Wireless Communications and Mobile Computing
T : Symbols and notations in Wang et al.’s scheme.
𝑈
𝑖
the 𝑖th user
𝑆
𝑗
the 𝑗th server
𝑅𝐶 registration centre
𝐼𝐷
𝑖
𝑈
𝑖
’s identity
𝐴𝐼𝐷
𝑖
𝑈
𝑖
’s dynamic identity
𝑆𝐼𝐷
𝑗
𝑆
𝑗
’s identity
𝑆𝐶
𝑖
𝑈
𝑖
’s smart card
𝑃𝑊
𝑖
𝑈
𝑖
’s password
𝐵𝐼𝑂
𝑖
𝑈
𝑖
’s biometrics
𝑅
𝑖
𝑈
𝑖
’s nearly random binary string
𝑃𝑆𝐾 pre-shared key between server and registration centre
𝑥 master secret key between user and registration centre
⊕ exclusive OR
ℎ(
) one-way hash function
|| concatenating operation
sensor. Aer that, (𝑅
𝑖
,𝑃
𝑖
)isextractedfrom𝐵𝐼𝑂
𝑖
through 𝐺𝑒𝑛(𝐵𝐼𝑂
𝑖
)←(𝑅
𝑖
,𝑃
𝑖
).Finally𝑈
𝑖
calculates 𝑅𝑃𝑊
𝑖
=ℎ(𝑃𝑊
𝑖
‖𝑅
𝑖
) and sends
{𝐼𝐷
𝑖
𝑅𝑃𝑊
𝑖
} to 𝑅𝐶 securely.
(b) 𝑅𝐶 generates <𝐼𝐷
𝑖
,𝑁
𝑖
=1>and stores it to
the database. Note that 𝑁
𝑖
indicates the state of
𝑈
𝑖
’s account. When 𝑈
𝑖
revokes his account, 𝑅𝐶
sets 𝑁
𝑖
=0.When𝑈
𝑖
reregisters his account,
𝑅𝐶 sets 𝑁
𝑖
=𝑁
𝑖
+1.Aerthat𝑅𝐶 calculates
𝐴
𝑖
=ℎ(𝐼𝐷
𝑖
‖𝑥‖𝑇
𝑟
), 𝐵
𝑖
=𝑅𝑃𝑊
𝑖
⊕ℎ(𝐴
𝑖
),
𝐶
𝑖
=𝐵
𝑖
⊕ℎ(𝑃𝑆𝐾), 𝐷
𝑖
=𝑃𝑆𝐾⊕𝐴
𝑖
⊕ℎ(𝑃𝑆𝐾),
and 𝑉
𝑖
=ℎ(𝐼𝐷
𝑖
‖𝑅𝑃𝑊
𝑖
) where 𝑇
𝑟
is the time of
registration. Finally, 𝑅𝐶 sends {𝐵
𝑖
,𝐶
𝑖
,𝐷
𝑖
,𝑉
𝑖
} to
𝑈
𝑖
securely.
(c) 𝑈
𝑖
receives {𝐵
𝑖
,𝐶
𝑖
,𝐷
𝑖
,𝑉
𝑖
} from 𝑅𝐶,stores
{𝐵
𝑖
,𝐶
𝑖
,𝐷
𝑖
,𝑉
𝑖
,𝑃
𝑖
} into 𝑆𝐶
𝑖
,andstores𝑃
𝑖
in 𝑆𝐶
𝑖
.
Login Phase
(i) 𝑈
𝑖
inputs 𝐼𝐷
𝑖
and 𝑃𝑊
𝑖
with his/her smart card 𝑆𝐶
𝑖
and
imprints 𝐵𝐼𝑂
∗
𝑖
at the sensor.
(ii) 𝑆𝐶
𝑖
calculates 𝑅
𝑖
=𝑅𝑒𝑝(𝐵𝐼𝑂
∗
𝑖
,𝑃
𝑖
) and 𝑅𝑃𝑊
𝑖
=
ℎ(𝑃𝑊
𝑖
‖𝑅
𝑖
).Aerthat,𝑆𝐶
𝑖
checks whether ℎ(𝐼𝐷
𝑖
‖
𝑅𝑃𝑊
𝑖
)=𝑉
𝑖
holdsornot.Ifitisright,𝑆𝐶
𝑖
computes
ℎ(𝑃𝑆𝐾) = 𝐵
𝑖
⊕𝐶
𝑖
.
(iii) 𝑆𝐶
𝑖
calculates 𝐴𝐼𝐷
𝑖
=ℎ(𝑁
1
)⊕𝐼𝐷
𝑖
aer choosing a
random number 𝑁
1
.Aerthat,𝑆𝐶
𝑖
computes 𝑀
1
=
𝑅𝑃𝑊
𝑖
⊕ℎ(𝑃𝑆𝐾)⊕𝑁
1
and 𝑀
2
=ℎ(𝐴𝐼𝐷
𝑖
‖𝑁
1
‖𝑅𝑃𝑊
𝑖
‖
𝑆𝐼𝐷
𝑗
‖𝑇
𝑖
) where 𝑇
𝑖
is a timestamp.
(iv) 𝑆𝐶
𝑖
sends {𝐵
𝑖
,𝐷
𝑖
,𝑀
1
,𝑀
2
,𝐴𝐼𝐷
𝑖
,𝑇
𝑖
} to 𝑆
𝑗
.
Authentication Phase
(i) 𝑆
𝑗
checks whether 𝑇
𝑖
−𝑇
𝑗
≤Δ𝑇.Notethat𝑇
𝑗
is the
time that 𝑆
𝑗
receives the login message, and Δ𝑇means
the time interval.
(ii) If the verication is valid, 𝑆
𝑗
calculates 𝐴
𝑖
=𝑃𝑆𝐾⊕
𝐷
𝑖
⊕ℎ(𝑃𝑆𝐾), 𝑅𝑃𝑊
𝑖
=ℎ(𝐴
𝑖
)⊕𝐵
𝑖
,and𝑁
1
=𝑀
1
⊕
𝑅𝑃𝑊
𝑖
⊕ℎ(𝑃𝑆𝐾)and checks whether ℎ(𝐴𝐼𝐷
𝑖
‖𝑁
1
‖
𝑅𝑃𝑊
𝑖
‖𝑆𝐼𝐷
𝑗
‖𝑇
𝑖
)=𝑀
2
.
(iii) If this verication is valid, 𝑆
𝑗
chooses a random
number 𝑁
2
and calculates 𝑆𝐾
𝑖𝑗
=ℎ(𝐴𝐼𝐷
𝑖
‖𝑆𝐼𝐷
𝑗
‖
𝑁
1
‖𝑁
2
) as the session secret key. en, 𝑆
𝑗
computes
𝑀
3
=ℎ(𝑃𝑆𝐾)⊕ℎ(𝐴𝐼𝐷
𝑖
‖𝑁
1
)⊕𝑁
2
and 𝑀
4
=ℎ(𝑆𝐼𝐷
𝑗
‖
𝑁
2
‖𝐴𝐼𝐷
𝑖
).Finally𝑆
𝑗
returns {𝑀
3
𝑀
4
,𝑆𝐼𝐷
𝑗
} to 𝑈
𝑖
.
(iv) 𝑆𝐶
𝑖
calculates 𝑁
2
=ℎ(𝑃𝑆𝐾)⊕ℎ(𝐴𝐼𝐷
𝑖
‖𝑁
1
)⊕𝑀
3
and 𝑆𝐾
𝑖𝑗
=ℎ(𝐴𝐼𝐷
𝑖
‖𝑆𝐼𝐷
𝑗
‖𝑁
1
‖𝑁
2
) and checks
whether ℎ(𝑆𝐼𝐷
𝑗
‖𝑁
2
‖𝐴𝐼𝐷
𝑖
)=𝑀
4
.Ifitisvalid,𝑆𝐶
𝑖
calculates 𝑀
5
=ℎ(𝑆𝐾
𝑖𝑗
‖𝑁
1
‖𝑁
2
) and sends 𝑀
5
to
𝑆
𝑗
.
(v) 𝑆
𝑗
checks whether the condition ℎ(𝑆𝐾
𝑖𝑗
‖𝑁
1
‖𝑁
2
)
matches with 𝑀
5
.Ifholds,𝑆
𝑗
conrms the session
key 𝑆𝐾
𝑖𝑗
.Otherwise,𝑆
𝑗
terminates the session imme-
diately.
Password Change Phase
(i) 𝑈
𝑖
inserts his/her smart card, inputs 𝐼𝐷
𝑖
and 𝑃𝑊
𝑖
,and
imprints 𝐵𝐼𝑂
∗
𝑖
.
(ii) 𝑆𝐶
𝑖
retires 𝑅
𝑖
from 𝑅𝑒𝑝(𝐵𝐼𝑂
∗
𝑖
,𝑃
𝑖
) and computes
𝑅𝑃𝑊
𝑖
=ℎ(𝑃𝑊
𝑖
‖𝑅
𝑖
).en𝑆𝐶
𝑖
checks whether
ℎ(𝐼𝐷
𝑖
‖𝑅𝑃𝑊
𝑖
) matches with 𝑉
𝑖
.Ifitholds,𝑈
𝑖
can
input the new password.
(iii) 𝑈
𝑖
inputs the new password 𝑃𝑊
𝑛
𝑖
and 𝑆𝐶
𝑖
calculates
𝑅𝑃𝑊
𝑛
𝑖
=ℎ(𝑃𝑊
𝑛
𝑖
‖𝑅
𝑖
), 𝐵
𝑛
𝑖
=𝐵
𝑖
⊕𝑅𝑃𝑊
𝑖
⊕𝑅𝑃𝑊
𝑛
𝑖
,
𝐶
𝑛
𝑖
=𝐶
𝑖
⊕𝑅𝑃𝑊
𝑖
⊕𝑅𝑃𝑊
𝑛
𝑖
,and𝑉
𝑛
𝑖
=ℎ(𝐼𝐷
𝑖
‖𝑅𝑃𝑊
𝑛
𝑖
).
(iv) 𝑆𝐶
𝑖
displaces 𝐵
𝑖
with 𝐵
𝑛
𝑖
, 𝐶
𝑖
with 𝐶
𝑛
𝑖
,and𝑉
𝑖
with 𝑉
𝑛
𝑖
,
respectively.
Revocation and Reregistration Phase
(i) If 𝑈
𝑖
is revoked, he needs to send verication message
𝑅𝑃𝑊
𝑖
to 𝑅𝐶 securely.
(ii) 𝑅𝐶 checks the validity of 𝑈
𝑖
.If𝑈
𝑖
is a valid user, 𝑅𝐶
sets <𝐼𝐷
𝑖
,𝑁
𝑖
=0>.