Department of Computer Engineering,

1
Secure Remote User Authentication Scheme Using
Bilinear Pairings

• Department of Computer Engineering,
• Kyungpook National University
• Author Eun-Jun Yoon, Wan-Soo Lee,
  Kee-Young Yoo
• Speaker Wan-Soo Lee (complete2_at_infosec.knu.
  ac.kr)
• Date 2007.05.10. (Thu)

2
Contents

• Introduction
• Review of Das et al.s scheme
• Cryptanalysis of Das el al.s scheme
• Impersonation attack
• Off-Line password guessing attack
• Proposed scheme
• Conclusion

3
Introduction

• Remote user authentication
• Along with confidentiality and integrity, for
  systems that
• allow remote access over untrustworthy networks,
  like the Internet
• Das et al.s scheme (In 2006)
• proposed a remote user authentication scheme
  using bilinear pairing
• Our refutation
• Insecure against the impersonation attack and
  off-line password guessing attack

4
Introduction

• Bilinear Pairing
• Let G1, G2 be cyclic groups of same order q.
• G1 an additive group, G2 a multiplicative
  group

5
Introduction

• Mathematical Problems

6
Das et al.s Authentication Scheme

• Setup Phase
• G1 an additive cyclic group of order prime q
• G2 a multiplicative cyclic group of the same
  order.
• P a generator of G1
• Bilinear mapping e G1 G1 ? G2
• Hash function H 0, 1 ? G1
• RS selects a secret key s and computes PubRS
  sP.
• RS publishes ltG1, G2, e, q, P, PubRS , H()gt
• and keeps s secret.

7
Das et al.s Authentication Scheme

• Registration Phase

Select IDi, PWi
IDi, PWi
RegIDi ? s H(IDi)H(PWi) Store IDi, RegIDi,
H() in Smart Card
Smart Card
(Secure Channel)
8
Das et al.s Authentication Scheme

• Login and Verification Phase

Input IDi, Pwi Pick up T DIDi ? T RegIDi Vi ?
T H(PWi)
IDi, DIDi, Vi, T
Check (T - T) ?T Check e(DIDi Vi,
P)e(H(IDi), PubRS)T
9
Cryptanalysis of Das el al.s scheme

• Impersonation attack

IDi, DIDi, Vi, T
IDi, DIDi, Vi, T
10
Cryptanalysis of Das el al.s scheme

• Off-line password guessing attack

IDi, DIDi, Vi, T
11
Proposed scheme

• Setup Phase
• G1 an additive cyclic group of order prime q
• G2 a multiplicative cyclic group of the same
  order.
• P a generator of G1
• Bilinear mapping e G1 G1 ? G2
• Hash function H 0, 1 ? G1
• F() a collision resistant one-way hash
  function
• RS selects a secret key s and computes PubRS
  sP.
• RS publishes ltG1, G2, e, q, P, PubRS , H(),
  F()gt
• and keeps s secret.

12
Proposed scheme

• Registration Phase

U ? H(IDi, IDs) Ki ? s U VKi ? F(Ki) RegIDi ?
Ki H(F(PwiN) Store U, VKi, RegIDi,H(), F()
in Smart Card
Select IDi, Pwi, N
IDi, F(PwiN)
compute F(PwiN)
Smart Card
Enter N into Smart Card
(Secure Channel)
13
Proposed scheme

• Login and Session key agreement Phase

Input IDi, PWi
Verify IDi
U ? H(IDi, IDs)
Ki ? RegIDi H(F(PWiN)
IDi, C1
C2, C3
C4
14
Comparison
Security Properties Das el al.s scheme Proposed scheme
Passive attack Secure Secure
Active attack Insecure Secure
Guessing attack Insecure Secure
Stolen smart card attack Insecure Secure
Insider attack Insecure Secure
Secure password change Not provide Provide
Mutual authentication Not provide Provide
Session key distribution Not provide Provide
Perfect forward secrecy Not provide Provide
Wrong password detection Slow Fast
Timestamp Required Not Required
15
Conclusion

• Das el als scheme
• is vulnerable to an impersonation attack and an
• off-line password guessing attack
• Improved authentication scheme based on
• bilinear computational D-H problem
• one-way hash function
• Provides mutual authentication between the
  user and
• remote system.
• Not require time synchronization or delay-time
  limitations
• Future work Must be proved formally

16
Q A

• Thank you