A Provable Secure Authentication Protocol Given Forward Secure Session Key

This paper proposes a key distribution and authentication protocol between user, service provider and key distribution center (KDC). This protocol is based on symmetric cryptosystem, challenge-response, Diffie-Hellman component and hash function. In proposed protocol, user and server update the session key under token-update operation, and user can process repeated efficient authentications by using updated session keys. Another merit is that KDC needs not to totally control the session key between user and server in proposed protocol. Even if an attacker steals the parameters from the KDC, the attacker still can not calculate session key. We use BAN logic to proof these merits of our proposed protocol. Also according to the comparison and analysis with other protocols, our proposed protocol provides good efficiency and forward secure session key.

[1]  Theodore Y. Ts'o,et al.  Kerberos: an authentication service for computer networks , 1994, IEEE Communications Magazine.

[2]  Martín Abadi,et al.  A logic of authentication , 1990, TOCS.

[3]  Chun-I Fan,et al.  Robust remote authentication scheme with smart cards , 2005, Comput. Secur..

[4]  Steven M. Bellovin,et al.  Limitations of the Kerberos authentication system , 1990, CCRV.

[5]  Hung-Yu Chien,et al.  A hybrid authentication protocol for large mobile network , 2003, J. Syst. Softw..

[6]  Ren-Junn Hwang,et al.  A new efficient authentication protocol for mobile networks , 2005, Comput. Stand. Interfaces.

[7]  Paul F. Syverson On key distribution protocols for repeated authentication , 1993, OPSR.

[8]  Shiuh-Pyng Shieh,et al.  An Efficient Authentication Protocol for Mobile Networks , 1999, J. Inf. Sci. Eng..

[9]  Marvin A. Sirbu,et al.  Distributed authentication in Kerberos using public key cryptography , 1997, Proceedings of SNDSS '97: Internet Society 1997 Symposium on Network and Distributed System Security.

[10]  Moti Yung,et al.  The KryptoKnight family of light-weight protocols for authentication and key distribution , 1995, TNET.

[11]  John T. Kohl,et al.  The Kerberos Network Authentication Service (V5 , 2004 .

[12]  Heba Kamal Aslan Logical analysis of AUTHMAC_DH: a new protocol for authentication and key distribution , 2004, Comput. Secur..

[13]  Min-Shiang Hwang,et al.  A simple micro-payment scheme , 2001, J. Syst. Softw..

[14]  Jean-Jacques Quisquater,et al.  Computer Security — ESORICS 92 , 1992, Lecture Notes in Computer Science.

[15]  Ravi Ganesan,et al.  Yaksha: augmenting Kerberos with public key cryptography , 1995, Proceedings of the Symposium on Network and Distributed System Security.

[16]  Gene Tsudik,et al.  KryptoKnight Authentication and Key Distribution System , 1992, ESORICS.

[17]  Roger M. Needham,et al.  Using encryption for authentication in large networks of computers , 1978, CACM.