Common use of Login Phase Clause in Contracts

Login Phase. (1) Ui inserts Ui’s smart card into a terminal, and inputs the IDi and PWi. The smart card compares IDi with the stored value IDi. If this condition is satisfied, the smart card acknowledges the legitimacy of the Ui, and proceeds with the next step. Otherwise, it terminates this phase. (2) The smart card computes PWi = h(PWi||b) and k = h((Ni ⊕ PWi)||T1), then chooses a random nonce R1 ∈ {0, 1}l , and computes Ai = Ek(IDi||R1||T1). (3) Finally, Ui sends a login request message (IDi, Ai, T1) to GWN through a public channel. From the above descriptions, in login phase of ▇▇▇▇ et al.’s scheme, the message size of the login request (IDi, Ai, T1) can be computed as (8 + 20 + 19) = 47 bytes. User (U ) Gateway (GW ) Sensor (Sn) i i Inputs (IDi, PWi) Checks ID =? stored ID PWi = h(PWi||b) k = h((Ni ⊕ PWi)||T1) Chooses a random nonce R1 ∈ {0, 1}l Ai = Ek(IDi||R1||T1) (IDi, Ai, T1) Checks |T1′ − T1| < ∆T k = h(h(IDi||xa)||T1) Dk(Ai) = {IDi, R1, T1} Checks IDi, T1 SK = h(IDi||h(xs||SIDn)||T2) Bi = h(h(xs||SIDn)||SK||SIDn||IDi||T2) (IDi, Bi, T2) Checks |T2′ − T2| < ∆T SK = h(IDi||h(xs||SIDn)||T2) ? Bi∗ = h(h(xs||SIDn)||SK||SIDn||IDi||T2) Checks Bi = Bi Ci = h(h(xs||SIDn)||SK||IDi||SIDn||T3) (Ci, T3) Checks |T3′ − T3| < ∆T Ci∗ = h(h(xs||SIDn)||SK||IDi||SIDn||T3) Checks C∗ =? C Di = Ek(IDi||SIDn||SK||R1||T4) (Di, T4) Checks |T4′ − T4| < ∆T Dk(Di) = {IDi, SIDn, SK, R1, T4} Checks IDi, R1, T4

Login Phase. The login phase is executed whenever the Ui wants to gain access to WSN. In this phase, ▇▇ sends the login request to GWN. Figure 5 illustrates the login and verification phase for our proposed scheme. In detail, this process is: (1) Ui inserts Ui’s smart card into a terminal, and inputs the IDi and PWi. The smart card computes the masked password PWi∗ = h(PWi||b) and v∗ = Ni ⊕ h(IDi||PWi∗). The smart card further computes Mi∗ = h(PWi∗||v∗ ), and compares IDi it with the stored value IDiMi. If this condition is satisfied, the smart card acknowledges the legitimacy of the Ui, and proceeds with the next step. Otherwise, it terminates this phase. (2) The smart card computes PWi = h(PWi||b) and k = h((Ni ⊕ PWi)||T1), then chooses a random nonce R1 ∈ {0, 1}l , and computes DIDi = h(IDi||R1). The smart card then computes k = h(DIDi||v∗||T1) and Ai = Ek(IDi||R1||T1Ek(DIDi||R1||T1). (3) Finally, Ui ▇▇ sends a login request message (IDi▇▇▇▇, Ai, T1) to GWN through a public channel. From the above descriptions, in login phase of ▇▇▇▇ et al.’s scheme, the message size of the login request (IDi, Ai, T1) can be computed as (8 + 20 + 19) = 47 bytes. User (U ) Gateway (GW ) Sensor (Sn) i i ) Inputs (IDi, PWi) Checks ID =? stored ID PWi PWi∗ = h(PWi||b) k v∗ = h((Ni Ni ⊕ PWi)||T1h(IDi||PWi∗) Mi∗ = h(PWi∗||v∗) Checks M∗ =? M i i Chooses a random nonce R1 ∈ {0, 1}l DIDi = h(IDi||R1), k = h(DIDi||v∗||T1) Ai = Ek(IDi||R1||T1Ek (DIDi||R1||T1) (IDi▇▇▇▇, Ai▇▇, T1) Checks |T1′ − T1| < ∆T k = h(h(IDi||xa)||T1h(DIDi||h(xa)||T1) Dk(AiDk(Ai ) = {IDiDIDi, R1, T1} Checks IDiDIDi, T1 Chooses a random nonce R2 ∈ {0, 1}l Mi = R2 ⊕ h(xs||SIDn) SK = h(IDi||h(xs||SIDn)||T2h(DIDi||h(xs||SIDn)||R2||T2) Bi = h(h(xs||SIDn)||SK||SIDn||IDi||T2h(DIDi||SK||h(xs||SIDn)||SIDn||T2) (IDiMi, ▇▇▇▇, Bi, T2) Checks |T2′ − T2| < ∆T R2 = Mi ⊕ h(xs||SIDn) SK = h(IDi||h(xs||SIDn)||T2h(DIDi||h(xs||SIDn)||R2||T2) ? Bi∗ = h(h(xs||SIDn)||SK||SIDn||IDi||T2h(DIDi||SK||h(xs||SIDn)||SIDn||T2) Checks Bi = Bi B∗ =? B Ci = h(h(xs||SIDn)||SK||IDi||SIDn||T3h(h(xs||SIDn)||SK||DIDi||SIDn||T3) (Ci, T3) Checks |T3′ − T3| < ∆T Ci∗ = h(h(xs||SIDn)||SK||IDi||SIDn||T3h(h(xs||SIDn)||SK||DIDi||SIDn||T3) Checks C∗ =? C Di = Ek(IDi||SIDn||SK||R1||T4Ek (DIDi||SIDn||SK||R1||T4) (Di, T4) Checks |T4′ − T4| < ∆T Dk(DiDk (Di) = {IDiDIDi, SIDn, SK, R1, T4} Checks IDiDIDi, R1, T4