Robust Password and Smart Card Based Authentication Scheme with Smart Card Revocation

User authentication scheme allows user and server to authenticate each other, and generates a session key for the subsequent communication. How to resist the password guessing attacks and smart card stolen attacks are two key problems for designing smart cart and password based user authentication s...

Full description

Saved in:
Bibliographic Details
Published inShanghai jiao tong da xue xue bao Vol. 19; no. 4; pp. 418 - 424
Main Author 谢琪 刘文浩 王圣宝 胡斌 董娜 于秀源
Format Journal Article
LanguageEnglish
Published Heidelberg Shanghai Jiaotong University Press 01.08.2014
Subjects
Architecture
Authentication
Calculus
Carts
Computer Science
Electrical Engineering
Engineering
Life Sciences
Lithium
Materials Science
Mathematical analysis
Passwords
Smart cards
user authentication
password
protocol
security
smart card
TP 393
Online AccessGet full text
ISSN1007-1172
1995-8188
DOI10.1007/s12204-014-1518-2

Cover

More Information
Summary:User authentication scheme allows user and server to authenticate each other, and generates a session key for the subsequent communication. How to resist the password guessing attacks and smart card stolen attacks are two key problems for designing smart cart and password based user authentication scheme. In 2011, Li and Lee proposed a new smart cart and password based user authentication scheme with smart card revocation, and claimed that their scheme could be immunity to these attacks. In this paper, we show that Li and Lee's sctleme is vulnerable to off-line password guessing attack once the information stored in smart card is extracted, and it does not provide perfect forward secrecy. A robust user authentication scheme with smart card revocation is then proposed. We use a most popular and widely used formal verification tool ProVerif, which is based on applied pi calculus, to prove that the proposed scheme achieves security and authentication.
Bibliography:User authentication scheme allows user and server to authenticate each other, and generates a session key for the subsequent communication. How to resist the password guessing attacks and smart card stolen attacks are two key problems for designing smart cart and password based user authentication scheme. In 2011, Li and Lee proposed a new smart cart and password based user authentication scheme with smart card revocation, and claimed that their scheme could be immunity to these attacks. In this paper, we show that Li and Lee's sctleme is vulnerable to off-line password guessing attack once the information stored in smart card is extracted, and it does not provide perfect forward secrecy. A robust user authentication scheme with smart card revocation is then proposed. We use a most popular and widely used formal verification tool ProVerif, which is based on applied pi calculus, to prove that the proposed scheme achieves security and authentication.
user authentication, smart card, password, protocol, security
31-1943/U
ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 23
ISSN:1007-1172
1995-8188
DOI:10.1007/s12204-014-1518-2