Formal analysis and systematic construction of two-factor authentication scheme (short paper)

Authors:
Guomin Yang;Duncan S. Wong;Huaxiong Wang;Xiaotie Deng
Affiliations:
Department of Computer Science, City University of Hong Kong, Hong Kong, China;Department of Computer Science, City University of Hong Kong, Hong Kong, China;Department of Computing, Macquarie University, Australia;Department of Computer Science, City University of Hong Kong, Hong Kong, China
Venue:
ICICS'06 Proceedings of the 8th international conference on Information and Communications Security
Year:
2006

Citing 10
Cited 3

Public-key cryptography and password protocols

ACM Transactions on Information and System Security (TISSEC)
Password authentication with insecure communication

Communications of the ACM
Protocols for Key Establishment and Authentication

Protocols for Key Establishment and Authentication
Cryptanalysis of an ID-based password authentication scheme using smart cards and fingerprints

ACM SIGOPS Operating Systems Review
A password authentication scheme over insecure networks

Journal of Computer and System Sciences
Efficient and secure authenticated key exchange using weak passwords

Journal of the ACM (JACM)
Password based key exchange with mutual authentication

SAC'04 Proceedings of the 11th international conference on Selected Areas in Cryptography
New authentication scheme based on a one-way hash function and diffie-hellman key exchange

CANS'05 Proceedings of the 4th international conference on Cryptology and Network Security
Efficient remote user authentication scheme based on generalized ElGamal signature scheme

IEEE Transactions on Consumer Electronics
Research note: Cryptanalysis of a remote login authentication scheme

Computer Communications

Auth-SL: a system for the specification and enforcement of quality-based authentication policies

ICICS'07 Proceedings of the 9th international conference on Information and communications security
Multi-factor password-authenticated key exchange

AISC '10 Proceedings of the Eighth Australasian Conference on Information Security - Volume 105
Comments on an advanced dynamic ID-Based authentication scheme for cloud computing

WISM'12 Proceedings of the 2012 international conference on Web Information Systems and Mining

Quantified Score

Hi-index	0.00

Visualization

Abstract

One of the most commonly used two-factor authentication mechanisms is based on smart card and user's password. Throughout the years, there have been many schemes proposed, but most of them have already been found flawed due to the lack of formal security analysis. On the cryptanalysis of this type of schemes, in this paper, we further review two recently proposed schemes and show that their security claims are invalid. To address the current issue, we propose a new and simplified property set and a formal adversarial model for analyzing the security of this type of schemes. We believe that the property set and the adversarial model themselves are of independent interest. We then propose a new scheme and a generic construction framework. In particular, we show that a secure password based key exchange protocol can be transformed efficiently to a smartcard and password based two-factor authentication scheme provided that there exist pseudorandom functions and collision-resistant hash functions.