Robust password and smart card based authentication scheme with smart card revocation

User authentication scheme allows user and server to authenticate each other, and generates a session key for the subsequent communication. How to resist the password guessing attacks and smart card stolen attacks are two key problems for designing smart cart and password based user authentication scheme. In 2011, Li and Lee proposed a new smart cart and password based user authentication scheme with smart card revocation, and claimed that their scheme could be immunity to these attacks. In this paper, we show that Li and Lee’s scheme is vulnerable to off-line password guessing attack once the information stored in smart card is extracted, and it does not provide perfect forward secrecy. A robust user authentication scheme with smart card revocation is then proposed. We use a most popular and widely used formal verification tool ProVerif, which is based on applied pi calculus, to prove that the proposed scheme achieves security and authentication.

[1]  Martín Abadi,et al.  Mobile values, new names, and secure communication , 2001, POPL '01.

[2]  Hung-Min Sun,et al.  An Efficient Remote User Authentication Scheme Using Smart Cards , 2000 .

[3]  Min-Shiang Hwang,et al.  A new remote user authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[4]  Wei-Kuan Shih,et al.  Security enhancement on an improvement on two remote user authentication schemes using smart cards , 2011, Future Gener. Comput. Syst..

[5]  Tzung-Her Chen,et al.  A novel user-participating authentication scheme , 2010, J. Syst. Softw..

[6]  Cheng-Chi Lee,et al.  A Robust Remote User Authentication Scheme Using Smart Card , 2011, Inf. Technol. Control..

[7]  Lih-Chyau Wuu,et al.  A Secure Password-Based Remote User Authentication Scheme without Smart Cards , 2012, Inf. Technol. Control..

[8]  Bruno Blanchet,et al.  Models and Proofs of Protocol Security: A Progress Report , 2009, CAV.

[9]  Marko Hölbl,et al.  Attacks and Improvement of an Efficient Remote Mutual Authentication and Key Agreement Scheme , 2010, Cryptologia.

[10]  Xiaomin Wang,et al.  Cryptanalysis and improvement on two efficient remote user authentication scheme using smart cards , 2007, Comput. Stand. Interfaces.

[11]  Chun-Ta Li Secure Smart Card Based Password Authentication Scheme with User Anonymity , 2011, Inf. Technol. Control..

[12]  Manoj Kumar,et al.  New remote user authentication scheme using smart cards , 2004, IEEE Transactions on Consumer Electronics.

[13]  Wei-Kuan Shih,et al.  Weaknesses and improvements of the Yoon-Ryu-Yoo remote user authentication scheme using smart cards , 2009, Comput. Commun..

[14]  Peter Nose Security weaknesses of authenticated key agreement protocols , 2011, Inf. Process. Lett..

[15]  Chin-Chen Chang,et al.  Using smart cards to authenticate remote passwords , 1993 .

[16]  Eun-Jun Yoon,et al.  Further improvement of an efficient password based remote user authentication scheme using smart cards , 2004, IEEE Transactions on Consumer Electronics.

[17]  Chun-Ta Li,et al.  A secure and efficient communication scheme with authenticated key establishment and privacy preserving for vehicular ad hoc networks , 2008, Comput. Commun..

[18]  Yongge Wang,et al.  Password Protected Smart Card and Memory Stick Authentication Against Off-line Dictionary Attacks , 2012, IACR Cryptol. ePrint Arch..

[19]  Chris Hankin,et al.  Proceedings of the 28th ACM SIGPLAN-SIGACT symposium on Principles of programming languages , 2001, ACM-SIGACT Symposium on Principles of Programming Languages.

[20]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[21]  Qi Xie,et al.  Improvement of a security enhanced one-time two-factor authentication and key agreement scheme , 2012, Sci. Iran..

[22]  Narn-Yih Lee,et al.  Improvement of One-Time Password Authentication Scheme Using Smart Cards , 2005, IEICE Trans. Commun..

[23]  Hung-Min Sun,et al.  An efficient remote use authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[24]  Robert H. Sloan,et al.  Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.

[25]  Chunguang Ma,et al.  Robust Smart Card based Password Authentication Scheme against Smart Card Loss Problem , 2012, IACR Cryptol. ePrint Arch..

[26]  Dengguo Feng,et al.  An improved smart card based password authentication scheme with provable security , 2009, Comput. Stand. Interfaces.

[27]  Ronggong Song Advanced smart card based password authentication protocol , 2010, Comput. Stand. Interfaces.