introduction
With the popularity of computer networks and the development of e-commerce, more and more resources and applications are obtained remotely using the network. How to ensure that specific resources are only accessed by legitimate and authorized users, that is, how to correctly identify the user is the primary condition for ensuring the security of the communication network and data. Currently, there are three main methods of identity authentication: password-based identity authentication; biometric-based identity authentication and smart card-based identity authentication. Combined with cryptography, many experts and scholars have proposed an effective scheme based on smart card authentication.
In 2000, Sun proposed a smart card effective remote authentication scheme based on hash function, but the scheme is vulnerable to password guessing attacks and internal attacks. In 2002, the author of the literature [5] also proposed a scheme based on the one-way hash function. Subsequently, many experts and scholars proposed their own solutions, which achieve effective and safe two-way authentication by introducing parameters such as random numbers, counters, and time stamps. But unfortunately, there are some unavoidable loopholes in these programs.
Based on the analysis of the above schemes, a new remote user authentication scheme is proposed here. This program is based on the development of electronic technology and chip technology. Literature [6-8] proves the application of public key cryptography in smart cards. On the basis of retaining some of the parameters used in the above documents, the scheme introduces a public key cryptography algorithm in the smart card, which reliably implements the identity authentication of both parties, and is capable of defending against most types of attacks and has strong security.
1. Definition of terms The following definitions are used in the text.
U indicates the user in the authentication protocol; S indicates the authentication server in the authentication protocol; ID is the user's identity; PW is the user login password; Ti is the timestamp; h(·) is the one-way hash function; Operation; for a secure communication channel; → for an unsafe, normal communication channel; E for an encryption algorithm; D for a decryption algorithm; Ku for the user's public key; ku for the user's private key; Ks is the server's public key; Ks is the private key of the server.
2. The proposed certification scheme
The solution consists of a registration phase, a login phase, a two-way verification phase, and a password modification phase.
2.1 Registration phase
R1: The user selects his own identification ID, public key Ku, private key ku, password PW and calculates h(PW), and submits it to the authentication server S through the secure channel, namely US: ID, h(PW), Ku, ku.
R2: The server generates its own private key ks and public key Ks, and publishes its own public key Ks, saves ks, and stores the user's public key Ku in the database. At the same time, the server calculates Vi=h(ID⊕ks), Ri=h(ID⊕ks)⊕h(PW), and then writes the information {Ri,h(·), Ks,ku, public key algorithm} to the smart card.
R3: S delivers the smart card to the user via the secure channel, ie S U:Card{Ri,h(·), Ks,ku, public key algorithm}.
2.2 Landing stage
L1: User U inserts the smart card into the relevant terminal device, inputs the ID, PW, and verifies the validity of the ID and PW between the smart card and the terminal device, otherwise it gives up.
L2: Record the system timestamp T1, the smart card calculates Vi=Ri⊕h(PW), C1=h(T1⊕Vi), and uses the server's public key Ks for encryption operation, ET1=E(T1, Ks), EC1= E (C1, Ks).
L3: The user U sends the login information m1{T1, C1, ET1, EC1} to the server S through the general channel, that is, U→S: m1{T1, C1, ET1, EC1}.
2.3 Two-way verification phase
V1: After receiving the m1{ T1, C1, ET1, EC1}, the server S first decrypts with its own private key ks: T1*=D(T1,ks), C1*=D(C1,ks), then Compare judgment: Whether T1* and T1 are equal, and whether C1* and C1 are equal. If the two cannot be equal at the same time, give up; if the two are equal at the same time, the following calculation is performed.
V2: Calculate Vi=h(ID⊕ks).
V3: Verify that h(T1⊕Vi) is equal to C1. If they are not equal, they are illegal users; if they are equal, they are legal users.
V4: Record system timestamp T2, calculate C2=h(T2⊕Vi), and perform encryption operation using the user's public key Ku stored in the database: ET2=E(T2, Ku), EC2=E(C2, Ku ).
V5: The server S sends the feedback information m2{T2, C2, ET2, EC2} to the user U through the general channel. Namely: S→U: m2{ T2, C2, ET2, EC2}.
V6: After receiving the information m2{T2, C2, ET2, EC2}, the user U uses his private key ku to perform the decryption operation: T2*=D(T2, ku), C2*=D(C2, ku), then Compare judgment: Whether T2* and T2 are equal, and whether C2* and C2 are equal. If the two cannot be equal at the same time, give up; if the two are equal at the same time, the following calculation is performed.
V7: Verify that h(T2⊕Vi) is equal to C2. If they are not equal, they are illegal servers; if they are equal, they are legitimate servers.
2.4 Password modification phase
P1: Calculate Ri*=Ri⊕h(PW)⊕h(PW*)=h(ID⊕ks)⊕h(PW*).
P2: Replace Ri with Ri* and store it on the smart card.
3. Security analysis
The scheme introduces a public key cryptosystem, which is encrypted when the non-secure channel transmits information, so it has strong security and can resist multiple attacks.
3.1 Replay attack
It is assumed that the attacker intercepts the login information m1{T1, C1, ET1, EC1} of the L3 stage, and changes the time stamp T1 of the plaintext form to T1'. However, the encrypted timestamp ET1 is still included in the login information. In the V1 phase, the attacker is rejected due to the decrypted T1*≠T1'.
3.2 Denial of Service Attack
In many literatures, T2-T1=ΔT is used as the verification condition. Therefore, when the network is blocked or the attacker intentionally intercepts the login information and delays the transmission to S after a certain period of time, S detects that ΔT does not meet the condition and is easy. A denial of service attack occurred. The scheme proposed in this paper does not need to use ΔT as the verification condition. Even if the network is blocked or the attacker deliberately delays, since the value of T1 does not change, T1=T1*, it will not cause a denial of service attack. And the system does not require very strict synchronization requirements.
3.3 ReflectiON Attack Attack
Suppose the attacker intercepts the information of the L3 stage m1{T1, C1, ET1, EC1} and blocks the transmission of the information, and impersonates S, skips the V1~V4 phase of the verification phase, and directly sends m1{T1, C1 to the user U. , ET1, EC1}, attempting to impersonate the V5 stage information m2{T2, C2, ET2, EC2}. However, in this scheme, ET1 and EC1 are encrypted with S's public key Ks, and can only be decrypted with S's private key ks. User U does not have ks, so T1* and C1* cannot be calculated, so the attack is not feasible.
3.4 Parallel Attack Attack
Suppose the attacker intercepts the information m2{T2, C2, ET2, EC2} of the V5 stage and impersonates the user U to resend m2 to S. However, it is not feasible to perform decryption calculation on the S side, because ET2 and EC2 are encrypted with U's public key Ku, and its private key k u is used at the U end, and the S end cannot perform decryption operations.
3.5 Smart Card Loss\Copy Attack
Since the attacker does not know the password PW, it is impossible to derive Ri=h(ID⊕ks)⊕h(PW). Similarly, even if the ID and PW are known, if there is no smart card, the user U cannot be impersonated.
3.6 True two-way authentication
The scheme uses a public key cryptography algorithm. U and S respectively use the other party's public key to encrypt, and then send the information, using their own private key to decrypt, which is equal in calculation, so no matter which party the attacker wants to impersonate, it is not feasible. , thus achieving true two-way authentication.
4. Conclusion
It can be seen from the above analysis that by introducing a public key encryption system, the proposed scheme can defend against replay attacks, denial of service attacks, Reflection Attack attacks, Parallel Attack attacks, smart card loss/replication attacks, and realize the two-way identity of both parties. Certification. Although the scheme occupies part of the computing resources due to the introduction of the public key cryptography algorithm, it greatly improves the security of the system, and with the rapid development of electronic technology and chip technology, the computing power and storage capacity of the smart card are continuously improved. The superiority of the program will become more and more prominent. Which of the public key cryptographic algorithms is used in the scheme, such as RSA, El-Gamal, elliptic curve, etc., is beyond the scope of this paper.
Samina foram offer different Nail Brush like Synthetic Nail Brush and Natural Nail Brush. WHICH BRUSHES FOR WHAT MATERIAL TO CHOOSE CORRECTLY?GEL - for gel modeling we choose brushes suitable for scooping UV / LED gel, so it is necessary to use a flat brush with which you can easily apply UV / LED gel on your nails and shape it into the right shape. There are several hair sizes and types. Furthermore, 2 shapes are used for gel modeling, either flat straight or flat oval. SAMINA Nails offers several types, which you can find HERE.POLY GEL - a special brush is used on the poly gel, which has a spatula at one end to gain mass and a brush at the other end for shaping. We also offer a device that has a silicone tip at the ends, which can be used to shape the poly gel. We offer a poly gel brush HERE.
ACRYLIC - round brushes with a tip are used for modeling acrylic nails. The most common sizes are 8 and 10, and the finest hairs that use liquid are perfectly used for these brushes. We offer these brushes HERE.
NAIL ART - there are a lot of brushes for nail art and decorating. The most important brush that no one should miss is the detailer, or extra thin brush, which is suitable for detailed work around the cuticle and nail walls. You can also paint a French manicure or thin lines with it. It's simply a brush you have to have. Another very popular is, for example, a brush for ombré, or a gradual transition of colors, for glitter and many others. You can find our offer HERE.
BRUSH CARE
If we want the brush to last us as long as possible, it is also necessary to take good care of it.
Never leave the brush in the water or detergent for too long - the brush head may come loose or the sleeve may start to rust
Clean the brush thoroughly - head and sleeve
Dry the moisture with a clean cloth or napkin
Place the brush upside down to dry
Dry at room temperature
Clean the brushes you use on UVLED gels properly and store them in a dark place. This will prevent direct light from curing the remnants of the gel left on the brush.
Nail Brush,Kolinsky Nail Brush,ArtIst Nail paint Brush set,Nylon Nail Art Brush
SAMINA FORAM (SHENZHEN) CO., LIMITED. , https://www.saminabrush.com