Two-factor mutual authentication based on smart cards and passwords

Research output: Journal Publications and Reviews (RGC: 21, 22, 62)21_Publication in refereed journalpeer-review

167 Scopus Citations
View graph of relations

Author(s)

  • Guomin Yang
  • Duncan S. Wong
  • Huaxiong Wang
  • Xiaotie Deng

Related Research Unit(s)

Detail(s)

Original languageEnglish
Pages (from-to)1160-1172
Journal / PublicationJournal of Computer and System Sciences
Volume74
Issue number7
Publication statusPublished - Nov 2008

Abstract

One of the most commonly used two-factor user authentication mechanisms nowadays is based on smart-card and password. A scheme of this type is called a smart-card-based password authentication scheme. The core feature of such a scheme is to enforce two-factor authentication in the sense that the client must have the smart-card and know the password in order to gain access to the server. In this paper, we scrutinize the security requirements of this kind of schemes, and propose a new scheme and a generic construction framework for smart-card-based password authentication. We show that a secure password based key exchange protocol can be efficiently transformed to a smart-card-based password authentication scheme provided that there exist pseudorandom functions and target collision resistant hash functions. Our construction appears to be the first one with provable security. In addition, we show that two recently proposed schemes of this kind are insecure. © 2008 Elsevier Inc. All rights reserved.

Research Area(s)

  • Dictionary attack, Guessing attack, Password, Smart-card, Two-factor authentication

Citation Format(s)

Two-factor mutual authentication based on smart cards and passwords. / Yang, Guomin; Wong, Duncan S.; Wang, Huaxiong; Deng, Xiaotie.

In: Journal of Computer and System Sciences, Vol. 74, No. 7, 11.2008, p. 1160-1172.

Research output: Journal Publications and Reviews (RGC: 21, 22, 62)21_Publication in refereed journalpeer-review