In this section, we present an enhanced scheme to overcome those disadvantages existing in the two previous schemes while the merits of them are left unchanged. Finally, we also provide some important remarks on it in this section.
This section describes our improved scheme, starting with some definitions and notations used in it.
For clarity, we first list some notations used in our scheme in Table I. Note, to be applicable in low resource environments, we implement it over EC because of the well-known advantages with regard to processing and size constraints 26, 27.
Now, we introduce our improved scheme, which is based on the password-based protocol in Ref. 28. Like Wang et al.'s scheme, our scheme also consists of six phases: the registration phase, the precomputation phase, the authentication and key agreement phase, the password changing phase, the revoking smart-card phase, and the user eviction phase. A more detailed description follows:
Server S issues a smart-card to Client i as follows.
Step 1. The client i sends his identity and card's identity to the server.
Step 2. The server S computes and then , where the initial password (e.g., a default password such as a string of all ‘1’). Then, S issues the client i a smart-card which contains and all the system parameters needed in our scheme. Finally, the server maintains a ID table which includes . In our scheme, we still recommend should also be stored in the secure area of the smart card, where some tamper-resistant techniques are used. Although it cannot prevent all possible attacks, it will increase difficulty and cost to break.
Step 3. After receiving the smart-card, the client should change the password immediately as in the password changing phase (described below). Otherwise it may create a security problem if the smart card is stolen. Note the password changing phase below is done without any interaction with server. And thus Server has no idea of the client's password.
Password changing phase
When a client wants to renew a password, the client can insert the personal smart card into the card reader and key in the old password and the new password along with his identity . Then the smart card retrieves and computes . Finally, the smart card replaces Ai with .
Now, one can easily remark that, even when the attack obtains stored in the card, he cannot verify the guessed the password and identity. That is because the computation always falls into G for any guessed . Note the hash function maps any input into G. Therefore, our scheme is secure against the smart-card loss problem.
The smart card selects two random numbers in , and computes , , and before the start of the authentication and key agreement Phase. Then it stores into it's memory for use in the authentication and key agreement phase. Note, after that, they should be erased for security considerations. In other words, once the attack gets the card, the precomputed results used previously has been erased and is replaced by some newly unused precomputed results. Therefore, even the attacker gets the card, he cannot break the authentication mechanism of our protocol.
Authentication and key agreement phase
When Client i wants to access the resources of the remote server S, the client has to insert the personal smart card into the card reader and keys in the identity and the password . Then the remote server and the smart card will perform the following steps to achieve mutual authentication and agree a common session key, which is illustrated in Figure 1.
SEC 315 MID TERMQuestion 12.5 out of 2.5 pointsIf a person performing security services is found negligent that means thathe or she:Selected Answer:failed to exercise reasonable careCorrect Answer:failed to exercise reasonable careQuestion 22.5 out of 2.5 pointsThe major weakness of most CCTV systems is:Selected Answer:the inability to observe crime activity in progress if there are multiple sitesCorrect Answer:the inability to observe crime activity in progress if there are multiple sitesQuestion 30 out of 2.5 pointsThe vast majority of security services personnel in the private sector are employed in:Selected Answer:investigationsCorrect Answer:contract watch and guardQuestion 42.5 out of 2.5 pointsSWOT for strategic planning stands for:Selected Answer:strengths, weaknesses, opportunities, threatsCorrect Answer:strengths, weaknesses, opportunities, threatsQuestion 52.5 out of 2.5 points