You are looking at a specific version 20130816:111448 of this paper. See the latest version.

Paper 2012/439

Robust Smart Card based Password Authentication Scheme against Smart Card Security Breach

Ding Wang, Chun-guang Ma, Ping Wang ang Zhong Chen

Abstract

As the most prevailing two-factor authentication mechanism, smart card based password authentication has been a subject of intensive research in the past decade and hundreds of this type of schemes have been proposed. However, most of them were found severely flawed, especially prone to the smart card loss problem, shortly after they were first put forward, no matter the security is heuristically analyzed or formally proved. In SEC'12, Wang pointed out that, the main cause of this issue is attributed to the lack of an appropriate security model to fully identify the practical threats. To address the issue, Wang presented three kinds of security models, namely Type I, II and III, and further proposed four concrete schemes, only two of which, i.e. PSCAV and PSCAb, are claimed to be secure under the harshest model, i.e. Type III security model. However, in this paper, we demonstrate that PSCAV still cannot achieve the claimed security goals and is vulnerable to an offline password guessing attack and other attacks in the Type III security mode, while PSCAb has several practical pitfalls. As our main contribution, a robust scheme is presented to cope with the aforementioned defects and it is proven to be secure in the random oracle model. Moreover, the analysis demonstrates that our scheme meets all the proposed criteria and eliminates several hard security threats that are difficult to be tackled at the same time in previous scholarship.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. It has not been published eleswhere.
Keywords
CryptanalysisAuthentication protocolSmart cardNon-tamper resistantDynamic IDOffline password guessing attack.
Contact author(s)
wangdingg @ mail nankai edu cn
History
2018-10-09: last of 27 revisions
2012-08-05: received
See all versions
Short URL
https://ia.cr/2012/439
License
Creative Commons Attribution
CC BY
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.