Hash Based Scheme for Client-Server Authentication using Smart Card Joydip Dhar, Prakash Chand Gupta
Hash Based Scheme for Client-Server Authentication using Smart Card 1
Joydip Dhar, 2 Prakash Chand Gupta ABV- Indian Institute of Information Technology and Management, Gwalior-474015, India 1,
[email protected] *2,
[email protected]
Abstract In the current era of information technology, internet plays an important role. Lots of services are used through the internet. These services are needed to be accessed in a secure and authenticate manner. So, a session key must be established between two parties i.e., server those who provide services and user/client those who use services. In this paper, we present a novel approach to establish key between user and server so that they can exchange services between them. For this purpose we present biometric password based authentication to authenticate user and do user verification at the user side. Also, in the proposed scheme, the server has no need to store verification table to verify user.
Keywords: Biometric authentication, quick user verification, smart card, inside attack, hash based cryptography
1. Introduction In the current era of information technology, internet becomes one of the most popular technologies. Several internet based services have developed which require remote user authentication like online book reading, music listening online, watching movies online etc. For any organization, user's authentication is a most important process which allows user related to that particular organization can use services provided by that organization. For this each user has to authenticate themselves at the central server before using those services provided by them, as shown in Fig.1. In traditional remote user authentication scheme [1,2], a verification table is maintained on the server. In that scheme server verifies the user authenticity by matching the login information with the verification table store information. That scheme shows its usefulness for small organization, but for large organization it becomes less useful since the server has to take a large amount of time for verifying user from its table. To eliminate that problem smart card based remote user's authentication schemes have been developed. Some of the main features of smart card based remote user authentication scheme are as follows: Most part of calculation for user verification is done on the user side, so server requires doing less calculation on its side. Fast verification of user at user's side. Established a session key between user and server. User can freely choose and update its password. Many smart card based remote user authentication scheme has been developed [3-6]. Any of such schemes should withstand security attacks like stealing smart card, smart card forgery, stolen verifier, password guessing, man-in-middle, replay attack, denial of service, inside attack, spoofing, masquerade, etc. Along this scheme should be user friendly and fast. In 2013, Yang et al. propose a digital rights management authentication scheme based on smart card which requires client-server session key establishment mechanism [7]. Their scheme is the extension of Zhang et al. scheme [8]. In their scheme they propose client-server architecture to establish mutual authentication between client and server using smart card. Their scheme can resist stolen smart card attack by using norms number, but it cannot resist attacks like inside attack and perfect forward secrecy problem. Their schemes need to maintain a verification table which makes it insufficient for large organizations.
Journal of Convergence Information Technology(JCIT) Volume9, Number4, July 2014
31
Hash Based Scheme for Client-Server Authentication using Smart Card Joydip Dhar, Prakash Chand Gupta
Figure 1: User Server model In this paper we propose a client-server authentication scheme based on biometric password based verification mechanism using smart card. Propose scheme is not only lightweight and user friendly scheme, but also have security requirements like no verification table, no perfect forward secrecy problem, resistance to forgery attack, resistance from stolen smart attack, resistance to replay attacks, resistance to inside attack, resistance to modification attacks, resist off-line guessing attack, fast error detection and have features like secure and freely choose of password and its modification, session key agreement and biometric template protection. The rest of the paper is organized as follows: Section 2 introduces some preliminaries. Section 3 gives our proposed scheme. Security feature and performance comparison of our proposed scheme with other related scheme respectively are given in Section 4 and Section 5. At last, Section 6 presents overall conclusions.
2. Preliminaries This section outlines few common requirements which are needed to fulfill, for establishing efficient mutual authentication and key agreement between the user and server. These requirements are categorized on the basis of user perceptive, security of the whole scheme, the advantage of using biometric information based verification and the key feature of hash function.
2.1. User requirement The designing of client-server authentication scheme should consider following user requirement. 1) Freedom for choosing password: The user can freely choose their identity name and password. 2) User friendly: User can update his/her password freely any time it wants without interacting with the server.
2.2. Security and efficiency requirement Following are the requirement for scheme to be secure and efficient.
32
Hash Based Scheme for Client-Server Authentication using Smart Card Joydip Dhar, Prakash Chand Gupta
1) Low smart card computation cost: Smart card must have less computation costs. 2) No verification table: Protocol must have no need of maintaining password and verification table. Since even if server get compromised, the attacker cannot get any information about the user. 3) Mutual authentication: Mutual authentication and message communication should be established between particular user-server pair for which it is intended for and except them no other user/server can get the message. 4) Integrity: Message integrity should be maintained which are sent between the user and server. 5) Session key agreement: Common session key must be established between user and server after authentication and also free from forward secrecy problem. 6) Secure from spoofing and other attack: Authentication scheme should be secure from client/server side message spoofing attack and other attacks like denial of service attack, masquerade attack to pose as a legitimate user or server, stolen smart card attack, etc.
2.3. Advantage of using biometric information based verification Following are the key features of biometric [9,10]. 1) Help in verification of login user is an actual user whom it pretends to be. 2) Provide security from known password attack. 3) Biometric information should require only a small storage space to store its value. 4) Good algorithm use to extract information from raw biometric data. 5) By using biometric information with the user's password, it makes strong user's password.
2.4. Feature of hash function A good hash function has following important features [11,12]. 1) The hash function has collision resistant one way feature. 2) The message which being hashed fully determined the hash value. 3) The message which being hashed is distributed uniformly over all possible set of hash values. 4) For similar types of strings, the hash function generates very different hash values.
3. Proposed Scheme In this section, we proposed a novel enhanced biometric password based authentication scheme using smart card. Our proposed scheme consists of two systems i.e. Server (S) which provide services and responsible for maintaining authentication key and User (Ui) which uses the services provided by the server. The whole scheme is divided into four phases as follows: 1) Registration phase 2) Login Phase 3) Authentication and session key agreement phase 4) Update phase The detailed description of various phases is given in following subsection. The notation used are mentioned in Table 1. Table 1: Notations used in our proposed scheme Symbol Ui S UIDi PWi
Meaning ith user Service providing server ith user identity ith user password
33
Hash Based Scheme for Client-Server Authentication using Smart Card Joydip Dhar, Prakash Chand Gupta
BOIi u, d EPUx DPRx Ex, Dx TSs, TSi Ni1, Ni2 ||
h(.)
ith user biometric information Secret values for user and server respectively Asymmetric encryption using x as public key Asymmetric decryption using x as private key Symmetric encryption/decryption using x as key Time stamp of server and Ui system Random number chosen by user and server Bitwise XOR operator Concatenation operator Hash function
3.1. Registration Phase In this phase the user who wants to use the services provided by the server have to register themselves at the server. Whole process explains in following steps and shown in Fig.2. Step 1: The user insert the smart card into a card reader device and give the following chooses information: identity (UIDi), password (PWi), biometric information (BOIi) and a secret value (u). In this user’s fingerprint is used as BIOi, which can be obtained by extracting features from fingerprint and convert this information into strings through standard method [13-15]. Step 2: Do asymmetric encryption of above information using S public key and send this message to server through the open channel. Step 3: After receiving, S do asymmetric decryption of this message using its own private key and verify user. Step 4: Then S chooses its master secret key d and calculate PIDi = h(UIDi || u ) using user’s UIDi and u. Step 5: Using PIDi and d , S calculate Bi = h( PIDi || d ) . Step 6: Then S does symmetric encryption of information Bi using PIDi as encryption key and send back to user. Step 7: After getting message, card reader do symmetric decryption of message received using PIDi as key generated by the user. Step 8: Then U i calculate values PPi = h(UIDi || PWi || BOI i ) and Ai = h(u || PPi ) . Step 9: Using Bi , PIDi and Ai , U i calculate values Ci = h(UIDi || Ai ) , Di = Bi Ci and Ei = u PPi . Step 10: Then U i store Ci , Di , Ei and h(.) inside the smart card. Thus, registration phases complete. User Ui Choose UIDi , PWi BOI i , u
E
{UID ,u}
i S PU
Server S Choose d D PR {UIDi , u} S
PIDi = h(UIDi || u ) E
D PID {Bi }
{B }
i PID i
i
Bi = h( PIDi || d )
PPi = h(UIDi || PWi || BOI i ) Ai = h(u || PPi ) C i = h(UIDi || Ai ) Di = Bi C i E i = u PPi Store Ci , Di , Ei & h(.) inside smart card
Figure 2: Implemented scheme for registration phase
34
Hash Based Scheme for Client-Server Authentication using Smart Card Joydip Dhar, Prakash Chand Gupta
3.2. Login Phase In this phase smart card check login user is legitimate or not before going for authentication phase. Whole process explains in following steps and shown in Fig.3. Step 1: User insert smart card into card reader device and enter its UIDi , PWi and BOIi. Step 2: Using above information U i calculate values PPi* = h( BOI i || PWi || UIDi ) , u = Ei PPi* and Ai* = h(u || PPi* ) .
Step 3: Using UIDi and Ai , device calculates Ci* = h(UIDi || Ai* ) . Step 4: Then device check Ci* = ?Ci . If condition is true, then login user is legitimate. Step 5: Thus U i is verified and device goes for authentication phase. Thus, login phase complete. User Ui Submit Enter UIDi , PWi , BOI
Smart card Store Ci , Di , Ei PPi* = h( BOI i || PWi || UIDi ) u = E i PPi* Ai* = h(u || PPi* ) Ci * = h(UIDi || Ai* ) Check C i* = ?C i
Figure 3: Implemented scheme for login phase
3.3. Authentication and Session Key Agreement Phase This phase begins after successful completion of login phase. Whole process are explains in following steps and shown in Fig.4. Step 1: U i S : {Fi , CIDi , Gi , PIDi , TS i } Smart card generates N i1 , TS i and do the following calculations: Bi = Ci Di Fi = Bi N i1 CIDi = UIDi h( Bi || N i1 || TS i ||'00) Gi = u h( Bi || N i1 || TS i ||'11 )
Then smart card sends Fi , CIDi , Gi , PIDi , TS i to the server. Step 2: S U i : {Ri ,Vi } After receiving message S check TS S TS i < T if condition true, then the message is valid and new else the message is old and its session is expired. Then, S do the following calculations: Bi = h( PIDi || d ) N i1 = Fi Bi UIDi = CIDi h( Bi || N i1 || TS i ||'00) u = Gi h( Bi || N i1 || TS i ||'11 ) PIDi* = h(UIDi || u ) After completing above calculation S check PIDi* = ?PIDi if true, then the user is registered and
valid user and choose a random number N i 2 and do the following calculations:
35
Hash Based Scheme for Client-Server Authentication using Smart Card Joydip Dhar, Prakash Chand Gupta
N = h( N i 2 || TS S ) Ri = N h( N1 || Bi || PIDi || TS i ) Vi = h( N i1 N ) Then S send Ri , Vi to U i and generate session key on its side, as follow: sk = h(( N i N ) || TS i ) Step 3: After receiving message, U i checks the received message is from a valid server by doing server verification in following calculation: N = Ri h( N i || Bi || PIDi || TS i ) Vi* = h( N N i )
Then the user’s smart card check Vi* = ?Vi if true, then the received message is come from legitimate server and message is not fake and generate a session key on its side, as follow: sk = h(( N i N ) || TS i ) Thus, authentication and session key agreement phase is complete. User Ui
Server S
Generate N i1 , TS i
Bi = C i Di Fi = Bi N i1 CIDi = UIDi h( Bi || N i1 || TS i ||'00) Gi = u h( Bi || N i1 || TS i ||'11 ) {F ,CID ,G , PID ,TS }
i i i i i
Check TS S TS i > T Bi = h( PIDi || d ) N i1 = Fi Bi UIDi = CIDi h( Bi || N i1 || TS i ||'00' ) u = Gi h( Bi || N i1 || TS i ||'11' ) PIDi* = h(UIDi || u ) PIDi* = ?PIDi Choose N S N = h( N S || TS S ) Ri = N h( N1 || Bi || PIDi || TSi ) Vi = h( N i N )
N = Ri h( N i || Bi || PIDi || TS i )
R ,V
ii
Vi* = h( N N i ) Vi* = ?Vi sk = h (( N N )||TS )
i i
Figure 4: Implemented scheme for mutual authentication and key establishment phase
36
Hash Based Scheme for Client-Server Authentication using Smart Card Joydip Dhar, Prakash Chand Gupta
3.4. Update Phase In this phase, users can freely update its password any time without interacting with S. Whole process explains in following steps and shown in Fig.5. Step 1: The user insert smart card into the card reader device and enter UIDi , PWi , BOI i . Biometric old
information is extracted in the same manner as during the registration phase. Step 2: Then the device calculate values PPi* = h( BOI i || PWi || UIDi ), u = E i PPi* and old
Ai* = h(u || PPi* ) .
Step 3: Using UIDi and Ai , device calculates Ci* = h(UIDi || Ai* ) . Step 4: Then smart card device check Ci* = ?Ci . If condition is true, then the user is legitimate else not and abort the process. Step 5: After successful user’s verification, U i choose PWi and submit it to smart card. new
Step 6: Ai
new
Using
= h(u || PPi
new
PWi
, the device calculate values
new
) and Ci
new
Step 7: Using values Ci
new
Ei
new
= u PPi
new
= h(UIDi || Ai
new
, PPi
new
PPi
new
= h( BOI i || PWi
new
|| UIDi ),
).
and Bi = Ci Di , device calculate Di
new
= Ci
new
Bi and
.
Step 8: Then smart card update Ci , Ei , Di with its new values. Thus, update phase is complete.
User Ui
Smart card Store Ci , Di , Ei
Enter UIDi , PWi
old
Submit
, BOI i
PPi* = h( BOI i || PWi
|| UIDi )
old
u = Ei
PPi*
Ai* = h(u || PPi* ) C i* = h(UIDi || Ai* ) Request PW
inew C i* = ?C i
Enter PWi
new
Submit
Bi = Ci Di PPi
new
Ai
new
= h( BOI i || PWi
new
= h(u || PPi
new
Ei
= u PPi
Ci
= h(UIDi || Ai
new
new
Di
new
)
new
= Ci
new
|| UIDi )
)
Bi
Update Ci , Ei , Di with new values
Figure 5: Implemented scheme for password update phase
37
Hash Based Scheme for Client-Server Authentication using Smart Card Joydip Dhar, Prakash Chand Gupta
4. Security Analysis In this section, we analyze the security of the proposed scheme. The security functionality analysis are done as follows: 1) Resistance to known password attack: If our smart card is being stolen and UIDi and PWi are known to attacker even then they cannot get BOI i since it only posses by legitimate users. So, attacker cannot pretend itself as legitimate users. 2) Resistance to insider attack: If server gets compromise, even then attackers cannot get user’s password. So, attackers cannot launch inside attack. 3) Smart card stolen and forgery attack: Attacker can make the clone of smart card or stole the smart card, even so attacker need to know user’s UIDi , PWi , BOI i to make fake message send to S. 4) Perfect forward secrecy: If attackers get server’s secret value d, even then attackers can’t generate fake message for U i because they need to know user secret value u. 5) Resistance to replay attack and denial-of-service attack: Session key and authentication phases uses system time stamp, so our proposed protocol can resist stolen denial-of-service attack. 6) Resistance to message spoofing attack: We use secret values N i1 and N i 2 which are not sent over open channel directly. So, even after spoofing of message sends for communication between U i and S , attackers can get communicated message, but cannot get secret values. Thus, attacker cannot launch attack based on user or server side communication message spoofing. 7) Resistance to masquerade attack: By observing communication channel, even if attackers get communicating message, but from this attackers cannot generate a session key or pretend itself as legitimate user or server. 8) Resistance to off-line password guessing attacks: Password use in login phase is the form of BOI i PWi . So even if PWi is guessed by attacker he cannot guess BOIi since it only posses by legitimate user only. 9) Quick user verification: Smart card does the user verification for its legitimacy on the user’s side, so we can quickly verify user without doing its verification at server. This saves a lot of network communication cost and server computation cost. 10) Biometric template protection: Since biometric information is not stored anywhere rather its store in the form of some secret value. 11) Mutual authentication: We can successfully provide mutual authentication in our proposed protocol. We achieved so by PIDi = PIDi* and Vi = Vi* . This provides mutual authentication between Ui and S. 12) Session key agreement: We establish a session key between Ui and S by using Ni1, Ni2 and TSi. 13) No Verification Table Need: In our proposed scheme server have no need to store user information in any table. Table 2 shows the comparison of our proposed scheme with other related scheme on the basis of security to resist various attacks which are discussed above.
Table 2: Security functionality comparisons of our scheme with other related schemes
Resistance to known password attack Resistance to insider attack Resistance to smart card stolen and forgery attack Perfect forward secrecy problem
Yang et al. [7] No No Yes Yes
Propose Protocol Yes Yes Yes No
38
Hash Based Scheme for Client-Server Authentication using Smart Card Joydip Dhar, Prakash Chand Gupta
Resistance to replay attack Resistance to denial-of-service attack Resistance to eavesdropping attack Resistance to masquerade attack Resistance to off-line password guessing attacks Quick user verification Mutual authentication Need of verification table
No No Yes Yes No No Yes Yes
Yes Yes Yes Yes Yes Yes Yes No
5. Performance analysis To evaluate performance of our scheme, we have done its comparison with Yang et al. [10] scheme. Table 3 shows the performance comparison. Five parameters of complexity are adopted in this analysis which are defined as follow: Th : Time complexity to manipulate hash function. Tc : Time complexity to perform asymmetric cryptography encryption/decryption. Te : Time complexity to manipulate symmetric cryptography encryption/decryption. Tx : Time complexity to manipulate an XOR operation. T f : Time complexity to manipulate a concatenation of strings. Table 3: Performance Comparison
Registration Phase
User Server
Yang et al. Scheme [7]
Proposed Scheme
2Tc 2Th 1Tx 1Tc 2Th 2Tx
1Tc 1Te 4T f 3Th 2Tx 1Tc 1Te 2T f 2Th
Authentication
User
9Tc 8Te 15T f 9Th 6Tx
14T f 8Th 9T x
Phase
Server
10Tc 5Te 10T f 6Th 6Tx
13T f 8Th 6Tx
In our proposed scheme during the registration phase for sending message through the open channel from user Ui to server S, we use asymmetric encryption/decryption technique and to send messages from S to Ui , we use symmetric encryption/decryption technique, so Tc and Te value is two. In the rest of the scheme we send message from one system to another in plain text form. Also, there is a slight increase in number of hash, concatenation and XOR operation, but we also gain more security and eliminate the use of verification table.
6. Conclusion We propose a scheme based on biometric password based verification using a smart card to establish mutual authentication and key agreement between the user and server. By establishing common key server can securely provide services to the user without being attacked by attackers. Also, in comparison to Yang et al. [7] scheme we eliminate the use of verification table and protect our scheme from attacks like inside attack, spoofing attack, off-line guessing attack, smart card stolen and forgery attack and known password attack. Our scheme is more user friendly in comparison to other related scheme and user can easily update its password. In this scheme we also implement the fast error detection technique. We also had done the comparison of our scheme with other related scheme on the basis of security functionality and performance.
7. Acknowledgment This work is supported in part by the ABV-Indian Institute of Information Technology and Management, Gwalior, India.
39
Hash Based Scheme for Client-Server Authentication using Smart Card Joydip Dhar, Prakash Chand Gupta
8. References [1] T. Hwang, Y. Chen, and C. S. Laih, “Non-interactive password authentications without password tables,” in Computer and Communication Systems, 1990. IEEE TENCON’90., 1990 IEEE Region 10 Conference on, pp. 429-431, Sep. 1990. [2] C.C. Chang, and I.C. Lin, “Remarks on fingerprint based remote user authentication scheme using smart cards,” ACM SIGOPS Operating Systems Review, vol. 38, no. 4, pp. 91-96, 2004. [3] B.L. Chen, W.C. Kuo, and L.C. Wuu, “Robust smart card based remote user password authentication scheme,” International Journal of Communication Systems, vol. 27, no. 2, pp. 377389, 2014. [4] L. Dadda, M. Macchetti, and J. Owen, “The design of a high speed asic unit for the hash function SHA-256 (384, 512),” Proceeding in Design, Automation and Test in Europe Conference and Exhibition 2004, vol.3, pp.70-75, Feb. 2004. [5] C.L. Hsu and T.W. Lin, “Password authenticated key exchange protocol for multi-server mobile networks based on chebyshev chaotic map,” in Pervasive Computing and Communications Workshops (PERCOM Workshops), 2013 IEEE International Conference on, pp. 90-95, Mar. 2013. [6] Tan, Zuowen, "An Improvement on a Three-Party Authentication Key Exchange Protocol using Elliptic Curve Cryptography,” Journal of Convergence Information Technology, vol. 5, no. 4, pp. 120-129, 2010. [7] H.W. Yang, C.C. Yang and W. Lin, “Enhanced digital rights management authentication scheme based on smart card,” IET Information Security, vol. 7, no. 3, pp. 189-194, 2013. [8] Y.C. Zhang, L. Yang, P. Xu and Y.S. Zhan, “A drm authentication scheme based on smart card,” Computational Intelligence and Security, 2009. CIS '09. International Conference on, vol. 2, pp. 202-207, Dec. 2009. [9] Liang, X., “Design of a Wireless Fingerprint Authentication Service Platform Using the SOPC Technology,” Journal of Convergence Information Technology, vol. 7, no. 8, 2012. [10] X. Li, J. Niu, M.K. Khan and J. Liao, “An enhanced smart card based remote user password authentication scheme,” Journal of Network and Computer Applications, vol. 36, no. 5, pp. 13651371, 2013. [11] Q. Yu, C.N. Zhang and X. Huang, “An RC4-based hash function for ultra-low power devices”, in Computer Engineering and Technology (ICCET), 2010 2nd International Conference on, vol. 1, pp. 323-328, Apr. 2010. [12] Qu, Z. and P. Liu, “A digital signature algorithm in information and network security based on discrete algorithm and hash functions,” Journal of Convergence Information Technology, vol. 7, no. 20, pp. 557-564, 2012. [13] Ku, W.C. Chang, S.T. Chiang and M.H., “Further cryptanalysis of fingerprint-based remote user authentication scheme using smartcards,” Electronics Letters, vol. 41, no. 5, pp. 240-241, 2005. [14] Ju, S.H. Seo, H.S. Han, S.H. Ryou and J.C. Kwak, “A Study on User Authentication Methodology Using Numeric Password and Fingerprint Biometric Information,” BioMed Research International, vol. 2013, pp. 1-7, 2013. [15] Go, W. Lee and K. Kwak, "Construction of a secure two-factor user authentication system using fingerprint information and password,” Journal of Intelligent Manufacturing, vol. 25, no. 2, pp. 217-230, 2014.
40
