Information Technology Reference
In-Depth Information
The remainder of this paper is organized as follows: Section 2 briefly re-
views Lin-Hwang's protected password change scheme, then Section 3 demon-
strates server data eavesdropping with Lin-Hwang's scheme and examines some
related problems. The proposed protected password change scheme is presented
in Section 4, while Section 5 discusses the security of the proposed scheme. The
conclusion is presented in Section 6.
2
A Review of Lin-Hwang's Schemes
This section briefly reviews Lin-Hwang's protected password change scheme.
Readers are referred to [3] for a complete list of references. The main difference
between Lin-Hwang's protected password transmission scheme and protected
password change scheme is that in the latter, the client sends a password change
request to the server. Some of the notations used in Lin-Hwang's scheme and
the proposed scheme are defined as follows:
-
id
: public user identity of client.
-
pw
: secret and possibly weak user password.
-
K
S
: public server key.
-
}
K
S
: public key encryption of message
M
with public server key
K
S
.
-
rc, rs
: session-independent random numbers chosen by client and server, re-
spectively.
-
p, g
: large prime
p
and generator
g
in cyclic group
Z
p
,inwhichtheDie-
Hellman problem is considered hard.
-
x, y
: session-independent random exponents chosen by client and server, re-
spectively.
-
SK
: shared session key computed by client and server.
-
H
(
{
M
·
): strong one-way hash function.
-
⊕
: bit-wise XOR operation.
In Lin-Hwang's scheme, the server stores
vpw
=
H
(
pw
) for each client in the
database. The protected password change scheme allows a client to change their
old password
pw
to a new password
newpw
.
(1) Client
}
K
S
The user submits their
id
and
pw
to the client. The client then randomly
chooses an integer
rc
and encrypts
rc
and
pw
, using the server's public key
K
S
, and sends it with the
id
as a login request to the server.
(2) Server
→
Server:
id,
{
rc, pw
→
Client:
rs
⊕
rc, H
(
rs
)
The server decrypts
}
K
S
to obtain
rc
and
pw
using its private key
K
. Then, the server computes the hash value
H
(
pw
) and checks whether
H
(
pw
)=
vpw
holds. If it holds, the server randomly chooses an integer
rs
,
computes
rc
{
rc, pw
⊕
rs
and
H
(
rc
), then the server sends
rc
⊕
rs
,
H
(
rc
)tothe
client.