Publication Type

Conference Proceeding Article

Version

publishedVersion

Publication Date

12-2006

Abstract

One of the most commonly used two-factor authentication mechanisms is based on smart card and user’s password. Throughout the years, there have been many schemes proposed, but most of them have already been found flawed due to the lack of formal security analysis. On the cryptanalysis of this type of schemes, in this paper, we further review two recently proposed schemes and show that their security claims are invalid. To address the current issue, we propose a new and simplified property set and a formal adversarial model for analyzing the security of this type of schemes. We believe that the property set and the adversarial model themselves are of independent interest.We then propose a new scheme and a generic construction framework. In particular, we show that a secure password based key exchange protocol can be transformed efficiently to a smartcard and password based two-factor authentication scheme provided that there exist pseudorandom functions and collision-resistant hash functions.

Keywords

Smart Card, Authentication Scheme, Mutual Authentication, Registration Phase, Login Request

Discipline

Information Security

Research Areas

Information Systems and Management

Publication

Information and Communications Security: 8th International Conference, ICIS 2006, Raleigh, NC, December 4-7: Proceedings

Volume

4307

First Page

82

Last Page

91

ISBN

9783540494966

Identifier

10.1007/11935308_7

Publisher

Springer

City or Country

Cham

Additional URL

https://doi.org/10.1007/11935308_7

Download

Share

COinS