Dynamic Remote User Authentication 315

Dynamic Remote User Authentication*

1

Ashutosh Saxena , Manik Lal Das

1,2

, Ved P. Gulati and Deepak B. Phatak

Institute for Development and

Research in Banking Technology
CASTLE HILLS, ROAD NO.1, M ASAB TANK
Hyderabad-500057,
INDIA.
asaxena@idrbt.ac.in, mldas@idrbt.ac.in, vpgulati@idrbt.ac.in

Abstract-The paper presents a dynamic remote user

authentication scheme, wherein a registered user sends a
dynamic message for every login session and it is verified by the
remote system. The scheme is secure against the forgery, reply,
guessing and insider attacks and provides a flexible password
change option.*
Index Terms-Smart cards, Cryptography, Authentication,
Password.

K. R. School of Information Technology

Indian Institute of Technology-Bombay
Mumbai-400076,
INDIA.
mdas@it.iitb.ac.in, dbp@it.iitb.ac.in

some secret parameters. In every login session, a dynamic

login-ID is generated by the users smart card, and a dynamic
login request is sent to the remote system. The adversary
cannot perform forged login attacks or login-ID impersonation
attacks because of the dynamic login request. Moreover, the
scheme provides a flexible user password change option to the
registered users, which is a practical requirement. In the next
section, we propose the scheme. In section III, we analyze the
security of the scheme and conclude the work with section IV.

I. INTRODUCTION
Password-based authentication technique is one of the most
convenient methods for remote user authentication. In 1981,
Lamport [1] introduced the first well-known password-based
remote user authentication scheme. Afterwards, Chang and
Wu [2] proposed a remote password authentication scheme
using smart cards based on the Chinese remainder theorem. In
1999, Yang and Shieh [3] proposed another password
authentication scheme with smart cards. However, the
weakness and improvements of [3] are subsequently addressed
in [4]. Wang et al. [5] showed that the scheme in [4] is still
insecure. Then, Hwang and Li [7] proposed a new remote user
authentication scheme using smart cards, but Shen et al. [8]
observed that Hwang and Lis scheme is insecure and
proposed a modified scheme in [8]. It has been observed that
the existing schemes are based on static login request. The
static login request authentication methods cannot resist direct
wiretapping attacks, and thus, are not suitable for public
network environment. The main drawback of these static
techniques is that an adversary can impersonate a valid login
on intercepting the login request sent by the user to the remote
system. This is because the login identity (ID) is directly or
indirectly related to other parameters of the login request.
There are many applications (e.g., digital library) where the
subscribers need to login for viewing or downloading the
documents. In such systems, instead of using a static login-ID,
a dynamic login-ID based login session authentication would
offer a secure framework. In this work, we propose a dynamic
remote user authentication scheme using smart cards. In our
scheme, the registered user is assigned a smart card containing
*

The work was supported in part by the Ministry of Communications and

Information Technology, Govt. of India, under the grant no.
DIT/R&D/Coord/1(6)/2003.

II. THE PROPOSED SCHEME

The scheme consists of two phases, namely, the registration
phase and the authentication phase. The registration phase is
invoked whenever a new user wants to register the system.
The authentication phase is executed every time while the user
wants to login to the remote system.
The notations used in the work are summarized as follows:
- U represents a user.
- S represents the remote system.
- ID denotes an identity chosen by U.
- DID denotes dynamic login request.
- PW denotes the password of U.
- p and q denote two large prime numbers.
- g denotes a primitive element in Galois fields GF(p) and
GF(q).
- h(.) denotes a cryptographic hash function [9].
- h(A, B) denotes the hash of concatenated strings A and B.
- denotes an XOR operation.
- U ? S : m denotes U sends m to S over public channel.
- U S : m denotes U sends m to S over secure channel.
Initially, the remote system generates a RSA [10] publicsecret key pair (e, d), and publishes (N, e, g)1 while keeping
the d as secret. In the following, we present the registration
and authentication phases and followed by the password
change phase.

N is product of two random large primes p and q; e and d are integers

Z* (N) satisfying the relation ed1 mod (N), where (.) is a Eulers totient
function.

314 ADCOM-2004

A. Registration Phase
(i)
(ii)

(iii)
(iv)

(v)

A new user, Ui submits his identity and password to

S.
If the submitted identity is already exists, S prompts a
message and Ui needs to re-submit another identity.
Let the accepted user-ID for Ui is IDi and his
password is PW i .
S computes Bi = g(PWi x) mod N, where x is a secret
number chosen by S for all registered users.
S personalizes a smart card (PSC) with the
parameters IDi , x, Bi , e, N, g and h(.) at a secure
location.
S Ui : the PSC.

It is noted that S can store IDi , Bi and x to the smart card and
publishes other public parameters e, N, g and h(.), but these
public parameters should be available at the terminal where
users want to access the remote system.
B.

Authentication Phase

This phase is further divided into the login phase and

verification phase. In the login phase, the user sends a login
request and the verification phase checks whether the login
request is valid or not.
Login Phase: Ui attaches the smart card to a terminal and
keys IDi and PWi . If IDi is identical to the one that is stored in
the smart card, the smart card does the following:
(i)

(ii)

(iii)
(iv)

Computes Bi = g ( PW i x) mod N. If Bi is identical to the

one that is stored in the smart card, proceeds to the
step (ii); otherwise, terminates the operation.
Computes a dynamic login-request DIDi = h(IDi , Bi ,
x , T)e mod N, where T is the current date and time of
Ui s system.
Computes Ai = (IDi T)e mod N.
Ui ? S : M = (DIDi , Bi , Ai , T) as a login request.

Verification Phase: Let S receives the login request M at

time T* and then, S performs the following steps to verify M:
(i)

(ii)
(iii)

Verifies the validity of the time interval between T*

and T. If (T*-T)T, S proceeds to step (ii), where T
denotes the expected valid time interval for
transmission delay. Otherwise, rejects the login
request.
Obtains the user-ID by computing ID i* = (T (Ai )d
mod N).
Verifies the validity of DIDi as whether h( ID i* , Bi , x
, T) = (DIDi )d mod N. If it holds, S accepts the login
request; otherwise, rejects the login request.

C. Password Change Phase

This phase can be performed whenever a registered user Ui
wants to change the password. By invoking this phase, Ui can
easily change the password without taking any assistance from
the remote system. The phase works as follows:

(i)

(ii)

Ui attaches the smart card to a terminal, submits

current password PWi and chooses a new password
PWi*
.
*
Bi* = g ( PWi x)
The smart card computes
mod N,
Bi*
and replaces the previous Bi s value by
s value.
The password is then changed with the new password
PWi*
.
III. SECURITY A NALYSIS

The security of the proposed scheme relies on the difficulty

of factoring a large number and discrete logarithm problems.
Here, we show that the proposed scheme can resist the
forgery, replay, guessing and insider attacks.
Forgery Attack: An adversary cannot forge a legal login on
intercepting the login request unless he has the knowledge of
the secret parameters d and x. It is observed in the user
registration phase that the parameter x is stored in a smart card
by the remote system. Moreover, obtaining x from the
parameter Bi is based on the security of discrete logarithms
problem. Therefore, it is extremely hard to obtain x either from
the smart card or from Bi , and thus an adversary cannot
generate a forged login-ID. In the proposed scheme, user-ID,
IDi is also a secret component, which is to be authenticated by
the remote system for each login session. The user-ID is being
protected by the remote systems secret key d. Obtaining d is
as difficult as factoring a large integer, which is believed to be
an intractable problem. No one can get others user-ID without
knowing d, and thus, cannot forge a valid login request.
Replay attack: Replay attack is an offensive action whereby
an adversary can intercept a valid login message and can gain
access to the remote system on replaying the intercepted
information. In our scheme, the replay attack cannot work
because it fails at the step (i) of the verification phase for the
time interval (T *new -T), where T *new denotes the adversarys
computed timestamp.
Guessing Attack: It is extremely difficult for any adversary
to guess the remote systems secret key x from DIDi or from Bi
for i = 1, 2,,n, where n is the number of registered users. In
the former case (DIDi ), the security is based on hash function,
which is computationally infeasible to inverse [9]. In the later
case (Bi ), the security is based on discrete logarithms problem.
Additionally, an adversary cannot perform an off-line guessing
attack on Bi , as the computation is based on discrete logarithm
problems with two unknown parameters PWi and x. Therefore,
the scheme is secure against guessing attacks.
Insider Attack: In practice, it is likely that Ui uses the same
password PWi to access several systems for his convenience. If
the remote system maintains verifier/passwords table, an
insider of a remote system could impersonate Uis login-ID by
stealing PWi and subsequently, gets access to other systems. In
our scheme, the user chooses his password and as the remote
system does not maintain any verifier/passwords table, thus,

Dynamic Remote User Authentication 315

an insider cannot get the users password. Although the user

submits his password to the remote system during the
registration process, the user can easily change his password
later by invoking the password change option. Thus, in our
scheme the insider/adversary cannot obtain the users
password and thereby, cannot cheat the registered users.
IV.

CONCLUSION

We have proposed a dynamic remote user authentication

scheme that prevents the adversary from executing forged
login-ID attacks. This authentication technique is very
effective in digital library or similar systems, where the
authorized user can view or download documents using only
the smart card and password. As the scheme does not require
extensive computation, it can also be deployed in gadgets that
have less computing power, wherein two or more devices need
to authenticate themselves through the central communicating
system. Moreover, the remote system does not maintain any
verifier/passwords table and provides a flexible password
change option, wherein the users can change their passwords
any time without any assistance of the remote system. Though
the scheme uses smart card as a secure device for storing and
computing some cryptographic primitive functions, it does not
restrict to use other devices which offer similar or better
features.

REFERENCES
[1]

L. Lamport, Password authentication with insecure communication,

Commun. ACM, vol. 24, no. 11, pp. 770-772, 1981.
[2] C. C. Chang, and T. C. Wu, Remote password authentication with
smart cards, IEE Proceedings-E, vol. 138, no. 3, pp. 165-168, 1993.
[3] W. H. Yang, and S. P. Shieh, Password authentication schemes with
smart cards, Computers & Security, vol. 18, no. 8, pp. 727-733, 1999.
[4] L. Fan, J. H. Li, and H. W. Zhu, An enhancement of timestamp-based
password authentication scheme, Computers & Security, vol. 21, no. 7,
pp. 665-667, 2002.
[5] B. Wang, J. H. Li, and Z. P. Tong, Cryptanalysis of an enhanced
timestamp-based password authentication scheme, Computers &
Security, vol. 22, no. 7, pp.643-645, 2003.
[6] IEEE P1363.2 Draft D12, Standard specifications for password-based
public key cryptographic techniques, IEEE P1363 working group,
2003.
[7] M. S. Hwang, and L. H. Li, A new remote user authentication scheme
using smart cards, IEEE Trans. Consumer Electron., vol. 46, no.1, pp.
28-30, 2000.
[8] J. J. Shen, C. W. Lin, and M. S. Hwang, A modified remote user
authentication scheme using smart cards, IEEE Trans. on Consumer
Electron., vol. 49, no. 2, pp. 414-416, 2003.
[9] B. Schneier, Applied Cryptography, John Wiley & Sons Inc., 1996.
[10] R. L. Rivest, A. Shamir, and L. M. Adleman, A method for obtaining
digital signatures and public-key cryptosystems, Commun. ACM, vol.
21, no. 2, pp. 120-126, 1978Abstract-The characteristic of a new class of
irregular fault-tolerant multi-stage interconnection networks (MINs)
called as zeta.