Cryptology ePrint Archive: Report 2012/439

Robust Smart Card based Password Authentication Scheme against Smart Card Security Breach

Ding Wang, Ping Wang, Chun-guang Ma, Zhong Chen

Abstract: As the most prevailing two-factor authentication mechanism, smart card based password authentication has been a subject of intensive research in the past decade and hundreds of this type of schemes have been proposed. However, most of them were found severely flawed, especially prone to the smart card loss problem, shortly after they were first put forward, no matter the security is heuristically analyzed or formally proved. In SEC'12, Wang pointed out that, the main cause of this issue is attributed to the lack of an appropriate security model to fully identify the practical threats. To address the issue, Wang presented three kinds of security models, namely Type I, II and III, and further proposed four concrete schemes, only two of which, i.e. PSCAV and PSCAb, are claimed to be secure under the harshest model, i.e. Type III security model. However, in this paper, we demonstrate that PSCAV still cannot achieve the claimed security goals and is vulnerable to an offline password guessing attack and other attacks in the Type III security mode, while PSCAb has several practical pitfalls. As our main contribution, a robust scheme is presented to cope with the aforementioned defects and it is proven to be secure in the random oracle model. Moreover, the analysis demonstrates that our scheme meets all the proposed criteria and eliminates several hard security threats that are difficult to be tackled at the same time in previous scholarship.

Category / Keywords: cryptographic protocols / Cryptanalysis, Authentication protocol, Smart card, Non-tamper resistant, Dynamic ID, Offline password guessing attack.

Publication Info: It has not been published eleswhere.

Date: received 1 Aug 2012, last revised 5 Mar 2015

Contact author: wangdingg at mail nankai edu cn

Available format(s): PDF | BibTeX Citation

Version: 20150306:030014 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]