Password Change Phase. In case of changing her or his password, MU inserts her or his smart card into a card reader and performs the following steps:
Password Change Phase. Step 1: Ui inputs {IDi∗, pwi∗, pwni} into SCi, where pwni is a new password.
Step 2: The smart card computes RNr∗ = h(pwi∗ ) ⊕ XPWi, HPWi∗ = h(pwi∗ ||RNr∗ ), XS∗i = Ci ⊕ = h(IDs||HPWi∗ ), Bi∗ = h(HPWi∗ ⊕ XS∗i ), then checks Bi∗ Bi. If it is correct, SCi computes updated values HPWni = h(pwni||RNr∗ ), Ani = Ai ⊕ h(HPWi∗ ||XS∗i ) ⊕ h(HPWni||XS∗i ), Bni = h(HPWni ⊕ XS∗i ), Cni = XS∗i ⊕ h(IDS||HPWni. Then, SCi replaces (Ai, Bi, Ci) with (Xxx, Bni, Cni).
Password Change Phase. When Xx wants to change pwi with the new pwni, Xx performs the password change phase. Figure 4 illustrates the password change phase, which is performed as follows:
Step 1: Ui imprints BIOi∗ and computes Ri∗ into SCi. = Rep(BIOi∗, Pi), then inputs {IDi∗, Ri∗, pwi∗, pwni} Step 2: SCi computes HPWi∗ = h(pwi∗ ||Ri∗ ), XS∗i = Ci ⊕ h(IDi∗ ||HPWi∗ ), Bi∗ = h(HPWi∗ ⊕ XS∗i ). Then, SCi verifies Bi∗ = Bi to check the validity of Ui. If it is correct, SCi computes updated values HPWni = h(pwni||Ri∗ ), Ani = Ai ⊕ h(HPWi||XS∗i ) ⊕ h(HPWni||XS∗i ), Bni = h(HPWni ⊕ XS∗i ), Cni = XS∗i ⊕ h(IDi∗ ||HPWni). Then, SCi replaces (Ai, Bi, Ci) with (Xxx, Bni, Cni).
Password Change Phase. To change the password of A , the USB token of the client A must be inserted; the old PW and a newly chosen password PW must be entered. Then, the following steps are performed. Figure 4 shows the password change phase.
1. generate r.
2. ID, ME _ r 4. h(B'' )
Password Change Phase. 1) The client A generates a random number r and calculates ME_r = gr
2) A → S : ID, ME_r . The client A sends ID and ME_r to the server S .
3) The server S calculates then calculates h(B'') . B'' = ME_r ⋅ gh( x||ID ) mod p = gr ⋅ gh( x||ID ) mod p = gh( x||ID )+r
4) S → A : h(B′′) . The server S sends h(B'') to the client A .
5) The client A figures out B' = ME _ r ⋅ B ⋅ gh( PW ||r ) mod p = gr ⋅ gh( x||ID)−h( PW ||r ) ⋅ gh( PW ||r ) mod p = gh( x||ID)+r mod p , then calculates h(B′) . If h(B′) ≠ h(B′ ) , the password change request is rejected.
6) The client A calculates B = B ⋅ gh( PW ||r ) ⋅ g − h( PW ||r ) mod p = gh( x||ID)−h( PW ||r ) ⋅ gh( PW ||r ) ⋅ g − h( PW ||r ) mod p = gh(x||ID)−h(PW ||r) mod p
Password Change Phase. Assume that SC has the ability to detect the login failure trials. If the failure times exceed a given number, SC will be soon locked to prevent from guessing password attack. • Ui inserts the smart card into a card reader and in- puts identity IDi, password PWi and a new pass- word PWnew. • SC calculates bt = B ⊕ ID ⊕ PW , Ct = C ⊕ 3 C3 = h(C1), C4 = h(bǁPWi) ⊕ h(xǁy).
Password Change Phase. Assume that SC has the ability to detect the login failure trials. If the failure times exceed a given number, SC will be soon locked to prevent from guessing password attack.
i Ui inserts the smart card into a card reader and in- puts identity IDi, password PWi and a new pass- word PWnew. • SC calculates b = B ⊕ IDi ⊕ PWi, RPWi = h(bǁPWi), C1 = C2 ⊕RPWi, d = C4 ⊕h(C1ǁRPWi), Ct = h(C1ǁd) and verifies whether Ct = C3. If they request message {CIDi, V, D, F1, F2, M1} to Si.
Password Change Phase. The user Ui has to authenticate itself to smart card before requesting the password change.
A. Registration phase A user Ui has to submit his identity IDi and password Pi to the server S via a secure communication channel to register itself to the server S.
Step 1: Ui 🡪 S: IDi, Pi The server S computes the security parameters Vi = H (IDi | TTSA | x) ⊕ H (Pi), Ai = H (IDi | Pi) ⊕ Pi , Bi = H (Pi) ⊕ H (TTSA) and issues the smart card containing security parameters (Vi, Ai, Bi, H ( )) to the user Ui through a secure communication channel. Step 2: S 🡪 Ui: Smart card
B. Login phase A user Ui inserts his smart card into a card reader to login on to the server S and submits his identity IDi* and password Pi*. The smart card computes Ai* = H (IDi* | Pi*) ⊕ Pi* and compares it with the stored value of Ai in its memory to verify the legitimacy of the user Ui.
Step 1: Smart card checks Ai* ?= Ai After verification, smart card computes C1 = Vi ⊕ H (Pi) and C2 = H (C1 | T), where T is current date and time of input device. Then smart card sends the login request message (IDi*, C2, T) to the service provider server S.
Step 2: Smart card 🡪 S: IDi*, C2, T The user Ui’s smart card extracts the value of H (TTSA) as H (TTSA) = Bi ⊕ H (Pi), which is used by the user Ui’s smart card for the computation of the agreed session key between the user Ui and the server S. C Authentication phase After receiving the login request from the user Ui, the service provider server S verifies the received IDi* with stored value of IDi in its database. The server S checks the validity of timestamp T by checking (T’ –T) <= δΤ, where T’ is current date and time of the server S and δΤ is permissible time interval for a transmission delay. The server S extracts the value of TTSA corresponding to the client’s identity IDi. Then server S computes C1* = H (IDi | TTSA | x), C2* = H (C1* | T) and compares C2* with the received value of C2.
Step 1: Server S checks C2* ?= C2 This equivalency authenticates the legitimacy of the user Ui and the login request is accepted else the connection is interrupted. Finally, the user Ui and the server S agree on the common session key as SK = H (C1 | H (TTSA) | T). Afterwards, all the subsequent messages between the user Ui and server S are encrypted with this session key.
D. Password change phase The user Ui can change his password without the help of the server S. The user Ui inserts his smart card into a card reader and enters his identity IDi* and password Pi*...
Password Change Phase. || || ⊕ ⊕
(1) Ui inserts Ui’s smart card into a terminal and inputs IDi, the old password PWi and new password PWi∗. The smart card compares the entered value IDi with the IDi stored in the smart card. If this condition is not satisfied, it terminates this phase. Otherwise, the smart card proceeds with the next step.
(2) The smart card computes PWi = h(PWi b), PWi∗ = h(PWi∗ b) and Ni∗ = Ni PWi PWi∗.
(3) The smart card replaces the existing value Ni with the new value Ni∗. Finally, the smart card contains the information {IDi, Ni∗, h(·), b}. User (U )
i i Inputs (IDi, PWi, PWi∗) Checks ID =? stored ID PWi = h(PWi||b)
Password Change Phase. The password change phase is invoked whenever the Ui wants to change his or her old password to a new password. In the password change phase of our proposed scheme, Ui communicates without any assistance from the GWN. Figure 6 illustrates the password change phase for our proposed scheme. We now describe this process in further detail: User (U ) Inputs (IDi, PWold, PWnew)
i i PW old = h(PWold||b), xxxx = N ⊕ h(ID ||PW ) Mold = h(PW old||xxxx) Checks Mold =? M PW new = h(PWnew||b) Nnew = h(ID ||PW new ) ⊕ v, Mnew = h(PW new||v) Replaces the existing values Ni and Mi with the new values Nnew and Mnew, respectively.
i i i
