A Novel and Efficient Bilateral Remote User Authentication Scheme Using Smart Cards

P2-4 Abstract --This paper proposes a n ovel remote user authentication scheme using smar t cards which allows both the authentication server (AS) and the u ser to verify each other’s authenticity. Our scheme is effi cient enough to resist the known attacks that could be launched against remote user authentication process. I. INTRODUCTION With the proliferation of di stributed com puting, rem ote user authentication has become an important task in many applications like e-commerce, e-banking etc. As the communications in the authenti cation process are considered to occur over insecure channels, there is the chance of leaking out secret informat ion and thus causing serious harm to t he user. In this paper, we propose a novel and efficient remot e user authentication schem e using smart cards whi ch allows both the AS and the user to verify each other. The rest of the paper is organized as follows: Section II states the related works, Section III me ntions the preliminari es, Section IV presents our scheme, Sect ion V contains a brief analysi s, and Section VI concludes the paper. II. RELATED WORKS [1] proposed a remote user aut hentication schem e based on the ElGamal’s public key cryp tosystem. [2] increased the efficiency of [1] by reducing the com putation and comm unication costs. [3] showed that , [1] is vulnerable t o masquerading att ack. Later, in [4] the authors showed a different type of attack on [1] and proposed a modified and enhanced scheme for m aking it resistant against the known attacks. In 2003, [5] showed that, [2] is vulnerable to offline and online password guessing attacks and [6] is vulnerable to parallel session attack. Most of the works ment ioned above ensure that the AS could verify the authenticity of the user but the user cannot verify the validity of the AS. Hence, our scheme ai ms at achieving bilat eral verification m aintai ning robust securit y of the scheme so that it could be resistant to the known attacks in This work was supported by MIC and ITRC projects. Dr. C.S. Hong is the corresponding author. Al-Sakib Khan Pathan is a graduate student and research assistant at the Department of Com puter Engineering, Ky ung Hee University, South Korea. (e-mail: spathan@networking. khu.ac.kr, phone: +82 31 201-2987) Dr. Choong Seon Hong is a professor at the Department of Computer Engineering, Kyung Hee Univer sity, South Korea. (e-mail: cshong@khu.ac.kr, phone: +82 31 201- 2987) Dr. Tatsuya Suda is a professor at the School of Information and Com puter Science, University of California, Irvine, USA. (e-mail: suda@ics.uci.edu, phone: 949-824-5474) remote user authentication process using smart cards. III. PRELIMINARIES We use LU decomposition [7] for our scheme. LU decomposition is a procedure for decom posing a square matrix A ( N × N ) into a product of a lower triangul ar matrix L and an upper triangular m atrix U, such that, A = LU (1) Where, lower triangular matrix L and upper tri angular matrix U have the forms, ⎩ ⎨ ⎧ < ≥ = j i j i for for l L ij ij 0 ⎩ ⎨ ⎧ > ≤ = j i j i for for u U ij ij 0 So, for a square matrix of 4 × 4, equat ion (1) looks like: = ⎥ ⎥ ⎥ ⎥ ⎦ ⎤ ⎢ ⎢ ⎢ ⎢ ⎣ ⎡ ⋅ ⎥ ⎥ ⎥ ⎥ ⎦ ⎤ ⎢ ⎢ ⎢ ⎢ ⎣ ⎡ 44 34 24 14 33 23 13 22 12 11 44 43 33 42 32 22 41 31 21 11 0 0 0 0 0 0 0 0 0 0 0 0 u u u u u u u u u u l l l l l l l l l l ⎥ ⎥ ⎥ ⎥ ⎦ ⎤ ⎢ ⎢ ⎢ ⎢ ⎣ ⎡ 44 34 24 14 43 33 23 13 42 32 22 12 41 31 21 11 a a a a a a a a a a a a a a a a (2) According to the d efinition, elementary matrix E is an N × N matrix if it can be ob tained from the identity matrix I n by using one and only one elementa ry row operation (e.g., elimi nation, scaling, or interchange) [8], [10] . Elementary row operations are, j i R R ↔ , i i R cR ↔ , i j i R cR R ↔ + . If the elementary m atrices corresponding to the row operati ons that we use are, E 1 , E 2 ….. E k , then, E k ….E 2 E 1 A = U . Hence, A = ( E k ….E 2 E 1 ) -1 U or L = E 1 − k … E 1 2 − E 1 1 − IV. OUR BILATERAL AUTHENTICATION SCHEME A. Pre-processing - Symmetric Matrix C reation At first, a secret symmetric key m atrix A (dimension N N × ) is generated by the AS, where N is the maxim um num ber of users that could be supported. Each element A ij of A is assigned a distinct key from a key pool (generated earlier) such that, A ij = A ji for, i, j = N , 1 . Then, LU-decomposition is applied on the matrix A to get L and U. B. Details of Our Scheme Our scheme has mainly t wo phases – User Registration Phase, Login & Bilateral Authenticatio n Phase. User Registration Phase: We assu me that, this phase occurs over a secure channel. Let F h be a secure one-way hash function [9]. In the registrati on phase, the user U a with identity ID a first submits his identity (ID a ) and arbitrarily chosen password PW a to the AS for registration. In turn the AS does the following steps: 1. Generates two random num bers x and y within the range N (the dimensi on of the matri ces). A Novel And Ef ficient Bilateral Remote User Authentication Scheme Using Smart Cards Al-Sakib Khan Pathan, Student Member, IEEE, Choong Seon Hong, Member, IEEE, and Tatsuya Suda, Member, IEEE 2. It selects the x th row from L matrix L R (x), x th column fr om U matr ix U C (x), and y th column from U matrix U C (y). 3. Computes L R (x) × U C (y)=K xy and θ =F h (ID a ⊕ K xy ) ⊕ PW a 4. Issues a smart card containing (F h , K xy , ν , U C (x), θ ), to the user, where ν = ( y φ ⊕ ) with ϕ is an arbitrary number which is kept secret and owned by t he authentication server. Login & Bilateral Authentication Phase: When the user needs to login, he attaches the sm art card to t he input device and keys in his iden tity ID a and password PW a . The smart card performs the followi ng operations: 1. Generates a random num ber r with the same length of K xy and computes H a = K xy ⊕ F h ( r ), and S a = θ ⊕ PW a ⊕ r . 2. Sends the login request m essage, M = (ID a , H a , ν , U C (x), S a , T), (here, T is the current timestamp) to the AS. After getting M, t he AS performs the operations: 1. Checks the valid ity of ID a . If the format is different than the allowed format, it rejects the request. 2. Tests the time interval (T ′ - T) ≤ Δ T, where T ′ is the timestamp of receiving the m essage M and Δ T is the maximum allowed time interval for transmission delay. If Δ T is greater than its boundary cond ition, the request is rejected. 3. Now AS computes, ( φ ⊕ ν ) which eventually generates the value of y . AS now knows which row is to be selected from the L matrix for this user and selects the y th row L R (y) and computes, L R (y) × U C (x) = K yx 4. Computes t = F h (ID a ⊕ K yx ), and r ′ = t ⊕ S a . 5. Computes, H a ⊕ F h ( r ′ ), which is expected to generate the value of K xy for a legitimate user, as r ′ should be equal to the randomly generat ed number in the user side, r . 6. Now the server checks whether the condition, K xy = K yx holds or not. If it does not hold, t he server detects the user U a as an invalid user otherwise as a valid user. For the invalid users, the server rejects the log in request and for the legitimate users, it proceeds to the next steps. 7. Computes M ′ = F h (K yx X-NOR T ′′ ), where T ′′ is the current timestamp, X-NOR m eans the bitwise Exclusive-NOR (XNOR) operation and sends (M ′ , T ′′ ) to the user U a . Upon receiving this message from the AS, the user U a , 1. Verifies the boundary condition, T ′′′ -T ′′ ≤ Δ T, where T ′′′ is the timestamp of receiving the m essage. 2. Then it computes, F h (K xy X-NOR T ′′ ) and if it equals to the received M ′ , the user verifies the legitimacy of the AS. As a symmetric m atrix is used for LU-decomposition, K xy =K yx and the procedu re works for the legitimate authentication server and user . Thus, we ensure bilateral verification in our schem e. V. SECURITY AND PERFORMANCE ANALYSIS In this section we analyze our schem e in brief. Replay Attacks: Replaying an ol d login request, (ID a , H a , ν , U C (x), S a , T) could not do any harm as, in the second step of the lo gin & auth entication phase in th e AS, this will be rejected. Masquerade Attack: Our scheme is resistant to masquerading attack presented in [3] as, our al gorithm does not derive any passwo rd based on th e identity of the user, rather it is chosen by the u ser and an attacker must have pre- stored other information to masquerade a legitimate user. Eavesdropping: By eavesdropping, an attacker could get little information that co uld be useful. In fact, even if the attacker knows U c (x), without knowing the corresponding row informati on or other informat ion, it could not do any harm. Forging Attack: No attacker could forge a valid login request as it will be detected b y the AS during the authentication process. Other Attacks: Offline and online password guessing attacks and parallel session attacks m entioned in [5] coul d not be performed against our schem e as the bilateral authentication depends on som e pre-stored inform ation. As in each step different message form ats are used, the attacker cannot take advantage of sim ilar previous message t o use it in any later step. No a ttacker can compute the hash outputs as F h is a one-way hash function and it is kept secret. ϕ is used for hiding the required row num ber even from the user and provides effective security for our algorit hm. There is no exponential operation i n our scheme; hence, the computati on is fairly easy. For supporting more users, multiple symm etric matrices could be used. VI. CONCLUSION In this paper, we have proposed a novel rem ote user authentication schem e using smart cards which ensures bilateral authentication so that both the parties participatin g in the process could verify each other’s validity. R EFERENCES [1] Hwang, M.-S. and Li, L.-H., “A New Remote User Authentication Scheme Using Smart Cards”, IEEE Transactions on Consumer Electronics, Vol. 46, No. 1, February, 2000, pp. 28- 30. [2] Sun, H.-M., “An Efficient Remote User Authentication Scheme Using Smart Cards”, IEEE Transactions on Consumer Electronics, Vol. 46 , No. 4, November, 2000, pp. 958-961. [3] Chan, C.-K. and Chen g, L. M., “Cryptanalysis of a Remote User Authentication Sch eme Using Smart Cards”, IEEE Transactions on Consumer El ectronics, Vol. 46, No. 4, Novem ber, 2000, pp. 992- 993. [4] Shen, J.-J., Lin, C.-W., Hwang, M.-S., “A Mo dified Remote User Authentication Sch eme Using Smart Cards”, IEEE Transactions on Consumer El ectronics, Vol. 49, No. 2, Ma y, 2003, pp. 414-416. [5] Hsu, C.-L., “Security of T wo Remo te User Authentication Schem es Using Smart Cards”, IEEE Transactions on Consu mer Electronics, Vol. 49, No. 4, Novem ber, 2003, pp. 1196-1198. [6] Chien, H. Y., Jan, J. K., and Tseng , Y. M., “An Efficient an d Practical Solution to Remote Authentication: Sm art Card”, Computer s and Security, Vol. 21, No. 4, 2002, pp. 372-375. [7] Zarowski, C. J., “An Introduction to Num erical Analy sis for Electrical and Computer Engineers”, Hoboken, NJ John Wiley & Sons, Inc. (US), 2004, pp. 148-151. [8] Nakos, G., and Joyner, D., Linear Algebra with Applications, Brooks/Cole USA, 1998, pp. 188-194. [9] National Institute of Standards and Technology, NI ST FIPS PUB 180, “Secure hash standard”, U.S. Departm ent of Com merce, 1993. [10] Birkhauser, Linear Algebra, Birkhauser Boston, 1997, pp. 33-37.