An improved smart card based password authentication scheme with provable security

Xu, Jing; Zhu, Wentao; Feng, Dan

doi:10.1016/j.csi.2008.09.006

Cited by 335 publications

(231 citation statements)

References 7 publications

Supporting

Mentioning

226

Contrasting

Unclassified

Order By: Relevance

“…그 이후로 인증서를 동시에 사용하는 PKI 기반 PAKE [5] , ID를 동시에 사용하는 ID기반 PAKE [6], Smart card를 이용한 방식 등이 발표되었다 [7] . 비교적 최근에는 생체 정보를 이용한 방식 등 다양한 인증 정 보와 패스워드를 함께 사용하는 프로토콜에 대한 연 구가 있다 [8,9] .…”

Section: Pake Algorithmsunclassified

Multi Server Password Authenticated Key Exchange Using Attribute-Based Encryption

Park¹,

Cho

Kwon

2015

The Journal of Korean Institute of Communications and Informati

View full text Add to dashboard Cite

Password authenticated key exchange (PAKE) is a protocol that a client stores its password to a server, authenticates itself using its password and shares a session key with the server. In multi-server PAKE, a client splits its password and stores them to several servers separately. Unless all the servers are compromised, client's password will not be disclosed in the multi-server setting. In attribute-based encryption (ABE), a sender encrypts a message M using a set of attributes and then a receiver decrypts it using the same set of attributes. In this paper, we introduce multi-server PAKE protocol that utilizes a set of attributes of ABE as a client's password.In the protocol, the client and servers do not need to create additional public/private key pairs because the password is used as a set of public keys. Also, the client and the servers exchange only one round-trip message per server. The protocol is secure against dictionary attacks. We prove our system is secure in a proposed threat model. Finally we show feasibility through evaluating the execution time of the protocol.

show abstract

Section: Pake Algorithmsunclassified

Multi Server Password Authenticated Key Exchange Using Attribute-Based Encryption

Park¹,

Cho

Kwon

2015

The Journal of Korean Institute of Communications and Informati

View full text Add to dashboard Cite

show abstract

“…Before introducing the proposed attacks, we describe the following widely used assumptions about the power of an adversary A [10,11,15,18,22,28,29]. (A1) A can sniff the communication media through which U i and S communicate with each other i.e., A can intercept, block, inject, remove, or modify, any messages transmitted in the media.…”

Section: Cryptanalysis Of Chao's Smartcard-based User Authentication mentioning

confidence: 99%

“…The ability to provide security guarantees is of paramount importance and several initiatives have been proposed to address this concern. Due to the low computation cost and portability of smartcard and easy memorization of user chosen password, two-factor smartcard authentication [2][3][4][5][6][7][8][9][10][11][12][13][14][15][16][17][18][19][20][21] using password is commonly used in Internet-based applications such as remote user/server login, online banking, Pay-TV, electronic voting, secret online order placement.…”

Section: Introductionmentioning

confidence: 99%

Cryptanalysis of an Improved Smartcard-based Remote Password Authentication Scheme

Islam¹,

Biswas²,

Choo³

2014

Inf. Sci. Lett.

View full text Add to dashboard Cite

Abstract:In recent years, several dynamic identity-based two-factor user authentication using password and smartcard have been proposed to provide mutual authentication between the user and server over unreliable networks. However, the design of secure cryptographic schemes is still notoriously hard, and there have been several instances of detected flaws in published schemes. For example in 2010, Hao and Yu demonstrated that Wang et al.'s user authentication scheme is insecure against off-line password guessing and server masquerade attacks, and proposed an improved scheme. Subsequently in 2012, Chao pointed out that the improved scheme of Hao and Yu is, unfortunately, susceptible to off-line password guessing and server masquerade attacks, and prone to password backward security problem; and proposed an enhanced scheme. In this paper, we demonstrated that Chao's enhanced scheme is not secure against user masquerade attack, server masquerade attack, insider attack and off-line password guessing attack in violation of its security claim as well as it fails to achieve users' anonymity.

show abstract

“…However, Shimizu et al [4] showed that the Lamport's scheme [3] suffers from different attacks. After that so many remote user authentication schemes [5][6][7][8][9][10][11][12][13][14][15][16] have been proposed in this regard which are based on only password. But, the researchers have considered biometric feature [2] with the password to enhance the security label.…”

Section: Literature Surveymentioning

confidence: 99%

A Three Factor Remote User Authentication Scheme Using Collision Resist Fuzzy Extractor in Single Server Environment

Giri

Maitra

2017

ITM Web Conf.

View full text Add to dashboard Cite

Abstract. Due to rapid growth of online applications, it is needed to provide such a facility by which communicators can get the services by applying the applications in a secure way. As communications are done through an insecure channel like Internet, any adversary can trap and modify the communication messages. Only authentication procedure can overcome the aforementioned problem. Many researchers have proposed so many authentication schemes in this literature. But, this paper has shown that many of them are not usable in real world application scenarios because, the existing schemes cannot resist all the possible attacks. Therefore, this paper has proposed a three factor authentication scheme using hash function and fuzzy extractor. This paper has further analyzed the security of the proposed scheme using random oracle model. The analysis shows that the proposed scheme can resist all the possible attacks. Furthermore, comparison between proposed scheme and related existing schemes shows that the proposed scheme has better trade-off among storage, computational and communication costs.

show abstract

An improved smart card based password authentication scheme with provable security

Cited by 335 publications

References 7 publications

Multi Server Password Authenticated Key Exchange Using Attribute-Based Encryption

Multi Server Password Authenticated Key Exchange Using Attribute-Based Encryption

Cryptanalysis of an Improved Smartcard-based Remote Password Authentication Scheme

A Three Factor Remote User Authentication Scheme Using Collision Resist Fuzzy Extractor in Single Server Environment

Contact Info

Product

Resources

About