Docstoc

Simple and Secure Password Authe

Document Sample
Simple and Secure Password Authe Powered By Docstoc
					IEICE TRANS. COMMUN., VOL.E83–B, NO.6 JUNE 2000
                                                                                                                         1363


LETTER
Simple and Secure Password Authentication Protocol
(SAS)
                       Manjula SANDIRIGAMA† , Student Member, Akihiro SHIMIZU†† , Regular Member,
                                                             and Matu-Tarow NODA† , Nonmember



SUMMARY In the Internet and Mobile communication en-                 two random numbers are generated by the user and
vironment, authentication of the users is very important. Al-        the user is required to memorize them in some sort of
though at present password is extensively used for authentication,
                                                                     memory. In the Internet environment users may be ac-
bare password transmission suffers from some inherent shortcom-
ings. Several password-based authentication methods have been        cessing their hosts from many parts of the world and
proposed to eliminate such shortcomings. Those proposed meth-        hence the user has to carry a memory device (like an
ods have relative demerits as well as merits. In this letter we      IC card) wherever he goes. This is an unnecessary bur-
propose a method where those demerits are eliminated. The            den apart from the fact that all the computers may not
prominent feature is security improvement apart from low pro-
cessing, storage and transmission overheads compared to previous
                                                                     have such IC reading facilities. Making such dedicated
methods. This method can be used in several applications like        facilities are extra hardware expense.
remote login, encrypted and authenticated communication and                The above random number memorizing problem is
electronic payment etc.                                              solved in the PERM method [14]. In this method one
key words: ÖÝÔØÓ Ö Ô Ý¸ × ÙÒ Ø ÓÒ׸ Ô ××ÛÓÖ ÙØ ÒØ ¹
                                                                     random number (in the form of an initial value incre-
Ø ÓÒ¸ ×    ÙÖ Øݸ ÓÒ   Ø Ñ   Ô ××ÛÓÖ
                                                                     mented at each authentication) is stored in the host
                                                                     and sent to the user at each authentication. It is sent
1.       Introduction
                                                                     back to the user upon a service request for necessary
                                                                     calculations. The other random number is derived from
As the Internet and Mobile applications have been in-
                                                                     the this number by pre-determined increments.
creasing in the recent past, the need for authentication
                                                                           Though the PERM method solves random number
over remote servers and telephones has become very
                                                                     memorizing problem, the authors point out a possible
important [11]. Several authentication methods based
                                                                     security flaw in the system [9], [10], [14]. It is a kind
on passwords have been proposed.
                                                                     of ‘Man in the Middle’ attack where an eavesdropper
     Usually the password is hashed and stored in the
                                                                     would be able to login after tapping the communication
computer to prevent stealing by others [2]. Several such
                                                                     line in two consecutive sessions.
hash functions are available. Most famous are DES [4],
                                                                           In this letter a developed method called ‘Simple
FEAL [5], MISTY [6] etc.
                                                                     And Secure (SAS) Password Authentication’ is pro-
     Though the hashing prevent stealing, still there are
                                                                     posed which eliminates the above mentioned security
two shortcomings. The first is that the user is required
                                                                     flaw. Apart from eliminating the security flaw, storage,
to submitt the bare password at each authentication.
                                                                     processing and transmission overheads are lower in the
The second is that in case of a network (which is usually
                                                                     new method.
the case) the transmitted password could be stolen by
wire tap.
                                                                     2.   SAS Description
     In the Lamport [7], [8] one time password method,
those problems are eliminated. But there are two prac-               2.1 Definitions and Notations
tical difficuilties in Lamport method. First is the high
hash overhead. The other is the necessasity for pass-                The following Definitions and Notations are used in this
word resetting.                                                      letter.
     High hash overhead and password resetting are
solved in CINON [9], [10] method. One time charac-                    1. User is a user of a computer who uses the protocol
teristics is gained by using two variable random num-                    for authentication.
bers which are changed at each authentication. These                  2. Host is the server that authenticates users.
                                                                      3. A is user identity.
     Manuscript received September 13, 1999.                             S is user password.
     †
     The authors are with the Department of Computer Sci-             4. E is a cryptographic hash function.
ence Engineering, Ehime University, Matsuyama-shi, 790-
8577 Japan.                                                              E(X) means X is hashed once.
  ††
     The author is with the Department of Information Sys-               E 2 (X) means X is hashed twice.
tems Engineering, Kochi University of Technology, Kochi-              5. n is an integer greater or equal to 0 which represent
ken, 782-8502 Japan.                                                     the number of authentication sessions.
                                                                   IEICE TRANS. COMMUN., VOL.E83–B, NO.6 JUNE 2000
1364


                                                              Note:
                                                              E(S//N0 ) ⊕ E 2 (S//N0 ) is for
                                                              the current authentication session.
                                                              E 2 (S//N1 ) ⊕ E 2 (S//N0 ) is for
                                                              the next authentication session.
                                                           4. Host: XOR the data with stored E 2 (S//N0 )
                                                                      and obtain the following.
                  Fig. 1    Registration.
                                                                      E(S//N0 ).
                                                                      E 2 (S//N1 )
                                                           5. Host: Applies hash function to E(S//N0 ).
                                                                      E . E(S//N0 ) = E 2 (S//N0 )
                                                                      Compare with the stored E 2 (S//N0 ).
                                                                      If they match user is authenticated.
                                                                      If they don’t match user is rejected.
                                                                      Updates E 2 (S//N0 ) and N0 with
                                                                      E 2 (S//(N1 )) and N1
                                                                      for the next authentication session.

                                                          2.3 Evaluations
                Fig. 2     Authentication.

                                                          In this subsection we evaluate the security and perfor-
 6. Nn represent a random number corresponding to         mance of the new method.
    nth authentication.
 7. ⊕ represent bitwise XOR operation.                    2.3.1     Security
 8. // represent concatenation.
 9. Service Request means a request by the user to        In the PERM method the authors indicates a possible
    host to allow login.                                  security flaw [9], [10], [14]. If an attacker is able to re-
10. User/Host: XYZ –> Host/User means User/Host           ceive two sets of data from two consecutive sessions he
    sends XYZ to Host/User.                               is able to insert his own password and do the neces-
                                                          sary calculations and send to the host. From the next
                                                          authentication session onwards the attacker can freely
2.2 SAS Protocol                                          login impersonating the real user [9], [10].
                                                               In SAS this security flaw is eliminated. Suppose
The protocol consists of two phases namely registration   an attacker obtain the following two consecutive sets of
phase and authentication phase. The registration is       data.
done only once and authentication is done every time
the user logs in.                                                 E(S//N0 )⊕E 2 (S//N0 ) , E 2 (S//N1 )⊕E 2 (S//N0 )
                                                                  E(S//N1 )⊕E 2 (S//N1 ) , E 2 (S//N2 )⊕E 2 (S//N1 )
2.2.1 Registration Phase (see Fig. 1)
                                                          From these data the attacker cannot calculate
 1. User: Calculate E 2 (S//N0 ).                         E(S//N0 ) or E(S//N1 ) or E(S//N2 ) since he does not
 2. User: A, E 2 (S//N0 ), N0 –> Host.                    know E 2 (S//N0 ) or E 2 (S//N1 ) or E 2 (S//N2 ). There-
           (through a secure channel)                     fore he cannot insert his own password that will enable
 3. Host: Stores A, E 2 (S//N0 ), N0                      him to login impersonating the real user.
                                                               Therefore it is seen that SAS has better security
                                                          features than PERM or CINNON.
2.2.2 Authentication Phase
                                                          2.3.2     Performance
When the user wants to login subsequently he executes
the following protocol (see Fig. 2).
                                                          Table 1 summerizes the performance of Lamport,
 1. User: Service Request –> Host.                        CINON, PERM and SAS.
 2. Host: N0 –> User.
 3. User: Calculates following data and                   3.   Conclusion
           sends to the host.
           E(S//N0 ) ⊕ E 2 (S//N0 ) –> Host.              From the above evaluations it is seen that the new pro-
           E 2 (S//N1 ) ⊕ E 2 (S//N0 ) –> Host.           tocol SAS has improved features compared to the pre-
           N1 –> Host.                                    vious methods. The most important feature is extra
LETTER
                                                                                                                           1365


                            Table 1     Performance evaluations of Lamport, CINON, PERM and SAS.




security which is not available in previous methods.               [7] L. Lamport, “Password authentication with insecure com-
Also it needs fewer hash overhead and data storage.                    munication,” Commun. ACM, vol.24, no.11, pp.770–772,
Data transmission is also low. SAS does not need pass-                 1981.
                                                                   [8] N. Haller, “The S/KEY (TM) one-time password system,”
word resetting or random numbers. Moreover the same                    Proc. Internet Society Symposium on Network and Dis-
protocol consists a facility to create a session key to                tributed System Security, pp.151–158, 1994.
facilitate session encryption.                                     [9] A. Shimizu, “A dynamic password authentication method
                                                                       by one-way function,” IEICE Trans., vol.J73-D-I, no.7,
References                                                             pp.630–636, July 1990.
                                                                  [10] A. Shimizu, “A dynamic password authentication method
 [1] A. Evance, W. Kantrowitz, and E. Weiss, “A user authenti-         by one-way function,” System and Computers in Japan,
     cation scheme not requiring secrecy in the computer,” Com-        vol.22, no.7, 1991.
     mun. ACM, vol.17, no.8, pp.437–442, 1974.                    [11] T. Arakawa and T. Kamada, “The Internet home electron-
 [2] G.B. Purdy, “A high-security log-in procedure,” Commun.           ics and the information network revolution,” IEICE Tech-
     ACM, vol.17, no.8, pp.442–445, 1974.                              nical Report, OFS96-1, 1996.
 [3] A. Morris and K. Thompsan, “Password security: A case        [12] A. Shimizu, “Public E-mail messages forwarding services,”
     history,” UNIX Programmer’s Manual, Seventh Edition,              IEICE Technical Report, OFS96-39, 1996.
     2B, 1979.                                                    [13] T. Horioka, M. Toda, and A. Shimizu, “E-mail messages
 [4] NBS, “Data Encryption Standard,” FIPS-PUB-45, 1977.               forwarding services,” IEICE Technical Report, OFS97-39,
 [5] A. Shimizu and S. Miyaguchi, “Fast data encipherment al-          1997.
     gorithm FEAL,” IEICE Trans., vol.J70-D, no.7, pp.1413–       [14] A. Simizu, T. Horioka, and H. Inagaki, “A password au-
     1423, July 1987.                                                  thentication method for contents communication on the in-
 [6] M. Matsui, “New block encryption algorithm MISTY,” Lec-           ternet,” IEICE Trans. Commun., vol.E81-B, no.8, pp.1666–
     ture Notes in Computer Science, FSE 1997, pp.54–68, 1997.         1673, Aug. 1998.

				
DOCUMENT INFO
Shared By:
Categories:
Stats:
views:10
posted:4/23/2010
language:English
pages:3