KIPS Transactions on Computer and Communication Systems (정보처리학회논문지:컴퓨터 및 통신 시스템)

Korea Information Processing Society (한국정보처리학회)
권호 표지
DOI QR코드

DOI QR Code

Zero-knowledge Based User Remote Authentication Over Elliptic Curve

타원곡선상의 영지식기반 사용자 원격인증 프로토콜

  • 최종석 (부산대학교 전기전자컴퓨터공학과) ;
  • 김호원 (부산대학교 정보컴퓨터공학부)
  • Received : 2013.10.11
  • Accepted : 2013.11.20
  • Published : 2013.12.31
Download PDF
⟨ Previous Next ⟩

Abstract

Although password-based authentication as known as knowledge-based authentication was commonly used but intrinsic problems such as dictionary attack remain unsolved. For that the study on possession-based authentication was required. User remote authentication using smartcard is proceeding actively since Lee et al. proposed user remote authentication using knowledge-based information(password) and possession-base information(smartcard) in 2002. in 2009, Xu et al. proposed a new protocol preserving user anonymity and Shin et al. proposed enhanced scheme with analysis of its vulnerabilities on user anonymity and masquerading attack in 2012. In this paper, we analyze Shin et al. scheme on forward secrecy and insider attack and present novel user authentication based on elliptic curve cryptosystem which is secure against forward secrecy, insider attack, user anonymity and masquerading attack.

지식기반의 패스워드 인증방식이 대중적으로 사용되었으나, 사전공격과 같은 근본적인 문제를 해결하지 못한다. 이에따라 소유기반의 인증기술에 대한 연구가 필요해졌다. 2002년 Lee et al.은 지식기반정보(패스워드)와 소유기반정보(smartcard)를 이용한 사용자 원격 인증기법을 제안하였으며, 그 이후로 스마트카드를 이용한 원격 인증기법에 대한 연구가 활발하게 진행되었다. 2009년 Xu et al.은 사용자 익명성을 보장하는 프로토콜을 제안하였으나, 2012년 Shin et al.은 Xu et al. 기법의 사용자익명성 노출, 위장공격에 대한 취약점을 분석하고 이를 개선한 사용자 익명성을 보장하는 프로토콜을 제안하였다. 본 논문에서는 Shin et al. 기법을 전방향안전성과 내부자공격에 대한 취약점을 분석하고 전방향안전성, 내부자공격, 사용자익명성, 위장공격에 안전한 타원곡선암호기반의 사용자 인증 프로토콜을 제안한다.

Keywords

References

  1. L. Lamport, "Password authentication with insecure communication," Communications of the ACM, Vol.24, No.11, pp.770-772, 1981. https://doi.org/10.1145/358790.358797
  2. N. Haller, "The S/Key one-time password system," in Proceedings of the ISOC Symposium on Network and Distributed System Security, pp.151-157, 1994
  3. J. Choi and H. Kim, "One-Handled The Mobile One-Time Password Scheme," The Journal of The Korean Institute of Communication Sciences, Vol.37, No.6, pp.497-501, 2012 https://doi.org/10.7840/KICS.2012.37.6C.497
  4. C. M. Chen and W. C. Ku, "Stolen-verifier attack on two new strong-password authentication protocol," IEICE Transactions on communications, Vol.E85-B, No.11, pp.2519-2521, 2002.
  5. C. C. Lee, M. S. Hwang and W. P. Yang, "A Flexible Remote User Authentication Scheme using Smart Cards," ACM Operating System Review, Vol.36, No.4, pp.23-29, 2002.
  6. M. L. Das, A. Saxena and V. P. Gulati, "A dynamic ID-based remote user authentication Scheme," IEEE Transactions on Consume Electronics, Vol.50, No.2, pp.629-631, 2004. https://doi.org/10.1109/TCE.2004.1309441
  7. H. Y. Chien and C. H. Chen, "A remote User Authentication Scheme preserving user anonymity," in Proceedings of IEEEAINA'05, Vol.2, pp.245-248, 2005.
  8. L. Hu, Y. Yang and X. Niu, "Improved remote User Authentication Scheme preserving user anonymity," in Proceedings of Fifth Annual Conference on Communication Network and Services Research(CNSR), pp.323-328, 2007.
  9. C. S. Bindu, P. C. S. Reddy and B. Satyanarayana, "Imporoved Remote User Authentication Scheme Preserving User Anonymity," IJCSNS, Vol.8, No.3, pp.62-66, 2008.
  10. Z. Chai, Z. Cao and R. Lu, "Efficient Password-Based Authentication and Key Exchange Scheme Preserving User Privacy," in Proceedings of WASA'06, LNCS 4138, pp.467-477, 2006.
  11. S. Kim, J. Y. Chun and D. H. Lee, "Anonymity User Authentication Scheme with Smart Cards preserving Traceability," Journal of the Korea Institute of Information Security and Cryptology, Vol.18, No.5, pp.31-39, 2008
  12. J. Choi and S. Shin, "Traceable Authentication Scheme Providing User Anonymity," Journal of The Korea Contents Association, Vol.9, No.4, pp.95-102, 2009 https://doi.org/10.5392/JKCA.2009.9.4.095
  13. J. Choi, S. Shin and K. Han, "Three-Party Key Exchange Protocol Providing User Anonymity based on Smartcards," Journal of the Korea Academia-Industrial cooperation Society, Vol.10 No.2, pp.388-395, 2009 https://doi.org/10.5762/KAIS.2009.10.2.388
  14. J. Xu, W. Zhu and D. Feng, "An improved smart card based password authentication scheme provable security," Computer Standard & Interface, Vol.31, No.4, pp.723-728, 2009. https://doi.org/10.1016/j.csi.2008.09.006
  15. K. Shin and J. Cho, "A Remote Authentication Protocol Design Using Smart Card to Guarantee User Anonymity," Korean Institute Of Information Technology, Vol.10, No.12, pp.77-87, 2012.