Skip to main content
placeholder image

Two-factor mutual authentication based on smart cards and passwords

Journal Article


Abstract


  • One of the most commonly used two-factor user authentication mechanisms nowadays is

    based on smart-card and password. A scheme of this type is called a smart-card-based

    password authentication scheme. The core feature of such a scheme is to enforce twofactor

    authentication in the sense that the client must have the smart-card and know

    the password in order to gain access to the server. In this paper, we scrutinize the

    security requirements of this kind of schemes, and propose a new scheme and a generic

    construction framework for smart-card-based password authentication. We show that a

    secure password based key exchange protocol can be efficiently transformed to a smartcard-based password authentication scheme provided that there exist pseudorandom

    functions and target collision resistant hash functions. Our construction appears to be the

    first one with provable security. In addition, we show that two recently proposed schemes

    of this kind are insecure.

Authors


  •   Yang, Guomin
  •   Wong, Duncan S. (external author)
  •   Wang, Huaxiong (external author)
  •   Deng, Xiaotie (external author)

Publication Date


  • 2008

Citation


  • Yang, G., Wong, D. S., Wang, H. & Deng, X. (2008). Two-factor mutual authentication based on smart cards and passwords. Journal of Computer and System Sciences, 74 1160-1172.

Scopus Eid


  • 2-s2.0-52949137008

Ro Metadata Url


  • http://ro.uow.edu.au/eispapers/3577

Has Global Citation Frequency


Number Of Pages


  • 12

Start Page


  • 1160

End Page


  • 1172

Volume


  • 74

Place Of Publication


  • United States

Abstract


  • One of the most commonly used two-factor user authentication mechanisms nowadays is

    based on smart-card and password. A scheme of this type is called a smart-card-based

    password authentication scheme. The core feature of such a scheme is to enforce twofactor

    authentication in the sense that the client must have the smart-card and know

    the password in order to gain access to the server. In this paper, we scrutinize the

    security requirements of this kind of schemes, and propose a new scheme and a generic

    construction framework for smart-card-based password authentication. We show that a

    secure password based key exchange protocol can be efficiently transformed to a smartcard-based password authentication scheme provided that there exist pseudorandom

    functions and target collision resistant hash functions. Our construction appears to be the

    first one with provable security. In addition, we show that two recently proposed schemes

    of this kind are insecure.

Authors


  •   Yang, Guomin
  •   Wong, Duncan S. (external author)
  •   Wang, Huaxiong (external author)
  •   Deng, Xiaotie (external author)

Publication Date


  • 2008

Citation


  • Yang, G., Wong, D. S., Wang, H. & Deng, X. (2008). Two-factor mutual authentication based on smart cards and passwords. Journal of Computer and System Sciences, 74 1160-1172.

Scopus Eid


  • 2-s2.0-52949137008

Ro Metadata Url


  • http://ro.uow.edu.au/eispapers/3577

Has Global Citation Frequency


Number Of Pages


  • 12

Start Page


  • 1160

End Page


  • 1172

Volume


  • 74

Place Of Publication


  • United States