwise the smart card aborts the session.Step 3.The smart card generates a nonce
N
i and computesT
i
h b
(
PW
i)
ID
i
D
i
h h b
( (
PW
i
R
c) || ( || ))
h x y
H
i
h A
(
i|| ( ) ||
h y
N
i)
P
ij
A
i
h h y
( ( ) ||
N
i||
SID
j)
Q
i
h T
( ||
iH
i||
N
i)
Step 4
.
U
i
S
jCID P Q N
i,
ij,
i,
i : The userU
i sends the login request messageCID P Q N
i,
ij,
i,
i to the serverS
j.C. Authentication Phase
After receiving the login request message from the user
U
i , the serverS
jexecute the following steps for mutual authentication and agree a shared session key for secure communication.Step 1. Server
S
j computes
A
i
P
ij
h h y
( ( ) ||
N
i||
SID
j)
H
i
h A
(
i|| ( ) ||
h y
N
i)
h b
(
PW
i
R
c)
CID
i
h A
(
i||
H
i||
N
i)
T
i
h h b
( (
PW
i
R
c) || ( || ))
h x y
Step 2.
S
j
U
i:M
ij,
N
j: Next serverS
j computesh T
( ||
iH
i||
N
i)
and compare withQ
i. If they are not equal,S
jrejects the login request message and terminate this session. Otherwise, serverS
j accepts the login request message. ThenS
jgenerate a nonceN
jto computesM
ij
h T
( ||
iN
i||
H
i||
SID
j)
. Finally the serverj
S
sends the messageM
ij,
N
jto the userU
i.Step 3.
U
i
S
j:M
ij": UserU
i computesM
ij'
h T
( ||
iN
i||
H
i||
SID
j)
and compare with the received messageM
ij. If they are not equal, userU
i rejects the incoming message and rejects this session. Otherwise, userU
i authenticatesS
j successfully and computes the mutual authentication messageM
ij"
h T
( ||
iN
j||
H
i||
SID
j)
. Next the userU
i send back the message"
ij
M
to the serverS
j.Step 4. Upon receiving the message
M
ij" ,S
j computesh T
( ||
iN
j||
H
i||
SID
j)
and checks it with the received messageM
ij". If they are equal,S
jauthenticatesU
i successfully. At the end of the authentication phase, bothU
i andS
jagree to compute a common session keySK
h T
( ||
iN
i||
N
j||
H
i||
SID
j)
forsecure communications.
D. Password Change Phase
In this phase, user
U
i can change his/her password any time if he/she wishes. The steps of the password change phase are as follows.Step 1.
U
i
RC
:ID h b
i, (
PW
i
R
c)
: The userU
i inserts his/her smart cardSC
in to the smart cardreader and then input his/her identity
ID
i and passwordPW
i .The smart cardSC
computes to obtain*
(
|| (
))
i i i i
A
C
h ID
h b
PW
. Next it computesE
i*
h A
(
i*)
and compares it with the stored valueE
i in the smart card. If they are same the smart card computesR
c
B
i
ID
i
h b
(
PW
i)
. Then userU
i choose a new passwordPW
inew and a new random numberb
new to computes(
)
new new
i c i new i
B
R
ID
h b
PW
, new(
|| (
new)
i i i new i
C
A
h ID
h b
PW
. Finally userU
i sends, (
)
i i c
User(
U
i) [Registration Phase] Registration Center(RC
) SelectID PW b
i,
i,
I
D
i, (
h b
PW
i)
ComputeA
i
h R
(
c|
|
x
)
B
i
R
c
ID
i
h b
(
PW
i)
C
i
A
i
h
(
I
D
i|| (
h
b
PW
i))
D
i
h b
(
PW
i)
ID
i
h h b
( (
P
W
i
R
c) || ( || ))
h x
y
E
i
h A
( )
iSC b B C D E h y h
[ , ,
i i,
i,
i, ( ), (.)]
Enter
b
into the Smart CardUser(
U
i) [Login Phase] Server(S
j) Insert smart cardSC
Smart Card(SC
)Input
ID PW
i,
iR
c
B
i
ID
i
h b
(
PW
i)
A
i
C
i
h ID
(
i|| (
h b
PW
i))
E
i'
h A
( )
iCheck if
E E
i'?
iGenerate a random number
N
iCompute
T
i
h b
(
PW
i)
ID
i
D
i
h h b
( (
PW
i
R
c) || ( || ))
h x y
H
i
h A
(
i|| ( ) ||
h y
N
i)
CID
i
h b
(
PW
i
R
c)
h A
(
i||
H
i||
N
i)
P
ij
A
i
h h y
( ( ) ||
N
i||
SID
j)
Q
i
h T
( ||
iH
i||
N
i)
CID P Q N
i,
ij,
i,
iStep 2.
RC
U
i:B
inew: The registration centerRC
computesnew
( (
) || ( || )
i new new c
D
h h b
PW
R
h x y
RC
sendsB
inew to the userU
i.User(
U
i) [Authentication Phase] Server(S
j)Compute
A
i
P
ij
h h y
( ( ) ||
N
i||
SID
j)
H
i
h A
(
i|| ( ) ||
h y
N
i)
h b
(
PW
i
R
c)
CID
i
h A
(
i||
H
i||
N
i)
T
i
h h b
( (
PW
i
R
c) || ( || ))
h x y
Check ifQ h T
i? ( ||
iH
i||
N
i)
Generate a random number
N
jCompute
M
ij
h T
( ||
iN
i||
H
i||
SID
j)
Else reject login request
M
ij,
N
jCompute
M
ij'
h T
( ||
iN
i||
H
i||
SID
j)
Verify if
M
ij?
M
ij'"
( ||
||
||
)
ij i j i j
M
h T
N
H
SID
M
ij"M
ij"'
h T
( ||
iN
j||
H
i||
SID
j)
Check if
M
ij"'?
M
ij" authentication success Else authentication failure Else authentication failure
SK
h T
( ||
iN
i||
N
j||
H
i||
SID
j)
User(
U
i) [Password Change Phase] Registration Center(RC
) Insert smart cardSC
Smart Card(SC
)Input
ID
i,
PW
i,new i
PW
ComupteA
i*
C
i
h ID
(
i|| (
h b
PW
i))
* *
(
)
i i
E
h A
Verify if
E E
i'?
iR
c
B
i
ID
i
h b
(
PW
i)
Choose a new random number
b
newnew
(
new)
i c i new i
B
R
ID
h b
PW
C
inew
A
i
h ID
(
i|| (
h b
new
PW
inew)
ID h b
i, (
PW
i
R
c)
D
inew
h h b
( (
new
PW
new
R
c) || ( || )
h x y
Replace
B C D
i,
i,
iwith,
,
new new newi i i
B
C
D
IV. CRYPTANALYSIS OF LEU HSIEH SCHEME
In this section we will demonstrated that Leu Hsieh scheme is vulnerable to insiders attack, password guessing attack, stolen verifier attack, server spoofing attack and does not provide the two factor security. Leu Hsieh scheme is inefficient in error password login when the public key of the server is compromised, the adversary can obtain all the previous session keys between user and the server
S
j.A. Masquerading user attack
An attacker
A
can intercept the login request messageCID P Q N
i,
ij,
i,
i sent from the userU
ito the serverj
S
.Then the attackerA
can computeA
i
P
ij
h h y
( ( ) ||
N
i||
SID
j)
.In order to masquerade as user loginrequest message to communicate with the server
S
k.The attacker generates a random numberN
kthen he/she computesH
i*
h A
(
i|| ( ) ||
h y
N
k)
,*
(
)
(
||
||
)
i i c i i k
CID
h b
PW
R
h A
H
N
,P
ik
A
i
h h y
( ( ) ||
N
k||
SID
k)
,* *
( ||
||
)
i i i k
Q
h T
H
N
.Then the attacker send the forgery messageCID P Q N
i*,
ik*,
i*,
k to the server and computes*
( ( ) ||
||
)
i ik k k
A
P
h h y
N
SID
,H
i*
h A
(
i|| ( ) ||
h y
N
k)
,* * *
(
i c)
i(
i||
i||
k)
h b
PW
R
CID
h A
H
N
and* *
( (
) || ( || ))
i i c
T
h h b
PW
R
h x y
h h b
( (
k
PW
i
R
c) || ( || ))
*h x y
T
k.So* *
(
k||
i||
k)
ih T
H
N
Q
and server accept the login request.B. Server Spoofing attack
Assume that legal server
S
j might try to masquerade as another malicious serverS
kto fool any legal user and Leu-Hsieh scheme cannot withstand the server spoofing attack. The illegal server act as like the original server hold the secret informationh x y
( || )
andh y
( )
.When the userU
i submits his/her login request,
,
,
i ij i i
CID P Q N
to the legal serverS
j ,but malicious serverS
kcan interpret the message and compute,
, (
),
i i i c i
A H h b
PW
R
T
by usingh x y
( || )
,h y
( )
andSID
j . To checkQ h T
i? ( ||
iH
i||
N
i)
.Then he/she generate a nonceN
kand computeM
ij
h T
( ||
iN
i||
H
i||
SID
j)
and submitM
ij,
N
k toU
i .U
i computesh T
( ||
iN
i||
H
i||
SID
j)
and compares it with'
ij
M
.If both the values are equal,U
i responds with the messageM
ij"and can compute the session keySK
h T
( ||
iN
i||
N
j||
H
i||
SID
j)
.Therefore, a legal andmalicious server can masquerade as another server to fool any legal user and Leu-Shieh scheme is vulnerable to server spoofing attack..
C. Password Guessing attaack
An attacker
A
steals or userU
i lost the smart cardSC
the significant information in the card is derived by the attacker, there is a chance of password guessing attack. The attackerA
can read the data, ,
i i,
i,
i, ( ), ()
b B C D E h y h
from the smart card by select any word guessing from the dictionaryPW
i'.A
computeA
i
C
i
h ID
(
i|| (
h b
PW
i'))
and'
( )
i i
E
h A
.A
check ifE
i'equalE
i. IfE
i' equalsE
ithenA
find the correct password. Otherwise,A
repeat it until the correct password if found.D. Improper mutual authentication
In the verification phase attacker
A
intercepts the authentication messageM
ij,
N
jfrom serverS
jto the useri
provides attackers with an opportunity to tamper with the message. Therefore
U
icannot distinguish the valid authentication messageM
ij,
N
j from the fabricated authentication message* *
,
ij j
M
N
which leads toS
jthinking
U
iis a cheater, whereasU
iis a legal user. So that Leu-Shieh scheme [10] fails to provide proper mutual authentication under the condition that the authenticated message was partly interpolated by an attacker.V. PROPOSED SCHEME
In this section, we proposed an improved efficient and secured scheme to overcome the weakness in the Leu Shieh scheme [10]. Also three entities is involved: the user (
U
i), the service providing server (S
j) and the registration center (RC
). TheRC
selects the master secret keyx
and a secret numbery
to compute( || )
h x y
,h SID
(
j|| )
y
andh y
( )
and then shares them withS
j through a secure channel. Figure 2 shows the entire protocol structure of our proposed scheme. The proposed scheme which has six phases namely setup phase, registration phase, login phase, verification phase and password change phase.A. Setup Phase
Setup Phase consist of three steps.
Step 1. Server setup: This process is performed by the server
S
jconsulted with the registration centerRC
, to share the valuesh x y
( || )
, andh y
( )
through a secure channel.Step 2. Client setup: This process is performed by the user
U
i initialize the secret random numberb
for masking the password.Step 3. Registration Center setup: This process is performed by the registration center
RC
to choose a master secret keyx
and secret numbery
to computeh x y
( || )
andh y
( )
.These values are only known toRC
.B. Registration Phase
The user
U
i wants to login to the remote serverS
jthe user initially register with the registration serverRC
and perform the following activities.Step 1.
U
i
RC
:I
D
i, (
h b
PW
i)
. UserU
iselect his/her identityID
iand passwordPW
iand choose a random numberb
. The userU
i computes the masked passwordh b
(
PW
i)
. Then userU
i sendsID
i and(
i)
h b
PW
to the registration centerRC
through a secure communication channel. Step 2.RC
computes
T
i
h ID
(
i|| )
x
V
i
T
ih ID
(
i|| (
h b
PW
i) || ( ))
h y
B
i
h h b
( (
PW
i) || ( || ))
h x y
H
i
h T
( )
iStep 3.
RC
U
i:SC
. The registration centerRC
stores the valuesh
.
andV B H h y
i, ,
i i, ( )
on the smartcard
SC
and issues it to the userU
i via a secure channel.Step 4. After receive the smart card, the user
U
i enterb
into his/her smart card. Finally the smart card contains, , ,
i i i, ( )
C. Login Phase
When the user
U
i wants to login to the remote serverS
j after receive the smart cardSC
from the registration centerRC
the following steps to be performed.Step 1. User
U
i inserts his/her smart card into the smart card reader and enters his/her identityID
i , password iPW
and server identitySIDj. Step 2. The smart card computes
T
i
V
ih ID
(
i|| (
h b
PW
i) || (y))
h
H
i*
h T
( )
iAnd check whether the computed
H
i' is equal toH
i.If they are equal, userU
i is a legal user and proceeds with next steps. Otherwise the smart card aborts the session.Step 3.The smart card generates a nonce
N
i and computesCID
i
h b
(
PW
i)
h
(T || ( ) ||
ih y
N
i)
P
ij
T
ih h y
( ( ) ||
N
i||
SID
j)
M
1
h P
(
ij||
CID
i|| ( ) ||
h y
N
i)
M
2
h SID
(
j|| ( ))
h y
N
iStep 4
.
U
i
S
jCID P M M
i,
ij,
1,
2 : The userU
i sends the login request messageCID P M M
i,
ij,
1,
2 to theserver
S
j.D. Authentication Phase
After receiving the login request message from the user
U
i , the serverS
jexecute the following steps for mutual authentication and agree a shared session key for secure communication.Step 1. Server
S
j computes
N
i
M
2
h SID
(
j|| ( ))
h y
T
i
P
ij
h h y
( ( ) ||
N
i||
SID
j))
h b
(
PW
i)
CID
i
h T
( || ( ) ||
ih y
N
i)
B
i
h h b
( (
PW
i) || ( || ))
h x y
Step 2.
S
j
U
i:M M
3,
4: Next the server computesh P
(
ij||
CID
i|| ( ) ||
h y
N
i)
and compare withM
1. Ifthey are not equal,
S
jrejects the login request message and terminate this session. Otherwise, serverS
jaccepts the login request message. Then
S
jgenerate a nonceN
jto computesM
3
h B
(
i||
N
j||
SID
j)
.Finally the server
S
j sends the messageM M
3,
4to the userU
i.Step 3.
U
i
S
j:M
5: UserU
i computesN
j
M
4
h B
(
i||
SID
j)
N
i to obtain the server noncej
N
.Next computeh B
(
i||
N
j||
SID
j)
and compare with the received messageM
3. If they are not equal ,User(
U
i) [Registration Phase] Registration Center(RC
) SelectID PW b
i,
i,
I
D
i, (
h b
PW
i)
ComputeT
i
h ID
(
i|| )
x
V
i
T
ih ID
(
i|| (
h b
PW
i) || ( ))
h y
B
i
h h b
( (
PW
i) || ( || ))
h x y
H
i
h T
( )
iSC V B h y h
[ , , ( ), (.)]
i iEnter
b
into the Smart Cardsuccessfully and computes the mutual authentication message
M
5
h B
(
i||
N
i||
SID
j)
. Next the userU
isend back the message
M
5 to the serverS
j.Step 4. Upon receiving the message
M
5,S
jcomputesh B
(
i||
N
i||
SID
j)
and checks it with the received messageM
5. If they are equal,S
jauthenticatesU
i successfully. Otherwise, rejects the authentication request.E. Session Key generation Phase
At the end of the authentication phase, the user
U
i and the serverS
jcan agree a common session key for secure communication with authentication.Step 1.Server
S
j generate the session keySK
h CID
(
i||
N
i||
N
j||
SID
j||
B
i)
Step 2.Client
U
i generate the session keySK
h CID
(
i||
N
i||
N
j||
SID
j||
B
i)
Step 3. Finally both of the user
U
i and the serverS
i can utilize the session key(
i||
i||
j||
j||
i)
SK
h CID
N
N
SID
B
to securely communicate with each other.F. Password Change Phase
In this phase, user
U
i can change his/her password any time if he/she wishes. The steps of the password change phase are as follows.Step 1.
U
i
RC
:, (
new)
i new i
ID h b
PW
: The userU
i inserts his/her smart cardSC
in to the smart card reader and then input his/her identityID
i and passwordPW
i .The smart cardSC
computes to obtain(
|| (
) || ( ))
i i i i
T
V
h ID
h b
PW
h y
. Next it computesH
i*
h T
( )
i and compares it with the stored valuei
H
in the smart card. If they are same the userU
i choose a new passwordPW
inew and a new random numbernew
b
to computesh b
(
new
PW
inew)
,V
inew
T
ih ID
(
i|| (
h b
new
PW
inew) || ( ))
h y
. Finally userU
isends
, (
new)
i new i
ID h b
PW
to the registration centerRC
in a secure channel.Step 2.
RC
U
i:B
inew: The registration centerRC
computesnew
( (
new) || ( || ))
i new i
B
h h b
PW
h x y
RC
send backB
inew to the userU
i.Step 3. Finally, the smart card replaces
B V
i,
i with,
new newi i
User(
U
i) [Session Key generation Phase] Server(S
j)(
i||
i||
j||
j||
i)
SK
h CID
N
N
SID
B
SK
h CID
(
i||
N
i||
N
j||
SID
j||
B
i)
User(U
i) [Authentication Phase] Server(S
j)Compute
N
i
M
2
h SID
(
j|| ( ))
h y
T
i
P
ij
h h y
( ( ) ||
N
i||
SID
j))
h b
(
PW
i)
CID
i
h T
( || ( ) ||
ih y
N
i)
B
i
h h b
( (
PW
i) || ( || ))
h x y
Check if
M h P
1? (
ij||
CID
i|| ( ) ||
h y
N
i)
Generate a random number
N
jCompute
M
3
h B
(
i||
N
j||
SID
j)
M
4
h B
(
i||
SID
j)
N
i
N
j Else reject login request
M M
3,
4Compute
N
j
M
4
h B
(
i||
SID
j)
N
iVerify if
M h B
3? (
i||
N
j||
SID
j)
Compute
M
5
h B
(
i||
N
i||
SID
j)
M
5 Check ifM h B
5? (
i||
N
i||
SID
j)
Else authentication failure authentication successful Else authentication failure
User (
U
i) [Password Change Phase] Registration Center (RC
) Insert smart cardSC
Smart Card (SC
)Input
ID
i,
PW
i,new i
PW
ComputeT
i
V
ih ID
(
i|| (
h b
PW
i) || ( ))
h y
H
i*
h T
( )
iVerify if
H H
i*?
iChoose a new random number
b
newCompute
(
new)
new i
h b
PW
V
inew
T
ih ID
(
i|| (
h b
new
PW
inew) || ( ))
h y
, (
new)
i new i
ID h b
PW
new
( (
new) || ( || ))
i new i
B
h h b
PW
h x y
Replace
B V
i,
iwith,
new newi i
User(
U
i) [Login Phase] Server(S
j) Insert smart cardSC
Smart Card(SC
)Input
ID PW
i,
iT
i
V
ih ID
(
i|| (
h b
PW
i) || (y))
h
H
i*
h T
( )
iCheck if
H H
i*?
iGenerate a random number
N
iCompute
CID
i
h b
(
PW
i)
h
(T || ( ) ||
ih y
N
i)
P
ij
T
ih h y
( ( ) ||
N
i||
SID
j)
M
1
h P
(
ij||
CID
i|| ( ) ||
h y
N
i)
M
2
h SID
(
j|| ( ))
h y
N
iCID P M M
i,
ij,
1,
2FIGURE 2. PROPOSED SCHEME
VI. SECURITY ANALYSIS
In this section we analyze the security of the proposed scheme and discuss the security features involved in it. The proposed scheme provides several security characteristics and resist against various known attacks. TABLE III describe the security characteristics involved in our scheme and other related schemes.
A. Resist replay attack
An attacker
A
eavesdrops the login message between the userU
iand the serverS
jand try to imitateU
i to login to the server by replaying the intercepted messages. In our proposed scheme, two random numbers,
i j
N N
are generated by the user and the server respectively for verification that make all messages dynamic and valid for the session only. After eavesdropping the previous login requestCID P M M
i,
ij,
1,
2from the user,the intruder may replay the message to
S
j.A
will receive the acknowledge messageM M
3,
4fromS
j and cannot compute the mutual messageM
5to respond toS
jwithout knowingB N
i,
i.A
replies a previous messageM M
3,
4 toU
iin this session, because each session have its ownN
i, the computed random numberj
N
will not equal to the random numberN
jof this session that was chosen byS
jh B
(
i||
N
j||
SID
j)
will not equal toM
3and the authentication will fail. Therefore there is no chance of replay attack.B. Resist forgery attack/Masquerade attack
An attacker
A
act as like the legal user to login the remote server, he must be able to forge a valid login request1 2
,
,
,
i ij
CID P M M
to foolS
j . The adversary cannot compute a valid login request message without knowingT N
i,
i. In addition, if the adversary is a legal user of the system, he/she also cannot masquerade as another legal user to login to the remote server, since he/she cannot computeT
i from his/her smart card and intercepted login requestCID P M M
i,
ij,
1,
2 without knowingx h x y b PW
, ( || ), ,
i .Suppose an adversary steals user smart card and extract the parameters b V B H h y h, , ,i i i, ( ), (.)in some way , he/she cannot forge the login request. Because it is difficult to find theT
i without knowing the passwordPW
i. Our proposed scheme is withstand forgery attack.C. Resist server spoofing attack
If the attacker is a legal user of the system, he/she must be able to forge a valid response message
3
,
4intercepted login request
CID P M M
i,
ij,
1,
2without the knowledge ofh x y
( || )
, therefore the attacker cannot compute the valid response messageM M
3,
4. If the attacker is a legal server of the system, he/she cannot masquerade as another server to fool any legal user since he does not have the other secret information(
j|| ( ))
h SID
h y
to check the login request and cannot compute the valid response messageM M
3,
4. Our proposed scheme is withstand server spoofing attack.D. Resist stolen smart card attack
The attacker steals or user lost the smart card can extract the significant information
, , ,i i i, ( ), (.)
b V B H h y h stored in the smart card. Even after collecting this information in order to change the password or login into the system by using the lost smart card, the attacker submit the real identity and password correctly at the same time, but it is not possible to guess these parameters correctly at the same time in real polynomial time since they are protected by a one way hash function and attackers does not have the knowledge of the master secret key
x
.Therefore, the proposed scheme is secure against stolen smart card attacks.E. Resist leak of verifier attack
The proposed scheme, the server or the registration center does not store any verifier information, so even any malicious legitimate user cannot retrieve any useful information from them, and cannot impersonate a legal user to login to the server. Thus, the proposed scheme can resist the leak of verifier attack.
TABLE III Security Comparison
Security Factors Lee et. al [2011]
X.Li et. al [2012]
X.Li et.al [2013]
Leu-Hsieh [2014]
Proposed Scheme
Replay attack No No No Yes Yes
Forgery /Masquerade user attack Yes No Yes Yes Yes
Server spoofing attack Yes Yes No Yes Yes
Stolen smart card attack No No No Yes Yes
Leak of verifier attack No No No Yes Yes
VII. PERFORMANCE AND FUNCTIONAL ANALYSIS
In this section we compare our proposed scheme with other related schemes, our scheme achieve more functionality features that are required to implement the real time identity and password authentication using smart cards is described in TABLE IV.
A. Proper mutual authentication
The proposed scheme can provide proper mutual authentication, the user sends
CID P M M
i,
ij,
1,
2toS
jto access the service in it. After receiving the messageS
j computesT B h b
i, , (
i
PW
i)
and then checks1
? (
ij||
i|| ( ) ||
i)
M h P
CID
h y
N
.If it holdsU
i is a valid user and login request was accepted by the server. OtherwiseS
j rejects the login request. The authentication equation is fully depending on the one way hash function, any fabricated messageCID P M M
i',
ij',
1',
2' cannot pass verification. ThenS
jcomputeM M
3,
4 andsend to the user. Next user compute
N
j
M
4
h B
(
i||
SID
j)
N
iand verifyM h B
3? (
i||
N
j||
SID
j)
.If they are not equal user terminate the session. Otherwise server is authenticated by user. The fabricated message' '
3
,
4M M
cannot pass the authentication. With the same reason any fabricated mutual authentication message' 5
M
cannot pass the mutual authentication. Therefore, the proposed scheme can provide proper mutual authentication.B. User anonymity
used for the real identity
ID
i for its authentication to the service of the server. When the user wants to login to the server the dynamicCID
i is different for each session. Besides, instead of the real identity, the attacker cannot distinguish between different sessions corresponding to a certain user and cannot obtain any idea about the real identity. Our scheme can provide user anonymity.C. Session key agreement
The user and server can agree on a shared common session key for further communication. An attacker guess the the random secrets
N N
i,
jit is difficult to derive the session key without knowing the value ofB
i.Even if an adversary know the values ofb PW y
,
i,
, it is impossible to find the session key.D. Forward secrecy
The master key of the system is compromised; the secrecy of the previously established session keys should not be affected. If the master secret key
x
is compromised for some reason, the attacker cannot compute any previous session key without knowingb PW y
,
i,
.Our proposed scheme can ensure forward secrecy.TABLE IV Functional Analysis
Functional Factors Lee et. al [2011]
X.Li et. al [2012]
X.Li et.al [2013]
Leu-Hsieh [2014]
Proposed Scheme
Strong mutual authentication No No No No Yes
User anonymity Yes No Yes Yes Yes
Session key agreement Yes Yes No Yes Yes
Forward secrecy No No No Yes Yes
Two factor security Yes No No No Yes
Single registration Yes Yes Yes Yes Yes
In order to evaluate the performance of the proposed scheme, we compare it with other schemes. TABLE V gives a brief review of their performance. To analyze the computational complexity that involves time complexity of hash function. Because exclusive-OR operation requires very few computations, it is usually negligible considering its computational cost. Therefore our improved scheme is more secure and efficient than other schemes.
TABLEV Performance Analysis
Phases Lee et.
al [2011]
X.Li et. al [2012]
X.Li et.al [2013]
Leu-Hsieh [2014]
Proposed Scheme
Registration Phase 7 7 7 8 7
Login Phase 7 7 8 8 6
Authentication Phase 8 21 8 9 7
Password Change Phase 6 6 4 6 6