Security Enhanced Anonymous User Authenticated Key Agreement Scheme Using Smart Card

1.Introduction

With the rapid development of the Internet service and electronic commerce technology, many people rely on computer networks to exchange information, access resource,and process data in wireless networks now. Such public wireless networks may be intruded by malicious attackers and other unauthorized users. To ensure the secure environment, the password-based user authentication technique is one of the most widely adopted mechanisms to deal with the secret data over the public channels.

Since Lamport[1] first proposed a user authentication protocol in 1981, numerous user authentication schemes have been proposed[2]-[9] afterwards. In 2009, Xu et al.[2] proposed a smart-card-based password authentication scheme. They claimed that the scheme can resist various types of attacks even if the information stored in the smart card is revealed.However, in 2010, Song[3] proved that Xu et al.’s scheme[2]cannot be secure against an impersonation attack, and then Song[3] proposed an improved scheme. In the same year, Sood et al.[4] also found that Xu et al.’s scheme[2] cannot resist the off-line guessing attack and forgery attack, and then presented an enhanced scheme. Unfortunately, in 2013, Chen et al.[5]demonstrated that Song’s scheme[3] is vulnerable to stolen smart card attack. Chen et al.[5] also proved that Sood et al.’s scheme[4] does not provide mutual authentication, which means that a legitimate user has no way to verify the validity of the server. Then Chen et al.[5] proposed a robust smart-card-based remote user password authentication scheme. However, in 2013, Li et al.[6] pointed out that Chen et al.’s scheme[5] cannot ensure the perfect forward secrecy and detect the wrong password in login phase. Besides that, the password change of Chen et al.’s scheme[5] is inefficient since the user has to communicate with the server to update his/her password. Then Li et al.[6] proposed an enhanced user authentication scheme.

Recently, Liu et al.[7] pointed out that Li et al.’s scheme[6] is insecure against the man-in-the-middle attack and insider attack. To address the weaknesses in the Li et al.’s scheme[6],Liu et al. proposed an improved smart card based password authentication scheme[7]. However, after careful analysis, we find that Liu et al.’s scheme is vulnerable to off-line password guessing attack and user impersonation attack as well as it fails to preserve user anonymity in login phase. In order to eliminate all the above problems existed in Liu et al.’s scheme, a security enhanced anonymous user authenticated key agreement scheme is proposed.

总之，时事新闻评论环节是增强“概论”课针对性、实效性、时代感的重要方法和有效途径，在教学过程中恰当运用时事新闻评论，有助于学生表达能力的培养、逻辑思维的训练、人文素质的积淀，收到教学相长的效果。

The remainder of the paper is organized as follows: Section 2 describes a review of Liu et al.’s scheme. Section 3 points out the weaknesses of Liu et al.’s scheme. The proposed scheme and security analysis of the proposed scheme are presented in Sections 4 and 5, respectively. Lastly, Section 6 concludes this paper.

2.Review of Liu et al.’s Scheme

This section describes Liu et al.’s authentication scheme[7]which involves four phases: Registration, login, authentication,and password change. For convenience, the notations used throughout this paper are summarized in Table 1.

2.1　Registration Phase

Step 1. The user Ui selects his/her IDi and PWi, and generates random number r. Then Ui computes and sends a registration request to the server S through a secure channel.

Table 1: Notations

Notations　Description Ui, S　The user and server IDi, PWi　The identity and password of the user x, y　The secret key of the server Ti, Ti′　Time-stamp of the user Ts, Ts′　Time-stamp of the server r, α　The random numbers created by user△T　The maximum of transmission delay time h(·)　One-way hash functionXOR operation||　Concatenate operation sk　Session key shared between Ui and S β The random number created by server

Step 2. The server S computes ,, and. The server S stores into a smart card and issues this smart card to the user Ui through a secure channel.

Step 3. Finally, the user Ui sends login request message to the server S.

2.2　Login Phase

Step 1. The user Ui inserts his/her smart card into a card reader and inputs IDi and PWi. The smart card computes and , then compares Ci′ with the stored value Ci. If this condition is hold,the smart card acknowledges the legitimacy of Ui, and proceeds with the next steps. Otherwise, it terminates this phase.

干预结束时，麻醉解剖，主动脉采血，取肾脏组织。空腹血糖(GLU)、血肌酐(SCr)、血尿素氮(BUN)等指标在全自动生化分析仪 (Hitachi Boehringer Mannheim, 德国)上测定。空腹血清胰岛素(FINS)ELISA试剂盒购自美国Crystal Chem公司。血清游离脂肪酸(FFA)采用的非酯化脂肪酸C检验法试剂盒购自日本Wako Pure Chemical公司。大鼠白细胞介素-1(IL-1)ELISA试剂盒购自北京百奥莱博科技有限公司。大鼠白细胞介素-6(IL-6)、肿瘤坏死因子-α(TNF-α)采用的ELISA试剂盒购自上海广锐生物科技有限公司。

Step 2. The smart card generates a random number α,computes and.

Step 3. The user Ui stores the random number r into the card. Finally, the smart card contains.

2.3　Authentication Phase

Step 1. The attacker obtains the user’s identity IDi by executing the steps discussed in subsection 3.1 and also obtains the user’s password PWi by executing the steps discussed in subsection 3.2.

Step 2. The server S generates a random number β,computes and . Then the server S sends the authentication message to Ui.

该水源方案存在的主要缺点是：（1）受地形、地质、降雨、气候等因素的影响，部分山泉水随季节变化明显，开发利用时必须进行设计保证率条件下的供、需水平衡计算，科学确定可开采量，保证工程的持续利用。（2）山泉水多出漏于具有良好隔水性的山涧，铺设输水管线石方开挖量大，且管线较长。（3）由于水量有限，不利于乡村企业、家庭作坊、田园经济的发展。

Step 3. The user Ui checks the validity of timestampand computes 　, then compares F′ with the received valuei Fi. If this condition is hold, the Ui acknowledges the legitimacy of the S, and proceeds with the next step. Otherwise, it terminates this phase.

Step 4. Finally, the user Ui computes a session key and the server S also computes the same shared session key

2.4　Password Change Phase

Step 1. The Ui inserts his/her smart card into a card reader and inputs IDi and password PWi.

Step 2. The smart card computes, then compares with the stored value Ci. If it is hold, Ui selects a new password Otherwise, this phase is terminated.

Step 3. The smart card computes and. Finally, the smart card replaces (Bi, Ci) with (, ), respectively.

3.Security Weaknesses of Liu et al.’s Scheme

In this section, the weaknesses of Liu et al.’s scheme[7] are demonstrated. We find that Liu et al.’s scheme cannot resist the off-line password guessing attack and user impersonation attack as well as it fails to preserve user anonymity. The details of these weaknesses are described as follows.

3.1　Failure to Preserve User Anonymity

User anonymity is a highly desirable property for user authentication scheme, as the leakage of user’s identity may allow an unauthorized entity to track the user’s login record and behavior pattern. However, in Liu et al.’s scheme,user’s identity IDi is in plaintext form in the login request. Using an eavesdropping attack, the attacker can maliciously monitor the public channels[8]-[10], and also identify some of the valuable information in messages transmitted over these public channels[11]-[17]. In this manner, an attacker can eavesdrop on login messages to collect the plaintext identities without difficulty. For this reason, user anonymity cannot be preserved in Liu et al.’s scheme[7].

3.2　Off-Line Password Guessing Attack

In Liu et al.’s scheme[7], the attacker can obtain the information in the smart card after physically monitoring power consumption[10], and intercept login request message. Then the off-line password guessing attack can be done by performing the following steps:

Step 4. Finally, the server S successfully verifies the forged login request message because the computed value Di′ correctly equals the received value With these correct verifications, the server S accepts the forged login request and allows the attacker to login.

综上所述，本研究采用长期Markov模型进行药物经济学评价的结果表明，在我国应用阿司匹林进行CVD一级预防具有10年期药物经济学优势。

Step 2. The attacker obtains the exact user’s identity IDi by executing the steps discussed in subsection 3.1.

Step 3. The attacker selects a password candidate

Step 4. By using the obtained user’s identity IDi, the attacker computes

Step 5. The attacker repeats above steps from step 3 to step 4 until the computed result Ci* equals the stored Ci.

If they are equal, PWi* = PWi, this means that the attacker has successfully obtained the user’s password PWi by offline password guessing attack.

教师应提前根据学生的背景知识、所学理论课程和专业最新发展前沿遴选并撰写3个合适的教学案例，课前将案例发给学生，让学生投票选出作为教学的案例，同时提出预习要求。授课时，教师将案例展示给学生，分析讨论案例，最终将所学理论知识进行融会贯通。此外，教师还应设置与案例所涉及理论知识的重点和难点相关的思考问题，引导学生在案例分析讨论中综合运用理论知识，培养学生实践能力的同时巩固专业知识[21-22]。

3.3　User Impersonation Attack

In this subsection, we demonstrate that an attacker can successfully login to the server S by using the stolen smart card of a user Ui. The steps are as follows:

Step 1. The server S checks the validity of timestamp　and computes 　, then compares Di′ with the received value Di. If this condition is hold, the procedure goes to the next steps. Otherwise, this phase is terminated.

宋代的中央集权，大体上在“专务以矫失为得”的原则上建立起来的。政权之主要注意力集中于如何防范文武重臣的篡夺之祸；如何防止人事、财政、军政等大权旁落；如何禁制百官间凭藉种种因缘相互朋比，以致构成为专制政权的离心力量；……任人格局中“且要异论相搅，即各不敢为非”的良苦用心，诸般设施中所贯彻的文武相制、内外相维、上下相轧原则，都分明体现出“事为之防，曲为之制”的精神。［3］520

Step 2. The attacker generates a random number R, and computesThen The attacker sends the forged message to the server S for login request.

Step 3. Upon receiving the forged login request message from the attacker, the server S first checks the validity of timestamp . After that, S computesthen compares Di′ with the received value

“属下以为开弓没有回头剑。”大幻剑不但打破沉默，而且单膝点右拳贴左胸庄严地道：“三少剑指之处，属下义无反顾。”

Step 1. The attacker extracts the stored parameters from the stolen smart card by using the power consumption attack[10].

Through the aforementioned steps, we can see that the attacker can successfully impersonate the legal Ui.

4.Proposed Scheme

In this section, we propose a security enhanced authentication and key agreement scheme to overcome the security weaknesses in Liu et al.’s scheme[7]. The proposed scheme also consists of four phases: Registration, login,authentication, and password change. The notations in the scheme are summarized in Table 1. Fig. 1 provides an illustration of login and authentication phases of the proposed scheme.

4.1　Registration Phase

Step 1. The user Ui selects his/her IDi and PWi and generates the random number r. Then Ui computes h(r||PWi)and sends a registration request to the server S through a secure channel.

其次，我国经济长期处于快速发展的阶段，尤其是对于当下的高职生而言，他们成长的环境，实际上就是改革开放以来，国家经济快速发展建设的过程，因此在价值观的趋向上，会更加主观，存在主观判断性，在英美文学教学活动时，这种主观判断性会严重影响到学生生的价值取向，甚至可能导致学生形成利益至上的思想观念[3]。

Step 2. The server S computes 　, The server S stores {Bi, Ci, h(·)} into a smart card and issues this smart card to the user Ui through a secure channel.

Step 3. The user Ui stores the random number r into the card. Finally, the smart card contains {Bi, Ci, h(·), r}.

4.2　Login Phase

Step 1. The user Ui inserts his/her smart card into a card reader and inputs IDi and PWi. The smart card computes then compares Ci′ with the stored value Ci. If this condition is hold,the smart card acknowledges the legitimacy of the Ui, and proceeds with the next steps. Otherwise, it terminates this phase.

The supplier will cut the profile to actual length according to SAP order list and send to our factory. We don′t need to cut again, just directly install them to the truss by the assembly number. This avoid the waste of material, and also eliminate the labor of measure, cut, transfer.

以家庭为单位的承包经营制度是农村的基本经营制度，具有双层经营体制特征。这种经营制度的确立，为农村经济的发展提供了极大的内在动力，以家庭为单位的经营机制取得了长足的发展。农村经济产权制度改革的重要性主要体现在以下几个方面。

Step 3. Finally, the user Ui sends the login request message{Di, Ei, Fi, Ti} to the server S.

4.3　Authentication Phase

Step 1. The server S checks the validity of timestamp and computes, then compares Fi′ with the received value Fi. If this condition is hold, the procedure goes to the next steps. Otherwise, this phase is terminated.

品牌理念设计是确定品牌的目的、意图、存在的意义、肩负的责任，制定品牌目标，设计品牌口号，并将品牌文化融入到品牌价值观和品牌精神中。制定品牌理念就是要清晰品牌的存在价值和使命，明确要做什么、如何做，在品牌价值观的指导下，发挥品牌精神，实现品牌目标。

Step 2. The server S generates a random number β, and computes. Then the server S sends the authentication message {Gi, Hi, Ts} to Ui.

学校应当充分认识到家长委员会所具备的功能，以及其对打造家校共育模式的积极作用。具体而言，学校应当打造家长委员会线上沟通群，以便借助沟通群向家长委员会发布最新的教育精神，还可以借助沟通群组织家长委员会成员进行线上研讨交流，共同探索打造家校共育模式的最佳途径。同时，各班班主任应当有意识地让家长委员会发挥家庭教育指导中的效用，并组织其通过线上沟通群或是线下交流的方式开展经验交流，以此来达到帮助家长共同成长的目的。

Step 2. The smart card generates a random number α and computes,, and.

Step 3. The user Ui checks the validity of timestamp and computes 　 and, then compares Gi′ with the received value Gi. If this condition is hold, Ui acknowledges the legitimacy of the S, and proceeds with the next step. Otherwise, it terminates this phase.

Step 4. Finally, the user computes a session key and the server S also computes the same shared session key

4.4　Password Change Phase

Step 1. The user Ui inserts his/her smart card into a card reader, inputs IDi and password PWi.

Fig. 1. Login and authentication phase of the proposed scheme.

Step 2.　 The smart card computes then compares with the stored Ci. If it is hold, Ui selects a new password. Otherwise, this phase is terminated.

Step 3.　 The smart card computes andFinally, the smart card replaces (Bi, Ci) with, ).

5.Security Analysis of Proposed Scheme

In this section, we will analyze the proposed scheme in terms of security. Table 2 shows the security comparisons of the proposed scheme and other related schemes[5]-[7]. The detail descriptions are as follows.

Table 2: Security comparisons of the proposed scheme and other related schemes

Features　Chen et al.[5]Li et al.[6]Liu et al.[7]Proposed scheme User anonymity　No　No　No　Yes Mutual authentication　Yes　Yes　Yes　Yes Off-line password guessing attack　No　No　No　Yes Insider attack　No　No　Yes　Yes User impersonation attack　No　No　No　Yes Replay attack　Yes　Yes　Yes　Yes

5.1　Preserve User Anonymity

Suppose that the attacker has intercepted the user Ui’s login request {Di, Ei, Fi, Ti}. However, it is not feasible to derive IDi from the login request because the login request includes Di instead of IDi. Therefore, the use of Di will ensure any information related to the user identity could not be acquired by the attacker.

5.2　Provide Mutual Authentication

In the scheme, the server S can authenticate the user by checking whether the login request {Di, Ei, Fi, Ti} is correct.Also, the user Ui can authenticate the server S by checking whether the authentication message {Fi, Gi, Ts} is correct.

5.3　Resistance to Off-Line Password Guessing Attack

To successfully carry out a password guessing attack in the proposed scheme, the attacker has to know the user’s IDi. However, it is impossible for the attacker to obtain the user’s identity IDi in the proposed scheme. Thus, the proposed scheme is secure against the off-line password guessing attack.

5.4　Resistance to Insider Attack

In the proposed scheme, the user Ui sends the password information to the server S in the form of h (r||PWi) instead of the form PWi. Accordingly, the inside attacker is unable to acquire the user’s password PWi.

根据不同的业务场景，建议将重大事件保障、远程控制优先、本地控制优先定义为三种不同的业务配置。对于重大事件保障类，由于时延要求低，需要使用上行保活的方式工作，如电气参数上报（心跳）周期可调节到90秒；对于远程控制优先类，电气参数上报（心跳）周期可调节为30分钟；对于本地控制优先类，电气参数上报（心跳）周期可调节为1小时一次。

5.5　Resistance to User Impersonation Attack

If an attacker tries to impersonate a legal user Ui in order to cheat the server S, the attacker needs to modify {Di, Ei, Fi, Ti}to start a new session. In order to change these values, the attacker has to guess the secret key x. However, the probability of successfully guessing x is negligible.

5.6　Resistance to Replay Attack

An attacker can intercept data packets and try to resend it to server in order to launch the replay attack. However, the login request message of the proposed scheme includes a current timestamp, i.e., Ti of {Di, Ei, Fi, Ti}. Hence, the proposed scheme can withstand against the replay attack.

6.Conclusions

We have proposed an enhanced user authentication scheme in order to remedy the security weaknesses of Liu et al.’s scheme[7]. The proposed scheme achieves the mutual authentication and the user anonymity. In addition, the proposed scheme can withstand the password guessing attack, user impersonation attack, and insider attack even if the attacker obtains the user’s smart card. The security of the proposed scheme has been analyzed and the result shows that the scheme is more secure than other related schemes.

References

[1]L. Lamport, “Password authentication with insecure communication,” Communications of the ACM, vol. 24, no.11, pp. 770-772, 1981.

[2]J. Xu, W.-T. Zhu, and D.-G. Feng, “An improved smart card based password authentication scheme with provable security,” Computer Standards and Interfaces, vol. 31, no. 4,pp. 723-728, 2009.

[3]R. Song, “Advanced smart card based password authentication protocol,” Computer　 Standards　 and Interfaces, vol. 32, no. 5-6, pp. 321-325, 2010.

[4]S. K. Sood, A. K. Sarje, and K. Singh, “An improvement of Xu et al.’s authentication scheme using smart cards,” in Proc. of the 3rd Annual ACM Bangalore Conf., India, 2010,pp. 22-23.

[5]B.-L. Chen, W.-C. Kuo, and L.-C. Wu, “Robust smart-cardbased remote user password authentication scheme,” Intl.Journal of Communication Systems, vol. 27, no. 2, pp. 377-389, 2012.

[6]X. Li, J. Niu, M. K. Khan, and J. Liao, “An enhanced smart card based remote user password authentication scheme,”Journal of Network and Computer Applications, vol. 36, no.5, pp. 1365-1371, 2013.

[7]Y.-J. Liu, C.-C. Chang, and S.-C. Chang, “An efficient and secure smart card based password authentication scheme,”Intl. Journal of Network Security, vol. 19, no. 1, pp. 1-10, 2016.

[8]D. Kang, J. Jung, J. Mun, D. Lee, Y. Choi, and D. Won,“Efficient and robust user authentication scheme that achieve user anonymity with a Markov chain,” Security and Communication Networks, vol. 9, no. 11, pp. 1462-1476,2016.

[9]Y. Choi, D. Lee, J. Kim, J. Jung, J. Nam, and D. Won,“Security enhanced user authentication protocol for wireless sensor networks using elliptic curves cryptography,” Sensors,vol. 14, no. 6, pp. 10081-10106, 2014.

[10]P. Kocher, J. Jaffe, and B. Jun, “Differential power analysis,”in Proc. of Annual Intl. Cryptology Conf., 1999, pp. 388-397.

[11]J. Kim, D. Lee, W. Jeon, Y. Lee, and D. Won, “Security analysis and improvements of two-factor mutual authentication with key agreement in wireless sensor networks,” Sensors, vol. 14, no. 4, pp. 6443-6462, 2014.

[12]J. Moon, Y. Choi, J. Kim, and D. Won, “An improvement of robust and efficient biometrics based password authentication scheme for telecare medicine information systems using extended chaotic maps,” Journal of Medical Systems, vol. 40, no. 3, pp. 1-11, 2016.

[13]Y. Chung, S. Choi, Y. Lee, N. Park, and D. Won, “An enhanced lightweight anonymous authentication scheme for a scalable localization roaming service inwireless sensor networks,” Sensors, vol. 16, no. 10, pp. 1653: 1-21, 2016.

[14]J. Moon, Y. Choi, J. Jung, and D. Won, “An improvement of robust biometrics-based authentication and key agreement scheme for multi-server environments using smart cards,”Plos One, vol. 10, no. 12, pp. e0145263: 1-15, 2015.

[15]F. B. Degefa, D. Lee, J. Kim, Y. Choi, and D. Won,“Performance and security enhanced authentication and key agreement protocol for SAE/LTE network,” Computer Networks, vol. 94, no. 15, pp. 145-163, 2016.

[16]J. Nam, K. K. R. Choo, S. Han, M. Kim, J. Paik, and D.Won, “Efficient and anonymous two-factor user authentication in wireless sensor networks: Achieving user anonymity with lightweight sensor computation,” Plos One,vol. 10, no. 4, pp. 0116709: 1-21, 2015.

[17]Y. Choi, Y. Lee, and D. Won, “Security improvement on biometric based authentication scheme for wireless sensor networks using fuzzy extraction,” Intl. Journal of Distributed Sensor Networks,, vol. 2016, no. 2, pp. 1-16, 2016.