Anti-Synchronization and Robust Authentication for Noisy PUF-Based Smart Card

Smart card is indispensable part in our daily life, which brings us many conveniences including e-commerce and m-commerce service. However, because of the limited computation resource, the remote authentication between smart card and server is vulnerable to be attacked over insecure communication channel. Until now, many authentication schemes are proposed with their own pros and cons. Note that most of them are based on Elliptic curve cryptography, which are vulnerable to the card lose attack and desynchronization attack, where some schemes add a random number in verifier-value to resist the card lose attack and store both the old and new pseudo-identities between authenticator and the corresponding authenticated party to withstand desynchronization attack. However, the random number stored in card memory can be extracted and the new conversation may be blindly blocked by adversary. Hence, in this paper, we propose a novel authentication protocol that can utilize physical unclonable function (PUF) and elliptic curve cryptography (ECC) to protect the random number and support offline updating if online updating is blocked, which can be proven safe in formal security analysis. Meanwhile, we also introduce the robust PUF to prevent the modification of help data. Finally, our scheme is efficient by comparing with other related schemes in computation and communication overhead.

[1]  Alfred Menezes,et al.  Guide to Elliptic Curve Cryptography , 2004, Springer Professional Computing.

[2]  Li Xu,et al.  Further Observations on Smart-Card-Based Password-Authenticated Key Agreement in Distributed Systems , 2014, IEEE Transactions on Parallel and Distributed Systems.

[3]  Xiong Li,et al.  A robust biometrics based three-factor authentication scheme for Global Mobility Networks in smart city , 2017, Future Gener. Comput. Syst..

[4]  Mohammad S. Obaidat,et al.  Security analysis and design of an efficient ECC-based two-factor password authentication scheme , 2016, Secur. Commun. Networks.

[5]  Eun-Jun Yoon,et al.  Design of Mutually Authenticated Key Agreement Protocol Resistant to Impersonation Attacks for Multi-Server Environment , 2017, IEEE Access.

[6]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[7]  Ashutosh Saxena,et al.  A dynamic ID-based remote user authentication scheme , 2004, IEEE Transactions on Consumer Electronics.

[8]  Weijun Zhu,et al.  Desynchronization Attacks on RFID Security Protocols , 2013 .

[9]  Ping Wang,et al.  Offline Dictionary Attack on Password Authentication Schemes Using Smart Cards , 2013, ISC.

[10]  Jia-Lun Tsai,et al.  Novel Anonymous Authentication Scheme Using Smart Cards , 2013, IEEE Transactions on Industrial Informatics.

[11]  Hsin-Wen Wei,et al.  A Secured Authentication Protocol for Wireless Sensor Networks Using Elliptic Curves Cryptography , 2011, Sensors.

[12]  S. Ramesh A Secured and Improved Dynamic ID based Remote User Authentication Scheme using Smart Card and Hash Function for Distributed Systems , 2014 .

[13]  Xiong Li,et al.  A Robust Authentication Protocol with Privacy Protection for Wireless Sensor Networks , 2016, RFIDSec.

[14]  Jianhua Li,et al.  Anonymity Enhancement on Robust and Efficient Password-Authenticated Key Agreement Using Smart Cards , 2010, IEEE Transactions on Industrial Electronics.

[15]  Sherali Zeadally,et al.  Lightweight Three-Factor Authentication and Key Agreement Protocol for Internet-Integrated Wireless Sensor Networks , 2017, IEEE Access.

[16]  Leonid Reyzin,et al.  An Improved Robust Fuzzy Extractor , 2008, SCN.

[17]  Eun-Jun Yoon,et al.  A Secure Chaotic Hash-Based Biometric Remote User Authentication Scheme Using Mobile Devices , 2007, APWeb/WAIM Workshops.

[18]  Rafail Ostrovsky,et al.  Secure Remote Authentication Using Biometric Data , 2005, EUROCRYPT.

[19]  S. Veni,et al.  A Secure Authentication Infrastructure for IoT Enabled Smart Mobile Devices – An Initial Prototype , 2016 .

[20]  Jian Shen,et al.  Future Generation Computer Systems , 2022 .

[21]  Carles Padró,et al.  Detection of Algebraic Manipulation with Applications to Robust Secret Sharing and Fuzzy Extractors , 2008, EUROCRYPT.

[22]  Dariush Abbasinezhad-Mood,et al.  A Robust and Efficient ECC-based Mutual Authentication and Session Key Generation Scheme for Healthcare Applications , 2018, Journal of Medical Systems.

[23]  Vanga Odelu,et al.  A Secure Biometrics-Based Multi-Server Authentication Protocol Using Smart Cards , 2015, IEEE Transactions on Information Forensics and Security.

[24]  G. P. Biswas,et al.  Design of improved password authentication and update scheme based on elliptic curve cryptography , 2013, Math. Comput. Model..

[25]  Soo-Young Kang,et al.  A study on secure RFID mutual authentication scheme in pervasive computing environment , 2008, Comput. Commun..

[26]  Yi Wang,et al.  A Practical Authentication Framework for VANETs , 2019, Secur. Commun. Networks.

[27]  Srinivas Devadas,et al.  PUF Modeling Attacks on Simulated and Silicon Data , 2013, IEEE Transactions on Information Forensics and Security.

[28]  Mingwu Zhang,et al.  Provably Leakage-Resilient Password-Based Authenticated Key Exchange in the Standard Model , 2017, IEEE Access.

[29]  Ping Wang,et al.  Anonymous Two-Factor Authentication in Distributed Systems: Certain Goals Are Beyond Attainment , 2015, IEEE Transactions on Dependable and Secure Computing.

[30]  Shiuh-Pyng Shieh,et al.  Password authentication schemes with smart cards , 1999, Comput. Secur..

[31]  Yi Wang,et al.  Asymmetric subversion attacks on signature and identification schemes , 2019, Pers. Ubiquitous Comput..

[32]  Chun-Li Lin,et al.  A password authentication scheme with secure password updating , 2003, Comput. Secur..

[33]  1 Elliptic Curve Cryptography 3 . 1 Elliptic Curve Cryptography , 2014 .

[34]  Tony Q. S. Quek,et al.  Lightweight and Practical Anonymous Authentication Protocol for RFID Systems Using Physically Unclonable Functions , 2018, IEEE Transactions on Information Forensics and Security.

[35]  Ljupco Kocarev,et al.  Chaos-Based Cryptography - Theory, Algorithms and Applications , 2011, Chaos-Based Cryptography.

[36]  Guomin Yang,et al.  A robust smart card-based anonymous user authentication protocol for wireless communications , 2014, Secur. Commun. Networks.

[37]  Basel Alomair,et al.  Scalable RFID Systems: A Privacy-Preserving Protocol with Constant-Time Identification , 2012, IEEE Trans. Parallel Distributed Syst..

[38]  Rui Li,et al.  Energy-Aware RFID Authentication in Edge Computing , 2019, IEEE Access.

[39]  Jonathan Katz,et al.  Robust Fuzzy Extractors and Authenticated Key Agreement from Close Secrets , 2006, CRYPTO.

[40]  Yuming Feng,et al.  Security enhancement on an anonymous authentication scheme for wireless communications using smart cards , 2018, Journal of Discrete Mathematical Sciences and Cryptography.

[41]  Ruhul Amin,et al.  A Novel User Authentication and Key Agreement Protocol for Accessing Multi-Medical Server Usable in TMIS , 2015, Journal of Medical Systems.

[42]  Zihao Wang,et al.  Provably leakage-resilient three-party password-based authenticated key exchange , 2019, J. Ambient Intell. Humaniz. Comput..

[43]  Robert H. Deng,et al.  A Generic Framework for Three-Factor Authentication: Preserving Security and Privacy in Distributed Systems , 2011, IEEE Transactions on Parallel and Distributed Systems.

[44]  Chenyu Wang,et al.  An Enhanced Three-Factor User Authentication Scheme Using Elliptic Curve Cryptosystem for Wireless Sensor Networks , 2017, Sensors.

[45]  Chun-Ta Li,et al.  A new password authentication and user anonymity scheme based on elliptic curve cryptography and smart card , 2013, IET Inf. Secur..