Cryptanalysis of an Advanced Authentication Scheme

—In this paper we study a scheme for making cryptanalysis and security improvement. This protocol by Song, is a password authentication protocol using smart card. We note that this protocol has been shown to be prone to the offline password guessing attack. We perform an additional cryptanalysis on this scheme and detect that it is vulnerable to the clogging attack, a type of denial-of-service attack. We notice that all smart card typed authentication schemes which lead the scheme by Song, and need the server to find the computationally exhaustive modular exponentiation, similar to the scheme by Xu et al., and it is vulnerable to the clogging attack. Then we propose an enhancement in the scheme to avoid the clogging attack.


INTRODUCTION
The idea behind improving password authentication protocol is to help authorized users obtain services from an authorized server.When an entity needs a service from a server, it has to identify itself to the server in a certain way.Password authentication has been one of the most suitable techniques for a user ID throughout the years.Currently, millions of providers utilize password authentication schemes to identify authorized users.General cases include private web service, Internet shopping, e-mail service, e-trade service, and other services.Fundamentally, each password authentication method has two steps:  Registration step: In this step, the user enters a user ID and password in the computer.The password is saved by the server and kept confidential between the entity and the computer. Authentication step: In this step, the entity needs a service from the computer.It passes its identity and password to the computer to get a service.The computer then decides if the user is authorized by checking the received information of user ID password with the saved details.The server extends the preferred service to the entity, if found authorized In authentication processes, the password is sent cross an insecure communication channel.A hacker can intercept the message by listening to the communication.It can imitate the entity by re-using the password acquired from the communication.These issues compromise the entity confidentiality.The service providers normally keep passwords of users in a database for potential verification and authentication.The passwords are kept in a password index in the computer database.It does not provide any security against unprivileged insiders of the computer, and it does not protect the passwords when the computer database is someway hacked.To reduce the problem of password list disclosure, the computer can encrypt the passwords and protect them.Nevertheless, the communication interception remains a threat to the organization security.Another problem is recalling a user identity and password.A compromise in the password for any entity can be like losing a credit card.The hacker can take advantage before the corporation is informed about the loss.Therefore we have to improve efficient password authentication protocol to finish the authentication process in a secured way.
Taking this into consideration, and to produce a more secure scheme, various smart cards typed password authentication schemes have been proposed throughout the last decade [4,6,7].In such a system, the entity is given with a smart card.When the user needs a service, it gives its smart card with a password that remains private.The smart card then employs this password to build a login message that is passed to the computer.The computer then authenticates this message and gives the preferred service if the password is found legitimate.
In this paper, we study such a scheme under smart card by Song [1].Song presented the scheme as an enhancement of another scheme set is by Xu et al. [3].The scheme has been shown to be prone to the imitation attack.Song then considered this competitive scheme in the same study, to avoid the imitation attack on the scheme.In this paper, we will show that the Song protocol is prone to the clogging attack, a type of the denial-of-service-attack.We noted that the scheme in [3] was vulnerable to clogging attack and also prone to clogging attack.In this attack, the hacker can easily prevent the computer from giving any service without having any information related to the identity or password of the entity.The hacker wants to make any complex computations to launch a clogging attack on Song scheme.We have come to know a cryptanalysis of the Song scheme by Tapiador et al [2].However, they did not study the clogging attack in the scheme in their research.It also worth mentioning that the chain of smart card typed authentication schemes that keeps the server computationally exhaustive modular exponentiation [5] are all prone to the clogging attack.
The hacker takes the benefit of the calculation intensiveness of the modular exponentiation computation in initiating this attack.To avoid clogging attack on these schemes key agreement schemes are required in different www.ijacsa.thesai.orgtypes of communication.Keys want to be securely exchanged before a channel can be recognized.There are few security threats to this that are intruder-in-the-middle so that the hacker pretends to be someone else than connecting participants.Replay of old keys is one more attack which is common in this viewpoint.Therefore it is necessary to improve secure key exchanging schemes to create secure channel.The key agreement protocols commonly have two steps:  Determine the public and private keys: In this step, both the participants compute a pair of keys: the secret key, which is kept private, and the public key, which is made public.In some schemes, a part of this step is completed by a key distribution center that keeps the public keys of the entities in a directory. Determine the secret session key: In this step, the users swap their public keys with a certain integer.The secret session key for message is computed using those integers, and the secret and public keys.Several schemes also let a certain participant determine the private key or session key and pass it to the other participant encrypting it with the message.In this paper we will not study any scheme regarding the key agreement protocols.
The rest of the paper is organized as follows: in section 2, we study the Song scheme including some an enhancement we suggest concerning public and private keys ; then we give a toy example in section 3. Then we have a cryptanalysis of Song scheme .includingclogging attack and offline password guessing attack in section 4. We then propose a solution to this attack in section 5.In section 6, we conclude this work.

II.
REVIEW OF SONG SCHEME We summarize here the password authentication protocol of Song [1].This authentication protocol uses a smart card.In section 3, we consider the achievement and security vulnerability of this protocol.In section 4, we introduce a clogging attack on the scheme.We also consider a possible solution against the attack.Finally, we show that similar protocols of [3], that let the server calculate modular exponentiation, are vulnerable to the same type of attack and has the same achievement dependencies as this protocol.The Song protocol contains three steps: registration, login and authentication.Prior to starting with the registration phase, the server performs the following steps: 1. two primes p and q are chosen where 2. an integer * q Z i  is chosen.

B. Logical Phase
Entity A performs the following steps: 1. Provides its ) , ( A A w id .

C. Authentication Phase
The following steps are performed by the server: 1. the server performs the following after receiving the login request from an entity:  Verifies that A id , and A T .If not, rejects the login message.

IV. SONG SCHEME CRYPAYLISIS
The clogging attack and offline password guessing attack will be discussed in this section.

A. The Clogging Attack
This scheme has a large dependency on the computer and entity clocks.For a connection-oriented use, this may be unwieldy.The scheme should be designed to care for time synchronization between clocks of different entities and servers.This scheme should be made fault tolerant to deal with complex network faults and also with different types of attacks.Despite that the communication is secure, a chance of an attack can occur and a hacker may intercept a message and alter its timestamp A T .In this way the hacker successfully repudiates the authorized entity because the server will refuse the login message on the basis of timestamp dissimilarity.Thus this type of attack is probable even if the scheme avoids replay attacks.Also, interacting delays can prepare the timestamp to go beyond the threshold thus making the entire service inherently decelerate.Therefore, we illustrate that Song scheme is vulnerable to the clogging attack.The clogging attack is a type of attack by which the hacker H constantly passes messages to a server and clogs it with those messages [8].Suppose this could occur with the Song scheme.The following is done by a hacker H : passed by an entity to a server in the login phase.to the server.The following is performed by the server:

H can alter the timestamp
. This does not succeed, thus the message is rejected.
Then, the hacker H will continue repeating the steps many times and let the server calculate the modular exponentiation repeatedly.Essentially, H can potentially alter all the entering login requests from the authorized entity to the server.As modular exponentiation is computationally exhaustive, the victimized server spends large processing resources doing ineffective modular exponentiation rather than any actual work.Therefore the hacker H clog the server with ineffective work and so repudiates any authorized entity.The hacker only wants an id of a valid entity to achieve the clogging attack many times.www.ijacsa.thesai.org

B. Offline Password Gussing Attack
In [1] it is claimed that the hacker should not be able to attack and get access to the server by extracting the information kept on the smart card.But r is right and thus the password tried.In this reasoning we suppose that h has no collisions.Yet, even when h is not perfect, extra eavesdropping sessions can be employed to exclude false positives and find the right password.Briefly, in addition to what is claimed in [1], the messages exchanged during the scheme certainly decrease the entropy of the password, at least for a hacker with access to the values stored in the card.Also, once the password is guessed, the scheme provides no protection against other attacks.

C. Comments
It can be observed that the attack showed can also be made on the schemes by Xu et al. [3] and by Tsaur et al. [5].Thus we notice that the clogging attack can be executed on all the smart card typed authentication schemes using computing modular exponentiation.

V. THE POSSIBLE SOLUTION
We will discuss the possible solution for the problem raised.

A. Prevent The Clogging Attack
At the start of the authentication phase, the server will check if the IP address of the entity is valid.It has to identify the IP addresses of any registered authorized users.Despite that, hacker H might spoof the IP address of an authorized entity and replay the login request.To stop it, we may add a cookie exchange step at the start of the login phase of Song scheme.This step been presented as in the familiar Oakley key exchange scheme [9].

The entity A selects an arbitrary number 1
m and passes it with the message ) , , , ( to the server.2. The server accepts the message and passes its own cookie 2 m to the entity A .

B. Solution Discussion
When the hacker H the entity IP address, H will not obtain 2 m back from the server.But H just succeeds to have the server return an acknowledgement, not to calculate the computationally modular exponentiation.Thus the clogging attack is prevented by these extra steps.We note that this process does not avoid the clogging attack but only frustrates it to a certain extent.

VI. CONCLUSION
We have studied a scheme in this paper.The scheme is a password authentication protocol; which we have shown to be vulnerable to the clogging attack.We demonstrated that the attack on this scheme could be prevented by using an extra step of exchanging numbers.We demonstrated that it is prone to man-in-the-middle attack.Then we showed how to prevent this attack by using an encryption and decryption algorithm.We indicated a security get-out as Song proposed, which is that the hacker can execute modular exponentiation on both sides of the authentication scheme.In addition, after intercepting the retrieved information, the hacker can start new logon information and successfully log into the server system.Thus, Song proposition cannot give adequate security and it is not appropriate for practical implementation of the proposed scheme.