Cryptology ePrint Archive: Report 2012/439
Robust Smart Card based Password Authentication Scheme against Smart Card Security Breach
Ding Wang, Ping Wang, Chun-guang Ma, Zhong Chen
Abstract: As the most prevailing two-factor authentication mechanism, smart card based password authentication has been a subject of intensive research in the past decade and hundreds of this type of schemes have been proposed. However, most of them were found severely flawed, especially prone to the smart card loss problem, shortly after they were first put forward, no matter the security is heuristically analyzed or formally proved. In SEC'12, Wang pointed out that, the main cause of this issue is attributed to the lack of an appropriate security model to fully identify the practical threats. To address the issue, Wang presented three kinds of security models, namely Type I, II and III, and further proposed four concrete schemes, only two of which, i.e. PSCAV and PSCAb, are claimed to be secure under the harshest model, i.e. Type III security model. However, in this paper, we demonstrate that PSCAV still cannot achieve the claimed security goals and is vulnerable to an offline password guessing attack and other attacks in the Type III security mode, while PSCAb has several practical pitfalls. As our main contribution, a robust scheme is presented to cope with the aforementioned defects and it is proven to be secure in the random oracle model. Moreover, the analysis demonstrates that our scheme meets all the proposed criteria and eliminates several hard security threats that are difficult to be tackled at the same time in previous scholarship.
Category / Keywords: cryptographic protocols / Cryptanalysis, Authentication protocol, Smart card, Non-tamper resistant, Dynamic ID, Offline password guessing attack.
Publication Info: It has not been published eleswhere.
Date: received 1 Aug 2012, last revised 5 Mar 2015
Contact author: wangdingg at mail nankai edu cn
Available format(s): PDF | BibTeX Citation
Version: 20150306:030014 (All versions of this report)
Short URL: ia.cr/2012/439
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]