Paper 2012/439

Robust Smart Card based Password Authentication Scheme against Smart Card Security Breach

Ding Wang, Ping Wang, Chun-guang Ma, and Zhong Chen

Abstract

As the most prevailing two-factor authentication mechanism, smart card based password authentication has been a subject of intensive research in the past decade and hundreds of this type of schemes have been proposed. However, most of them were found severely flawed, especially prone to the smart card loss problem, shortly after they were first put forward, no matter the security is heuristically analyzed or formally proved. In SEC'12, Wang pointed out that, the main cause of this issue is attributed to the lack of an appropriate security model to fully identify the practical threats. To address the issue, Wang presented three kinds of security models, namely Type I, II and III, and further proposed four concrete schemes, only two of which, i.e. PSCAV and PSCAb, are claimed to be secure under the harshest model, i.e. Type III security model. However, in this paper, we demonstrate that PSCAV still cannot achieve the claimed security goals and is vulnerable to an offline password guessing attack and other attacks in the Type III security mode, while PSCAb has several practical pitfalls. As our main contribution, a robust scheme is presented to cope with the aforementioned defects and it is proven to be secure in the random oracle model. Moreover, the analysis demonstrates that our scheme meets all the proposed criteria and eliminates several hard security threats that are difficult to be tackled at the same time in previous scholarship.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. Minor revision. IEEE Trans. on Dependable and Secure Computing
DOI
10.1109/TDSC.2016.2605087
Keywords
CryptanalysisAuthentication protocolSmart cardNon-tamper resistantDynamic IDOffline password guessing attack.
Contact author(s)
wangdingg @ mail nankai edu cn
History
2018-10-09: last of 27 revisions
2012-08-05: received
See all versions
Short URL
https://ia.cr/2012/439
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2012/439,
      author = {Ding Wang and Ping Wang and Chun-guang Ma and Zhong Chen},
      title = {Robust Smart Card based Password Authentication Scheme against Smart Card Security Breach},
      howpublished = {Cryptology ePrint Archive, Paper 2012/439},
      year = {2012},
      doi = {10.1109/TDSC.2016.2605087},
      note = {\url{https://eprint.iacr.org/2012/439}},
      url = {https://eprint.iacr.org/2012/439}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.