Public-key cryptography and password protocols
ACM Transactions on Information and System Security (TISSEC)
Password authentication with insecure communication
Communications of the ACM
Protocols for Key Establishment and Authentication
Protocols for Key Establishment and Authentication
Cryptanalysis of an ID-based password authentication scheme using smart cards and fingerprints
ACM SIGOPS Operating Systems Review
A password authentication scheme over insecure networks
Journal of Computer and System Sciences
Efficient and secure authenticated key exchange using weak passwords
Journal of the ACM (JACM)
Password based key exchange with mutual authentication
SAC'04 Proceedings of the 11th international conference on Selected Areas in Cryptography
New authentication scheme based on a one-way hash function and diffie-hellman key exchange
CANS'05 Proceedings of the 4th international conference on Cryptology and Network Security
Efficient remote user authentication scheme based on generalized ElGamal signature scheme
IEEE Transactions on Consumer Electronics
Research note: Cryptanalysis of a remote login authentication scheme
Computer Communications
Auth-SL: a system for the specification and enforcement of quality-based authentication policies
ICICS'07 Proceedings of the 9th international conference on Information and communications security
Multi-factor password-authenticated key exchange
AISC '10 Proceedings of the Eighth Australasian Conference on Information Security - Volume 105
Comments on an advanced dynamic ID-Based authentication scheme for cloud computing
WISM'12 Proceedings of the 2012 international conference on Web Information Systems and Mining
Hi-index | 0.00 |
One of the most commonly used two-factor authentication mechanisms is based on smart card and user's password. Throughout the years, there have been many schemes proposed, but most of them have already been found flawed due to the lack of formal security analysis. On the cryptanalysis of this type of schemes, in this paper, we further review two recently proposed schemes and show that their security claims are invalid. To address the current issue, we propose a new and simplified property set and a formal adversarial model for analyzing the security of this type of schemes. We believe that the property set and the adversarial model themselves are of independent interest. We then propose a new scheme and a generic construction framework. In particular, we show that a secure password based key exchange protocol can be transformed efficiently to a smartcard and password based two-factor authentication scheme provided that there exist pseudorandom functions and collision-resistant hash functions.