A digital signature scheme secure against adaptive chosen-message attacks
SIAM Journal on Computing - Special issue on cryptography
Provably secure session key distribution: the three party case
STOC '95 Proceedings of the twenty-seventh annual ACM symposium on Theory of computing
STOC '98 Proceedings of the thirtieth annual ACM symposium on Theory of computing
Public-key cryptography and password protocols
ACM Transactions on Information and System Security (TISSEC)
Password authentication with insecure communication
Communications of the ACM
Examining Smart-Card Security under the Threat of Power Analysis Attacks
IEEE Transactions on Computers
Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack
CRYPTO '91 Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology
Cryptanalysis of an ID-based password authentication scheme using smart cards and fingerprints
ACM SIGOPS Operating Systems Review
An Improved Low Computation Cost User Authentication Scheme for Mobile Communication
AINA '05 Proceedings of the 19th International Conference on Advanced Information Networking and Applications - Volume 2
A password authentication scheme over insecure networks
Journal of Computer and System Sciences
Efficient and secure authenticated key exchange using weak passwords
Journal of the ACM (JACM)
Session key distribution using smart cards
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
Authenticated key exchange secure against dictionary attacks
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Password based key exchange with mutual authentication
SAC'04 Proceedings of the 11th international conference on Selected Areas in Cryptography
New authentication scheme based on a one-way hash function and diffie-hellman key exchange
CANS'05 Proceedings of the 4th international conference on Cryptology and Network Security
Password-Based authenticated key exchange in the three-party setting
PKC'05 Proceedings of the 8th international conference on Theory and Practice in Public Key Cryptography
Simple password-based encrypted key exchange protocols
CT-RSA'05 Proceedings of the 2005 international conference on Topics in Cryptology
Efficient remote user authentication scheme based on generalized ElGamal signature scheme
IEEE Transactions on Consumer Electronics
Research note: Cryptanalysis of a remote login authentication scheme
Computer Communications
IC card-based single sign-on system that remains secure under card analysis
Proceedings of the 5th ACM workshop on Digital identity management
CANS '09 Proceedings of the 8th International Conference on Cryptology and Network Security
A novel user-participating authentication scheme
Journal of Systems and Software
An improvement of Xu et al.'s authentication scheme using smart cards
Proceedings of the Third Annual ACM Bangalore Conference
An exquisite authentication scheme with key agreement preserving user anonymity
WISM'10 Proceedings of the 2010 international conference on Web information systems and mining
Robust authentication and key agreement scheme preserving the privacy of secret key
Computer Communications
Secure and privacy-preserving cross-border authentication: The STORK pilot 'SaferChat'
EGOVIS'11 Proceedings of the Second international conference on Electronic government and the information systems perspective
Review: Dynamic ID-based remote user password authentication schemes using smart cards: A review
Journal of Network and Computer Applications
Mobile device integration of a fingerprint biometric remote authentication scheme
International Journal of Communication Systems
Robust smart-cards-based user authentication scheme with user anonymity
Security and Communication Networks
Journal of Medical Systems
Wireless Personal Communications: An International Journal
Hi-index | 0.00 |
One of the most commonly used two-factor user authentication mechanisms nowadays is based on smart-card and password. A scheme of this type is called a smart-card-based password authentication scheme. The core feature of such a scheme is to enforce two-factor authentication in the sense that the client must have the smart-card and know the password in order to gain access to the server. In this paper, we scrutinize the security requirements of this kind of schemes, and propose a new scheme and a generic construction framework for smart-card-based password authentication. We show that a secure password based key exchange protocol can be efficiently transformed to a smart-card-based password authentication scheme provided that there exist pseudorandom functions and target collision resistant hash functions. Our construction appears to be the first one with provable security. In addition, we show that two recently proposed schemes of this kind are insecure.