9 » IC Electronic information » Category: S

IC Electronic information

Smart Card-based two-way authentication scheme

In Electronic Infomation Category: S | on April 14,2011

Abstract: The popularity of computer networks to make more use of network resources and BQ2012SN-D107 datasheet and applications to remote access, so network security authentication issue has become an important research topic. Current major authentication methods are the following: password-based authentication; based biometric authentication; based on smart card authentication and BQ2012SN-D107 price and certification mixed in several ways. Combination of cryptography and BQ2012SN-D107 suppliers and smart card authentication technology, the program has also been repeatedly proposed, many experts and scholars also made a variety of improvement programs.

However, these programs will be some inevitable flaws. Vulnerability for a variety of programs, this paper proposes the introduction of a smart card authentication public key cryptography algorithm programs, and its security is analyzed, the programs safety and superiority is also reflected in the text.

0 Introduction

With the popularity of computer networks and e-commerce development, more and more use of network resources and applications are available remotely. How to ensure that specific resources are only legitimate and authorized users access, how to correctly identify the users identity is a communication network and data security to ensure the first condition. At present, the main authentication method 3: Password-based authentication; based biometric authentication and smart card-based authentication. Combination of cryptography, many experts and scholars have proposed smart card-based authentication and effective program.

2000 Nian , Sun proposed a hash function based on the smart card is valid remote authentication scheme, the program vulnerable to password guessing attacks and internal attacks. In 2002, [5] of the one-way hash function is also proposed based on a program. Subsequently, many experts and scholars put forward their own programs, these programs through the introduction of random numbers, counters, timestamps and other parameters to achieve effective and safe two-way authentication. Unfortunately, these programs will be some inevitable flaws.

Analysis on the basis of the above options, here presents a new remote user authentication scheme. The program is chip technology with electronic technology and the development of ideas generated. Literature [6-8] proved that public key cryptography algorithm in smart card applications. The program retains some of the above parameters used in the literature, based on the introduction of the smart card public key cryptography algorithms, reliable communication to achieve mutual authentication and can withstand most types of attacks, with strong security.

1 Definition of Terms

Defined in the text of the following symbols are used:

U said that the user authentication protocol; S said that the authentication server authentication protocol; ID for the users identity; PW for the user login password; Ti too stamp; h () for the one-way hash function; for the XOR; as a safe communication channel; to be unsafe, common communication channel; E is the encryption algorithm; D is the decryption algorithm; Ku for the users public key; ku for the users private key; Ks for the server public key; ks for the servers private key.

2 the proposed certification program

The program by the registration phase, login phase, two-way validation phase, the password change phases.

2.1 up phase

R1: the identity of the user to choose their own ID, public key Ku, private key ku, password PW and calculate h (PW), submitted through the secure channel to the authentication server S, the US: ID, h (PW), Ku, ku.

R2: the server generates its own private key and public key ks Ks, and its own public key Ks release went out, ks save it, the users public key Ku into a database. At the same time server computing Vi = h (ID ks), Ri = h (ID ks) h (PW), and then the information {Ri, h (), Ks, ku, public key algorithm} write smart cards.

R3: S the smart card through the secure channel to the user, namely SU: Card {Ri, h (), Ks, ku, public key algorithm}.

2.2 landing stage

L1: the user U to insert the smart card related to the terminal device, enter the ID, PW, smart card authentication with the terminal device ID, PW legitimacy, or give up.

L2: recording system timestamp T1, smart card computing Vi = Ri h (PW), C1 = h (T1 Vi), and use the servers public key Ks to encrypt operations, ET1 = E (T1, Ks) , EC1 = E (C1, Ks).

L3: the user U through the channel to visit the general information m1 {T1, C1, ET1, EC1} to a server S, namely: U S: m1 {T1, C1, ET1, EC1}.

2.3 two-way validation phase

V1: the server S receives m1 {T1, C1, ET1, EC1}, the first with their own private key to decrypt operations ks: T1 *= D (T1, ks), C1 *= D (C1, ks ), then compared to determine: T1 * with T1 are equal, C1 * and C1 are equal. If you can not satisfy both equal, to give up; if both are equal, then the following calculation.

V2: calculate Vi = h (ID ks).

V3: Verify h (T1 Vi) and C1 are equal, if not equal, for the illegal users; if equal, for the legitimate users.

V4: recording system timestamp T2, calculated C2 = h (T2 Vi), and use information stored in the database to encrypt the users public key Ku operations: ET2 = E (T2, Ku), EC2 = E ( C2, Ku).

V5: S server, the channel will be through the general feedback m2 {T2, C2, ET2, EC2} to users U. Ie: S U: m2 {T2, C2, ET2, EC2}.

V6: Users receive the message U m2 {T2, C2, ET2, EC2}, use their own private key to decrypt ku operations: T2 *= D (T2, ku), C2 *= D (C2, ku ), then compared to determine: T2 * and T2 are equal, C2 * and C2 are equal. If you can not satisfy both equal, to give up; if both are equal, then the following calculation.

V7: Verify h (T2 Vi) and C2 are equal, if not equal, for the illegal server; if equal, for the legitimate server.

2.4 password change phase

P1: calculating Ri *= Ri h (PW) h (PW *) = h (ID ks) h (PW *).

P2: replaced by Ri * Ri, co-exist on the smart card.

3 Security Analysis

The program introduces public key cryptography, in non-secure channel to pass information, are encrypted, so it has very strong security, that can withstand a variety of attacks.

3.1 replay attack Assuming the attacker intercepted

L3 stage login m1 {T1, C1, ET1, EC1}, and change the plaintext form of time stamp T1 to T1 . However, the information in the registry still contains the encrypted time stamp ET1, at the V1 stage, due to decrypt the T1 * T1 , the attacker was rejected.

3.2 Denial of Service

The literature are used in many T2-T1 = T as a validation criteria, so when the network is deliberately blocking or intercepting the attacker login information and after a delay when re-transmission to the S, S does not meet the detection of T conditions, prone to denial of service attacks. In this paper, the proposed scheme does not require verification by T as a condition, even if the network congestion or the attacker deliberately delayed, due to no change in the value of T1, T1 = T1 *, it will not cause a denial of service attacks. And the system need not be very stringent synchronization requirements.

3.3 ReflectiON Attack Attack Assuming the attacker intercepted

L3 phase information m1 {T1, C1, ET1, EC1} and blocks the transmission of the information, and the fake S, skip the validation phase of the V1 ~ V4 stage, direct the user U sends m1 {Youxiang T1, C1, ET1, EC1}, an attempt to pretend to V5 stage of information m2 {T2, C2, ET2, EC2}. But the program, ET1, EC1 is encrypted with Ss public key Ks, and only use S to decrypt the private key ks, and the user U does not ks, we can not calculate the T1 * and C1 *, therefore attack is not feasible.

3.4 Parallel Attack Attack

V5 stage assuming the attacker intercepted information m2 {T2, C2, ET2, EC2}, and fake user U to S resend m2. However, calculation of S side to decrypt it is not feasible, because the ET2, EC2 is the public key Ku U encrypted, while the private key is used only ku-side in the U, S-side operations can not be decrypted.

3.5 smart card is lost \ copy attack

The attacker does not know the password PW, we are unable to come to Ri = h (ID ks) h (PW). Similarly, even that of the ID, PW, if no smart card, can not fake the user U.

3.6 true two-way authentication

Solution uses public key cryptography algorithm, U, S, respectively, using the public key encryption, and then send a message, use your own private key to decrypt, in the calculation is equal, so no matter which side the attacker is to fake not feasible to achieve a true two-way authentication.

4 Conclusion

Can be seen from the above analysis, through the introduction of public key encryption system that the proposed scheme can withstand replay attacks, denial of service attacks, Reflection Attack Attack, Parallel Attack attack, smart card is lost \ replication attack, and realized the two sides of communication two-way authentication. Although the program since the introduction of public key cryptography algorithm takes up part of the computing resources, but it greatly improves the security of the system, and with electronic technology and the rapid development of chip technology, smart card computing power and storage capacity continues to improve, the programs will become increasingly highlight their advantages. Specific uses of the program in which public key cryptography algorithms such as algorithms RSA, El-Gamal, elliptic curve, not the scope of this article.

BQ2012SN-D107 datasheetBQ2012SN-D107 suppliersBQ2012SN-D107 Price

All right © 2010-2016 Certificate