Efficient Two-Factor Authentication Protocol Using Password and Smart Card

Two-factor authentication using password and smart card could reduce the risk than the use of a password alone. Recently, Chen et al. proposed a two-factor remote user authentication protocol using password and smart card and provide the criteria of authentication protocols. They claimed their protocol is secure against certain known attacks. In this paper, the authors showed that Chen et al.'s scheme is still vulnerable to the off-line password guessing attack, privileged administrator attack, key control attack and lacks of forward security. To solve these security problems, we propose an efficient two-factor authentication and key agreement protocol..

[1]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[2]  Dengguo Feng,et al.  An improved smart card based password authentication scheme with provable security , 2009, Comput. Stand. Interfaces.

[3]  Ronggong Song Advanced smart card based password authentication protocol , 2010, Comput. Stand. Interfaces.

[4]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[5]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[6]  Lih-Chyau Wuu,et al.  Robust smart‐card‐based remote user password authentication scheme , 2014, Int. J. Commun. Syst..

[7]  Chin-Laung Lei,et al.  A Simple and Efficient Key Exchange Scheme Against the Smart Card Loss Problem , 2007, EUC Workshops.

[8]  Zhengping,et al.  Password-Authenticated Multiple Key Exchange Protocol for Mobile Applications , 2012 .

[9]  Pan Chun-lan Improved remote authentication scheme with smart card , 2009 .

[10]  David P. Jablon Extended password key exchange protocols immune to dictionary attack , 1997, Proceedings of IEEE 6th Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises.

[11]  Min-Shiang Hwang,et al.  A new remote user authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[12]  Robert H. Sloan,et al.  Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.

[13]  John Langford,et al.  CAPTCHA: Using Hard AI Problems for Security , 2003, EUROCRYPT.

[14]  Kuldip Singh,et al.  An improvement of Xu et al.'s authentication scheme using smart cards , 2010, Bangalore Compute Conf..

[15]  Kee-Young Yoo,et al.  Improvement of Chien et al.'s remote user authentication scheme using smart cards , 2005, Comput. Stand. Interfaces.

[16]  Qi Xie,et al.  Improvement of a security enhanced one-time two-factor authentication and key agreement scheme , 2012, Sci. Iran..