Skip to main content
placeholder image

Formal analysis and systematic construction of two-factor authentication scheme

Chapter


Abstract


  • One of the most commonly used two-factor authentication mechanisms is based on smart card and user’s password. Throughout the years, there have been many schemes proposed, but most of them have already been found flawed due to the lack of formal security analysis. On the cryptanalysis of this type of schemes, in this paper, we further review two recently proposed schemes and show that their security claims are invalid. To address the current issue, we propose a new and simplified property set and a formal adversarial model for analyzing the security of this type of schemes. We believe that the property set and the adversarial model themselves are of independent interest. We then propose a new scheme and a generic construction framework. In particular, we show that a secure password based key exchange protocol can be transformed efficiently to a smartcard and password based two-factor authentication scheme provided that there exist pseudorandom functions and collision-resistant hash functions.

Publication Date


  • 2006

Citation


  • Yang, G., Wong, D. S., Wang, H., & Deng, X. (2006). Formal analysis and systematic construction of two-factor authentication scheme. In Unknown Book (Vol. 4307 LNCS, pp. 82-91). doi:10.1007/11935308_7

International Standard Book Number (isbn) 13


  • 9783540494966

Scopus Eid


  • 2-s2.0-82755194211

Book Title


  • Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Start Page


  • 82

End Page


  • 91

Abstract


  • One of the most commonly used two-factor authentication mechanisms is based on smart card and user’s password. Throughout the years, there have been many schemes proposed, but most of them have already been found flawed due to the lack of formal security analysis. On the cryptanalysis of this type of schemes, in this paper, we further review two recently proposed schemes and show that their security claims are invalid. To address the current issue, we propose a new and simplified property set and a formal adversarial model for analyzing the security of this type of schemes. We believe that the property set and the adversarial model themselves are of independent interest. We then propose a new scheme and a generic construction framework. In particular, we show that a secure password based key exchange protocol can be transformed efficiently to a smartcard and password based two-factor authentication scheme provided that there exist pseudorandom functions and collision-resistant hash functions.

Publication Date


  • 2006

Citation


  • Yang, G., Wong, D. S., Wang, H., & Deng, X. (2006). Formal analysis and systematic construction of two-factor authentication scheme. In Unknown Book (Vol. 4307 LNCS, pp. 82-91). doi:10.1007/11935308_7

International Standard Book Number (isbn) 13


  • 9783540494966

Scopus Eid


  • 2-s2.0-82755194211

Book Title


  • Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Start Page


  • 82

End Page


  • 91