Robust password and smart card based authentication scheme with smart card revocation

被引：9

作者：

Xie Q. ^{[1
]}

Liu W.-H. ^{[1
]}

Wang S.-B. ^{[1
]}

Hu B. ^{[1
]}

Dong N. ^{[1
]}

Yu X.-Y. ^{[1
]}

机构：

[1] Hangzhou Key Laboratory of Cryptography and Network Security, Hangzhou Normal University

来源：

Journal of Shanghai Jiaotong University (Science) | 2014年 / 19卷 / 04期

基金：

中国国家自然科学基金;

关键词：

password; protocol; security; smart card; user authentication;

D O I：

10.1007/s12204-014-1518-2

中图分类号：

学科分类号：

摘要：

User authentication scheme allows user and server to authenticate each other, and generates a session key for the subsequent communication. How to resist the password guessing attacks and smart card stolen attacks are two key problems for designing smart cart and password based user authentication scheme. In 2011, Li and Lee proposed a new smart cart and password based user authentication scheme with smart card revocation, and claimed that their scheme could be immunity to these attacks. In this paper, we show that Li and Lee's scheme is vulnerable to off-line password guessing attack once the information stored in smart card is extracted, and it does not provide perfect forward secrecy. A robust user authentication scheme with smart card revocation is then proposed. We use a most popular and widely used formal verification tool ProVerif, which is based on applied pi calculus, to prove that the proposed scheme achieves security and authentication. © 2014 Shanghai Jiaotong University and Springer-Verlag Berlin Heidelberg.

引用

页码：418 / 424

页数：6

共 25 条

[1]

Chen B.L., Kuo W.C., Wuu L.C., A secure password-based remote user authentication scheme without smart cards [J], Information Technology and Control, 41, 1, pp. 53-59, (2012)

[2]

Chang C.C., Hwang S.J., Using smart cards to authenticate remote passwords [J], Computers & Mathematics with Applications, 26, 7, pp. 19-27, (1993)

[3]

Li C.T., Secure smart card based password authentication scheme with user anonymity [J], Information Technology and Control, 40, 2, pp. 157-162, (2011)

[4]

Yoon E.J., Ryu E.K., Yoo K.Y., Further improvement of an efficient password based remote user authentication scheme using smart cards [J], IEEE Transactions on Consumer Electronics, 50, 2, pp. 612-614, (2004)

[5]

Kumar M., New remote user authentication scheme using smart cards [J], IEEE Transactions on Consumer Electronics, 50, 2, pp. 597-600, (2004)

[6]

Sun H.M., An efficient remote user authentication scheme using smart cards [J], IEEE Transactions on Consumer Electronics, 46, 4, pp. 958-961, (2000)

[7]

Xu J., Zhu W.T., Feng D.G., An Improved smart card based password authentication scheme with provable security [J], Computer Standards & Interfaces, 31, 4, pp. 723-728, (2009)

[8]

Xie Q., Improvement of a security enhanced one-time two-factor authentication and key agreement scheme [J], Scientia Iranica, 19, 6, pp. 1856-1860, (2012)

[9]

Nose P., Security weaknesses of authenticated key agreement protocols [J], Information Processing Letters, 111, 14, pp. 687-696, (2011)

[10]

Kocher P., Jaffe J., Jun B., Differential power analysis [C], Proceedings of Advances in Cryptology, pp. 388-397, (1999)

← 1 2 3 →