Cryptanalysis and security enhancement of a robust two-factor authentication and key agreement protocol
Research output: Journal Publications and Reviews › RGC 21 - Publication in refereed journal › peer-review
Author(s)
Related Research Unit(s)
Detail(s)
| Original language | English |
|---|---|
| Pages (from-to) | 478-487 |
| Journal / Publication | International Journal of Communication Systems |
| Volume | 29 |
| Issue number | 3 |
| Online published | 20 Oct 2014 |
| Publication status | Published - Feb 2016 |
Link(s)
Abstract
Summary Two-factor user authentication scheme allows a user to use a smart card and a password to achieve mutual authentication and establish a session key between a server and a user. In 2012, Chen et al. showed that the scheme of Sood et al. does not achieve mutual authentication and is vulnerable to off-line password guessing and smart card stolen attacks. They also found that another scheme proposed by Song is vulnerable to similar off-line password guessing and smart card stolen attacks. They further proposed an improved scheme. In this paper, we first show that the improved scheme of Chen et al. still suffers from off-line password guessing and smart card stolen attacks, does not support perfect forward secrecy, and lacks the fairness of session key establishment. We then propose a new security-enhanced scheme and show its security and authentication using the formal verification tool ProVerif, which is based on applied pi calculus.
Research Area(s)
- authentication protocol, key agreement, password, ProVerif, smart card
Citation Format(s)
Cryptanalysis and security enhancement of a robust two-factor authentication and key agreement protocol. / Xie, Qi; Dong, Na; Wong, Duncan S. et al.
In: International Journal of Communication Systems, Vol. 29, No. 3, 02.2016, p. 478-487.
In: International Journal of Communication Systems, Vol. 29, No. 3, 02.2016, p. 478-487.
Research output: Journal Publications and Reviews › RGC 21 - Publication in refereed journal › peer-review
