RSA based remote password authentication using smart card

“…As far as user remote authentication for smart home environments is concerned, our liter-ature survey has revealed that techniques based on passwords [18] are typically weak and are not considered very secure. To improve this weakness, other techniques have been proposed such as those relying on the user's personal memory (or digital memory) [19], those relying on the use of Kerberos authentication to implement a single-sign-on [20], those relying on mobile OTP or OAuth [21], an open standard authentication and authorization protocol, in which the user receives a password that should be used within short time period after its generation, otherwise the OTP expires; those relying on smart cards [22], those relying on biometrics [23], those involving transactions based on Near Field Communications (NFC) [24], and those relying on RSA [9], [10], to name a few. The novel RSA-ASH-SC scheme proposed in this thesis belongs to this later class of protocols since its design relies on the use of a variant of RSA (so-called Om and Kumari scheme [10]), in which the anonymity of the user/device is achieved by using a one-time-token.…”

“…In [22], Om and Reddy proposed a RSA-based remote user authentication scheme using smart card. In their scheme, to achieve authentication, no verification table, nor password table is needed.…”

“…In [10], Om and Kumara proposed a modified version of the Om and Reddy scheme [22] as follows. The registration phase is similar to that of the Om and Reddy scheme [22], except that additionally, the user calculates S i = f (P W i ||ID i ) and stores it in the smart card. To login, the user calculates x = f (f (P W i ||ID i ) ⊕ T )mod n, y = ID x i (mod n) and C = y e (mod n), then sends (ID i , C, T ) to the server.…”

“…)) e mod n and R i = f (S i ||N i ), where S i is the sensitive information referred to in the Om and Reddy scheme [22], then stores the data (CID i , R i , n) in the smart card. This scheme was shown to be vulnerable to smart-card loss attack.…”

“…The attacker cannot get any information from the one-time token and encrypted message. The encryption and decryption operations are performed by using Rebalanced-Multi-Power RSA variant [22]. The login message makes use of a password, a unique ID which is associated with a user and a timestamp.…”

Authentication protocols for smart homes

“…As far as user remote authentication for smart home environments is concerned, our liter-ature survey has revealed that techniques based on passwords [18] are typically weak and are not considered very secure. To improve this weakness, other techniques have been proposed such as those relying on the user's personal memory (or digital memory) [19], those relying on the use of Kerberos authentication to implement a single-sign-on [20], those relying on mobile OTP or OAuth [21], an open standard authentication and authorization protocol, in which the user receives a password that should be used within short time period after its generation, otherwise the OTP expires; those relying on smart cards [22], those relying on biometrics [23], those involving transactions based on Near Field Communications (NFC) [24], and those relying on RSA [9], [10], to name a few. The novel RSA-ASH-SC scheme proposed in this thesis belongs to this later class of protocols since its design relies on the use of a variant of RSA (so-called Om and Kumari scheme [10]), in which the anonymity of the user/device is achieved by using a one-time-token.…”

“…In [22], Om and Reddy proposed a RSA-based remote user authentication scheme using smart card. In their scheme, to achieve authentication, no verification table, nor password table is needed.…”

“…In [10], Om and Kumara proposed a modified version of the Om and Reddy scheme [22] as follows. The registration phase is similar to that of the Om and Reddy scheme [22], except that additionally, the user calculates S i = f (P W i ||ID i ) and stores it in the smart card. To login, the user calculates x = f (f (P W i ||ID i ) ⊕ T )mod n, y = ID x i (mod n) and C = y e (mod n), then sends (ID i , C, T ) to the server.…”

“…)) e mod n and R i = f (S i ||N i ), where S i is the sensitive information referred to in the Om and Reddy scheme [22], then stores the data (CID i , R i , n) in the smart card. This scheme was shown to be vulnerable to smart-card loss attack.…”

“…The attacker cannot get any information from the one-time token and encrypted message. The encryption and decryption operations are performed by using Rebalanced-Multi-Power RSA variant [22]. The login message makes use of a password, a unique ID which is associated with a user and a timestamp.…”

Authentication protocols for smart homes

An RSA-Based User Authentication Scheme for Smart-Homes Using Smart Card

A RSA-Biometric Based User Authentication Scheme for Smart Homes Using Smartphones