资源描述:
《电子商务与数位生活研讨会--★【汉魅】.ppt》由会员上传分享,免费在线阅读,更多相关内容在应用文档-天天文库。
1、FurtherSecurityEnhancementforOptimalStrong-PasswordAuthenticationProtocolTzung-HerChen,GwoboaHorng,Wei-BinLee,Kuang-LongLin3/27/2004電子商務與數位生活研討會1OutlineIntroductionReviewofKu-ChenschemeTheproblemofKu-ChenschemeTheproposedschemeSecurityAnalysisConclusions電子商務與數位生活研討會2IntroductionIn2000,Sandirigam
2、aetal.proposedSASschemeloweredstorage,processing,andtransmissionoverheads.In2001,Lin,Sun,andHwangproposedanenhancedpasswordauthenticationscheme,calledtheOSPA.電子商務與數位生活研討會3IntroductionIn2002,OSPAprotocolhasbeenshownvulnerabletothestolen-verifierattackandtheimpersonationattack.In2003,KuandChenprop
3、osedanewimprovedversionfortheOSPAprotocolInthispaper,animprovedschemewithmutualauthenticationisproposed.電子商務與數位生活研討會4ReviewofKu-ChenschemeNotation:h(.):collision-resistanthashfunctionT:logintimesk:long-termsecretkey:exclusive-oroperation電子商務與數位生活研討會5ReviewofKu-ChenschemeRegistrationphaseAuthent
4、icationphase電子商務與數位生活研討會6ID,h2(PW1)ChooseshisidentityIDandpasswordPWandcomputesh2(PW1)Calculatesverifierv1=h2(PW1)h(IDk)Store{ID,v1,T=1}intotheverificationtable電子商務與數位生活研討會7ID,servicerequestT=ic1=h(PWi)h2(PWi)c2=h2(PW(i+1))h(PWi)c3=h(h3(PW(i+1))T)FindifromverificationtablebytheID電子商
5、務與數位生活研討會8Checkc1,c2c1,c2,c3Geth2(PWi)byvih(IDk)y1=c1h2(PWi)=h(PWi)y2=c2y1=h2(PW(i+1))Checkifh(y1)=h2(PWi)h(h(y2)T)=c3vi+1=h2(PW(i+1))h(IDk)StoreID,T=i+1,andvi+1電子商務與數位生活研討會9TheproblemofKu-ChenschemeTheuserisauthenticatedbytheremoteserver.But,remoteserverisnotauthenticatedbytheuser(
6、Serverimpersonationattack).電子商務與數位生活研討會10TheproposedschemeRegistrationphaseAuthenticationphase電子商務與數位生活研討會11ID,h2(PW1)ChooseshisidentityIDandpasswordPWandcomputesh2(PW1)Calculatesverifierv1=h2(PW1)h(IDk)Store{ID,v1}intotheverificationtable電子商務與數位生活研討會12ID,rh2(PWi)h(r)h2(PWi)Checkrc1=h(P
7、Wi)h2(PWi)c2=h2(PW(i+1))h(PWi)c3=h(h3(PW(i+1))T)chooserrandomlyandcomputerh2(PWi)Geth2(PWi)byvih(IDk)r=(rh2(PWi))h2(PWi)電子商務與數位生活研討會13Checkc1,c2c1,c2,c3y1=c1h2(PWi)=h(PWi)y2=c2y1=h2(PW(i+1))Checkifh(y1)
