Académique Documents
Professionnel Documents
Culture Documents
keerti.psit@gmail.com awasthi@psit.in
Abstract: Today, In the online transactions (e-banking, mobile In 2006, [12] Khan et al formulated biometric remote user
banking etc.), a remote user authentication is a tool to authentication scheme with chaos in its deterministic from
authenticate remote users; various authentication schemes have with in the real word omnipresence for a more secure design
been proposed so far. Khan et al. in 2006 contributed a of communication protocol [23] [11]. Chaotic cryptography
significant and novel idea to further strengthen and arrive at the with its random behavior constitutes a potential protection
secure communication network, their idea carried a concept of asset in modern cryptography. Khan et al schemes based on
chaotic hash-based fingerprint biometric remote user
new family of one-way collision free chaotic hash function
authentication scheme, but even this was vulnerable to a few
deadly attacks. The current paper identifies some attacks and
[1] showed its supremacy over modular exponentiation-
proposes new improved scheme thereon. based authentication schemes e.g. Diffie-Helman [1] El
Gamal [18] and RSA based encryption algorithms [7].
Keywords: Authentication, spoofing attack, smart card, security Khan's scheme however is exposed to privileged insider
improvements. attacks to the remote system [22] and is also exposed to
impersonation attack, as the adversary can be authenticated
1. Introduction even if attacker does not have the valid password [6]. As a
remedy to these pitfalls, this paper presents an efficient
In 1981, Lamport [9] proposed authentication scheme using improvement on them with more security. as a result
cryptographic hash function. However, high hash overhead proposed scheme can withstand the previously proposed
and the necessity for password resetting decrease its attacks.
suitability for practical use. Since then, many improved
password authentication schemes e.g. [16] [13] [2] [19] have 2. Chaotic Hash Function
been proposed. One of the common features of these
schemes is that the server has to securely store a verification This section briefly reviews chaotic hash function [12]
table. If the verification table is stolen by the adversary, the [11].This is a one way function/transformation which makes
system may be broken. To resist such a stolen-verifier them an ideal candidate to be used for the collision free one
attack, in 1990 Hwang et al.[20] proposed a non-interactive way hash function. After applying this function an arbitrary
password authentication scheme and its enhanced version, input becomes a fixed-size string, called as hash value [10].
which additionally uses smart cards. In Hwang et al.'s In 2005, Wang et al.[15] created a chaotic hash algorithm
schemes, the server does not require any verification table. based on n-D nonlinear autoregressive filter. The chaotic
In 2000, Hwang and Li [14] proposed a verification-free hash function is an iterative hash function. It can be
password authentication scheme using smart cards based on represented by
ElGamal's public-key technique [18]. However, Hwang-Li's
scheme doesn't allow users freely choosing and changing
their passwords. Furthermore, Hwang-Li's scheme was , where is a round function,
found to be vulnerable to various impersonation attacks [4],
[3], [8]. To improve the efficiency, H.M.Sun proposed a is input value of , is the message sub block,
light weight verification table free password authentication
scheme [7] using smart cards based on cryptographic hash is the inter hash value and is the final hash value.
functions. The major drawback of Sun’s scheme is that the
password is not easily memorizable and the user can not 3. Review of Khan et al. scheme
freely chooses or changes his/her password. Various
password protection mechanism in use, carry the risk of This section briefly reviews the Khan et al.'s scheme which
theft, willingly-unwillingly key disclosure to unauthorized is composed of four phases: registration, login,
user. Biometric dovetailed with typical remote user authentication, and password change. Information held by
authentication scheme has made it infallible, as biometric remote system:
works on physical behaviors, fingerprints, voice recognition
etc.
92 (IJCNS) International Journal of Computer and Network Security,
Vol. 2, No. 1, January 2010
USER REMOTE SYSTEM login application software and enters identity and
Choose identity password and imprints a fingerprint biometric at the
sensor. If is successfully verified by his/her fingerprint
Choose password biometric, a mobile device will perform the following
operations:
Input fingerprint 1. Computes and verifies
Impression whether . If not equal, the device terminates the
Compute operation otherwise it performs further operations.
⊕x) 2. Computes where is the current
timestamps of the device .
Store 3. At the end of the login phase, sends the login message
in mobile device to the remote system over an insecure network.
In this section, we will demonstrate that Khan et al. scheme USER REMOTE SYSTEM
is vulnerable to an impersonation attack and an insider Choose
attack. identity
Choose
4.1. Privileged Insider Attack password
4.2. Spoofing Attack by using Lost or Stolen Mobile USER REMOTE SYSTEM
Device Input ,
Input fingerprint
Impression
Khan et al.'s. Scheme is vulnerable to spoofing attack by ,
using lost or stolen mobile devices (smart card) by Verify
monitoring the power consumption [5], [17]. An adversary
Pick up
can intercept the mutual authentication message ( ) Compute
and re-send the forge message i.e., to the user and it
could not be verified by step-(6) in authentication phase of
Check
Khan et al.'s scheme, because is open on the mobile Check
device. Precisely, if an attacker gets a user's mobile device
and extracts secure value from it, then Verify
attacker could simply be authenticated by using without
knowing valid password. Check
Figure 4. LOGIN PHASE
4.3. Impersonation attack
5.1. Registration Phase
Khan et al.'s scheme is vulnerable to impersonation attacks
using lost or stolen mobile devices. Namely, a user can be
Fig 3 shows the registration phase of proposed scheme. In
authenticated to a remote system even if he or she does not
the registration Phase user Ui chooses his/her identity
have the valid password . Precisely, if an attacker gets a
user's mobile device and extracts secure value from the and password , a random nonce and interactively
mobile device, then he or she can simply be authenticated by submits; , encrypted with public key
using without the user's password. to the registration centre. Ui also imprints his/her
fingerprint impression with nonce i.e. at the
5. Proposed biometric authentication nonce sensor, and then registration system performs the following
operations:
based scheme 1. Decrypt the encrypted message by the server private key
and get .
This section proposes an improvement of Khan et al.'s 2. Compute from and .
scheme, that can remove the above security flaws. The 3. Computes and where
proposed scheme is also composed of four phases: the private key of the remote system is, is a bit-wise
registration, login, authentication, password change. exclusive-OR operation, is a collision free one-way
Information held by Remote System: . chaotic hash function.
94 (IJCNS) International Journal of Computer and Network Security,
Vol. 2, No. 1, January 2010
4. Computes where Si is the analysis the enhanced security features of our improved
extracted fingerprint template of the user. scheme.
5. The remote system personalizes the secure information
and saves it into the mobile device and 6.1. Resistance to guessing attack
send to the user Ui.
A guessing attack involves an adversary tries to get
5.2. Login Phase long-term private keys (user's password or server secret
and private key), but using non invertible chaotic hash
Fig 4 shows the login phase of the proposed scheme. If Ui
wants to login the remote system, he or she opens the login
function for any attacker it becomes difficult to extract
application software, enters identity and password by knowing .although the adversary can
and imprints a fingerprint biometric at the sensor. If obtain the secret information stored in the stolen smart
Ui is successfully verified by his/her fingerprint biometric, a card by analyzing the leaked information [21] however
mobile device will perform the following operations: adversary could not be able to extract .
1. Computes , and verifies
whether or not. If equal the user's device 6.2. Resistance to parallel session, reflection attack
performs further operation; otherwise it terminates the
operation. In parallel session attack, with knowing the correct
2. Computes , where the current password of the user, an attacker can masquerade as the
timestamps of the device is. legal user by creating a valid login message out of some
3. At the end of the login phase, Ui sends the login message eavesdropped communication between the user and the
to the remote system over a secure network. server. But our proposed scheme is free from parallel session
attack.
5.3. Authentication Phase
6.3. Resistance to insider attack
In the authentication phase, when the remote system
receives the message from the user, the If an insider attacker has obtained ’s password
remote system and user perform following operations. .he can try to impersonate to access other server. In
1. The remote system checks if the format of is the registration phase of the improved scheme, sends
invalid or if where is the current time stamp encrypted password with appropriate nonce,
of the remote system, then rejects the login request. i.e. thus will not be revealed to the
2. If Where denotes the expected valid attacker without knowing remote system's private key.
time interval for transmission delay, and then the remote Since in the proposed scheme insider attacker can not
system rejects the login request. obtain , So the improved scheme can with stand the
3. The remote system insider attack.
computes , if . It
means the user is authentic and the remote system 6.4. Resistance to server spoofing attack
accepts the login request and performs the next step,
otherwise the login request is rejected. The spoofing attack completely solved by providing mutual
4. For mutual authentication, the remote system authentication between user and server. Since remote system
computes and then sends a S sends mutual authentication message to the user in
login phase and If an attacker intercepts it and resend the
mutual authentication message ; to the Ui
forged message i.e to user U, but it will not be verified
5. Upon receiving the message , the user verifies
by authentication phase since .
that either is invalid or , and then the user Ui
Therefore proposed scheme can withstand the spoofing
terminates this session; otherwise performs the next attack.
step.
6. Ui compute and compares
7. Conclusion
. If equal, the user believes that the remote
party is an authentic and it holds mutual authentication Here, this paper has demonstrated that khan et al.[12]
between the user and server. remote user authentication scheme is vulnerable to an
impersonation attack, insider attack and pointed out the
6. Security Analysis drawbacks of khan et al.'scheme for practical uses.
Finally this paper proposes a more secure remote user
Next, this section shows that the improved scheme is authentication scheme with better resistance to the
impersonation attack, the stolen smart card attack, the
secure against the impersonation attack, privileged
privileged insider attack.
insider attack, the stolen verifier attack and this section
(IJCNS) International Journal of Computer and Network Security, 95
Vol. 2, No. 1, January 2010
References [19] T.H.Chen and W.B.Lee. A new method for using hash
function to solve remote user authentication. Computers
[1] A.J.Menezes, P.C.Oorschot, and S.A.Vanstone. and Electrical Engineering, (34):53-62, 2008.
Handbook of applied cryptography. CRC Press, 1997. [20] T.Hwang, Y.Chen, and C.S.Laih. Non-interactive
[2] A.Shimizu. A dynamic password authentication method password authentication without password tables. IEEE
by one-way function. IEICE Transactions, d-1(7)(J- Region 10 Conference on Computer and Communication
73):1-15. System,Hong Kong, pages 429-31.
[3] C.C.Chang and K.F.Hwang. Some forgery attack on a [21] T.S.Messerges, E.A.Dabbish, and R.H.Sloan.
remote user authentication scheme using smart card. Examining smart-card security under the threat of power
Informatica, (14(3)):289-294, 2003. analysis attacks. IEEE Transaction on Computers,
[4] C. K. Chan and L. M. Cheng. Cryptanalysis of a remote 51(5):541-552, 2002.
user authentication scheme using smart cards. IEEE [22] W.C.Ku, H.M.Chuang, and M.J.Tsaur. Vulnerabilities
Transactions on Consumer Electronics, 46(4):992-93, of wu-chieu improved password authentication scheme
2000. using smart cards. IEICE Transaction Fundamentals,
[5] E.J.Yoon, E.K.Ryu, and K.Y.Yoo. Attacks on the shen et A(11)(E88):3241-43, 2005.
al's timestamp- based password authentication scheme [23] X.M.Wang, Z.Jiashu, and Z.Wenfang. Keyed hash
using smart cards. IEICE Transactions on Fundamental, function based on composite nonlinear autogressive lter.
A(1)(E88):319-21, 2005. Acta Phy Sinica, 54:5566-5573, 2005.
[6] E.J.Yoon, E.K.Ryu, and K.Y.Yoo. An improvement of
hwang-lee-twang; simple remote user authentication.
Computer Security, (24):50-56, 2005.
[7]H.M.Sun.An eficient remote user authentication scheme
using smart cards. IEEE Transaction on Consumer
Electronics, 46(4):958-61, 2000.
[8] H.T.Yeh, H.M.Sun, and B.T.Hsieh. Security of a remote
user authentication scheme using smart cards. IEICE
Transactions on Communication, B(1)(E87):192-94,
2004.
[9] L.Lamport. Password authentication with insecure
communication. Communications of the ACM, (24):770-
72, 1981.
[10] M.Bellare, R.Canethi, and H.Krawzk. Keying hash
function for message authentication. LNCS-1996
Advances in Cryptology-CRYPTO'96, (1109):1-15,
1996.
[11] M.K.Khan, Z.Jiashu, and T.Lei. Chaotic secure
content-based hidden transmission of biometric
templates. Chaos,Solitons and fractals, 32(5):1749-59,
2007.
[12] M.K.Khan, Z.Jiashu, and X.M.Wang. Chaotic hash
based fingerprint biometric remote user authentication
scheme on mobile devices. Chaos,Solitons and fractals,
35(3):519-24, 2006.
[13] M.Sandirigama, A.Shimizu, and M.T.Noda. Simple
and secure password authentication protocol(sas). IEICE
Transaction Communication, B(6)(E83):1363-65, 2000.
[14] M.S.Hwang and L.H.Li. A new remote user
authentication scheme using smart card. IEEE
Transaction Consumer Electronics, 46(1):28-30, 2000.
[15] M.Wang, J.Z.Lu, and X.F.Li. Remote password
authentication scheme based on smart cards. Computer
Application, 25(10):2289-90, 2005.
[16] N.H.Haller. The s/key(tm) one time password
system,proc. Internet Society Symposium on Network
and Distributed System Seurity, pages 151-158, 1994.
[17] P.Kochar, J.Jae, and B.Jun. Differential power analysis.
Advances in Cryptology(CRYPTO'99), pages 388-97,
1999.
[18] T.Elgamal. A public key cryptosystem and a signature
scheme based on discrete logarithm. IEEE Transactiions
on Information theory, 31(4):469-72, 1985.