Two-factor mutual authentication based on smart cards and passwords

One of the most commonly used two-factor user authentication mechanisms nowadays is based on smart-card and password. A scheme of this type is called a smart-card-based password authentication scheme. The core feature of such a scheme is to enforce two-factor authentication in the sense that the cli...

Full description

Saved in:
Bibliographic Details
Main Authors: YANG, Guomin, WONG, Duncan S., WANG, Huaxiong, DENG, Xiaotie
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 2008
Subjects:
Online Access:https://ink.library.smu.edu.sg/sis_research/7401
https://ink.library.smu.edu.sg/context/sis_research/article/8404/viewcontent/twi_factor.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English
id sg-smu-ink.sis_research-8404
record_format dspace
spelling sg-smu-ink.sis_research-84042022-10-13T07:13:14Z Two-factor mutual authentication based on smart cards and passwords YANG, Guomin WONG, Duncan S. WANG, Huaxiong DENG, Xiaotie One of the most commonly used two-factor user authentication mechanisms nowadays is based on smart-card and password. A scheme of this type is called a smart-card-based password authentication scheme. The core feature of such a scheme is to enforce two-factor authentication in the sense that the client must have the smart-card and know the password in order to gain access to the server. In this paper, we scrutinize the security requirements of this kind of schemes, and propose a new scheme and a generic construction framework for smart-card-based password authentication. We show that a secure password based key exchange protocol can be efficiently transformed to a smart-card-based password authentication scheme provided that there exist pseudorandom functions and target collision resistant hash functions. Our construction appears to be the first one with provable security. In addition, we show that two recently proposed schemes of this kind are insecure. 2008-11-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/7401 info:doi/10.1016/j.jcss.2008.04.002 https://ink.library.smu.edu.sg/context/sis_research/article/8404/viewcontent/twi_factor.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Two-factor authentication Password Smart-card Guessing attack Dictionary attack Information Security
institution Singapore Management University
building SMU Libraries
continent Asia
country Singapore
Singapore
content_provider SMU Libraries
collection InK@SMU
language English
topic Two-factor authentication
Password
Smart-card
Guessing attack
Dictionary attack
Information Security
spellingShingle Two-factor authentication
Password
Smart-card
Guessing attack
Dictionary attack
Information Security
YANG, Guomin
WONG, Duncan S.
WANG, Huaxiong
DENG, Xiaotie
Two-factor mutual authentication based on smart cards and passwords
description One of the most commonly used two-factor user authentication mechanisms nowadays is based on smart-card and password. A scheme of this type is called a smart-card-based password authentication scheme. The core feature of such a scheme is to enforce two-factor authentication in the sense that the client must have the smart-card and know the password in order to gain access to the server. In this paper, we scrutinize the security requirements of this kind of schemes, and propose a new scheme and a generic construction framework for smart-card-based password authentication. We show that a secure password based key exchange protocol can be efficiently transformed to a smart-card-based password authentication scheme provided that there exist pseudorandom functions and target collision resistant hash functions. Our construction appears to be the first one with provable security. In addition, we show that two recently proposed schemes of this kind are insecure.
format text
author YANG, Guomin
WONG, Duncan S.
WANG, Huaxiong
DENG, Xiaotie
author_facet YANG, Guomin
WONG, Duncan S.
WANG, Huaxiong
DENG, Xiaotie
author_sort YANG, Guomin
title Two-factor mutual authentication based on smart cards and passwords
title_short Two-factor mutual authentication based on smart cards and passwords
title_full Two-factor mutual authentication based on smart cards and passwords
title_fullStr Two-factor mutual authentication based on smart cards and passwords
title_full_unstemmed Two-factor mutual authentication based on smart cards and passwords
title_sort two-factor mutual authentication based on smart cards and passwords
publisher Institutional Knowledge at Singapore Management University
publishDate 2008
url https://ink.library.smu.edu.sg/sis_research/7401
https://ink.library.smu.edu.sg/context/sis_research/article/8404/viewcontent/twi_factor.pdf
_version_ 1770576332178063360