Two-factor mutual authentication based on smart cards and passwords

Authors:
Guomin Yang;Duncan S. Wong;Huaxiong Wang;Xiaotie Deng
Affiliations:
Department of Computer Science, City University of Hong Kong, Hong Kong, China;Department of Computer Science, City University of Hong Kong, Hong Kong, China;School of Physical and Mathematical Sciences, Nanyang Technological University, Singapore;Department of Computer Science, City University of Hong Kong, Hong Kong, China
Venue:
Journal of Computer and System Sciences
Year:
2008

Citing 19
Cited 12

A digital signature scheme secure against adaptive chosen-message attacks

SIAM Journal on Computing - Special issue on cryptography
Provably secure session key distribution: the three party case

STOC '95 Proceedings of the twenty-seventh annual ACM symposium on Theory of computing
A modular approach to the design and analysis of authentication and key exchange protocols (extended abstract)

STOC '98 Proceedings of the thirtieth annual ACM symposium on Theory of computing
Public-key cryptography and password protocols

ACM Transactions on Information and System Security (TISSEC)
Password authentication with insecure communication

Communications of the ACM
Examining Smart-Card Security under the Threat of Power Analysis Attacks

IEEE Transactions on Computers
Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack

CRYPTO '91 Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology
Cryptanalysis of an ID-based password authentication scheme using smart cards and fingerprints

ACM SIGOPS Operating Systems Review
An Improved Low Computation Cost User Authentication Scheme for Mobile Communication

AINA '05 Proceedings of the 19th International Conference on Advanced Information Networking and Applications - Volume 2
A password authentication scheme over insecure networks

Journal of Computer and System Sciences
Efficient and secure authenticated key exchange using weak passwords

Journal of the ACM (JACM)
Session key distribution using smart cards

EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
Authenticated key exchange secure against dictionary attacks

EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Password based key exchange with mutual authentication

SAC'04 Proceedings of the 11th international conference on Selected Areas in Cryptography
New authentication scheme based on a one-way hash function and diffie-hellman key exchange

CANS'05 Proceedings of the 4th international conference on Cryptology and Network Security
Password-Based authenticated key exchange in the three-party setting

PKC'05 Proceedings of the 8th international conference on Theory and Practice in Public Key Cryptography
Simple password-based encrypted key exchange protocols

CT-RSA'05 Proceedings of the 2005 international conference on Topics in Cryptology
Efficient remote user authentication scheme based on generalized ElGamal signature scheme

IEEE Transactions on Consumer Electronics
Research note: Cryptanalysis of a remote login authentication scheme

Computer Communications

IC card-based single sign-on system that remains secure under card analysis

Proceedings of the 5th ACM workshop on Digital identity management
An Efficient and Provably Secure Cross-Realm Client-to-Client Password-Authenticated Key Agreement Protocol with Smart Cards

CANS '09 Proceedings of the 8th International Conference on Cryptology and Network Security
A novel user-participating authentication scheme

Journal of Systems and Software
An improvement of Xu et al.'s authentication scheme using smart cards

Proceedings of the Third Annual ACM Bangalore Conference
An exquisite authentication scheme with key agreement preserving user anonymity

WISM'10 Proceedings of the 2010 international conference on Web information systems and mining
Robust authentication and key agreement scheme preserving the privacy of secret key

Computer Communications
Secure and privacy-preserving cross-border authentication: The STORK pilot 'SaferChat'

EGOVIS'11 Proceedings of the Second international conference on Electronic government and the information systems perspective
Review: Dynamic ID-based remote user password authentication schemes using smart cards: A review

Journal of Network and Computer Applications
Mobile device integration of a fingerprint biometric remote authentication scheme

International Journal of Communication Systems
Robust smart-cards-based user authentication scheme with user anonymity

Security and Communication Networks
A Robust Uniqueness-and-Anonymity-Preserving Remote User Authentication Scheme for Connected Health Care

Journal of Medical Systems
A Secure and Effective Anonymous User Authentication Scheme for Roaming Service in Global Mobility Networks

Wireless Personal Communications: An International Journal

Quantified Score

Hi-index	0.00

Visualization

Abstract

One of the most commonly used two-factor user authentication mechanisms nowadays is based on smart-card and password. A scheme of this type is called a smart-card-based password authentication scheme. The core feature of such a scheme is to enforce two-factor authentication in the sense that the client must have the smart-card and know the password in order to gain access to the server. In this paper, we scrutinize the security requirements of this kind of schemes, and propose a new scheme and a generic construction framework for smart-card-based password authentication. We show that a secure password based key exchange protocol can be efficiently transformed to a smart-card-based password authentication scheme provided that there exist pseudorandom functions and target collision resistant hash functions. Our construction appears to be the first one with provable security. In addition, we show that two recently proposed schemes of this kind are insecure.