Information Technology Reference
In-Depth Information
4
Proposed Protected Password Change Scheme
This section proposes an improved protected password change scheme so to as
overcome the above mentioned problems. The server stores
vpw
=
H
(
id, pw, K
)
using the server's secret key
K
instead of
H
(
pw
) for each client in the database,
in order to overcome server data eavesdropping.
(1) Client
}
K
S
The user submits their
id
and
pw
to the client. The client then randomly
chooses an integer
x
→
Server:
id,
{
g
x
, pw, newpw
, computes
g
x
(mod
p
) and encrypts
g
x
,
pw
,and
newpw
using the server's public key
K
S
. Then, the client sends it with the
id
as a login request to the server.
(2) Server
Z
p
∈
Client:
C
1
=
g
y
,C
2
=
H
(
newpw, g
x
,SK
)
The server decrypts
{g
x
, pw, newpw}
K
S
to obtain
g
x
,
pw
and
newpw
us-
ing its private key
K
. Then, the server computes
H
(
id, pw, K
)andchecks
whether
H
(
id, pw, K
)=
vpw
holds. If it holds, the server randomly chooses
an integer
y
→
Z
p
, computes session key
SK
=
g
xy
(mod
p
),
C
1
=
g
y
(mod
∈
p
), and
C
2
=
H
(
newpw, g
x
,SK
). Then, the server sends
C
1
and
C
2
as the
server's authentication token to the client.
(3) Client
Server:
id, C
3
=
H
(
pw, g
x
,SK
)
The client computes
SK
and
H
(
newpw, g
x
,SK
) using its new password
newpw
and random exponents
x
,where
SK
=(
C
1
)
x
=
g
xy
(mod
p
). Then,
the client verifies the consistency between the computed
H
(
newpw, g
x
,SK
)
and the received
C
2
. If the result is positive, the client can ensure the legality
of the server. Finally, the client computes hash value
C
3
=
H
(
pw, g
x
,SK
)
as the client's authentication token and sends this token with the
id
to the
server.
(4) Server
→
Client:
Access granted/denied
The server computes the hash value
H
(
pw, g
x
,SK
) using its session key
SK
=
g
xy
(mod
p
) computed in Step (2) and user's password
pw
received
in Step (2). Then, the server checks whether
C
3
=
H
(
pw, g
x
,SK
)holds.
If it holds, the server can ensure the legality of the client and replaces
H
(
id, pw, K
)with
H
(
id,newpw,K
).
→
After mutual authentication is ensured by both the client and the server,
g
xy
(mod
p
) is used as the session key.
5
Security Analysis
In the past, some desired security attributes for password authentication and
change schemes have been identified [3,4,5]. In addition, the following security
properties of session key agreement protocols should be considered, since they are
often desirable in some environments [5,6,7,8,9,10,11,12]. The following analyzes
the security of the proposed scheme: