Abstract
One of the most commonly used two-factor authentication mechanisms is based on smart card and user’s password. Throughout the years, there have been many schemes proposed, but most of them have already been found flawed due to the lack of formal security analysis. On the cryptanalysis of this type of schemes, in this paper, we further review two recently proposed schemes and show that their security claims are invalid. To address the current issue, we propose a new and simplified property set and a formal adversarial model for analyzing the security of this type of schemes. We believe that the property set and the adversarial model themselves are of independent interest.
We then propose a new scheme and a generic construction framework. In particular, we show that a secure password based key exchange protocol can be transformed efficiently to a smartcard and password based two-factor authentication scheme provided that there exist pseudorandom functions and collision-resistant hash functions.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Boyd, C., Mathuria, A.: Protocols for Authentication and Key Establishment. Springer, Heidelberg (2003)
Chien, H.Y., Jan, J.K., Tseng, Y.M.: An efficient and practical solution to remote authentication: Smart card. Computers and Security 21(4), 372–375 (2002)
Halevi, S., Krawczyk, H.: Public-key cryptography and password protocols. ACM Trans. Inf. Syst. Secur. 2(3), 230–268 (1999)
Hwang, M.-S.: Cryptanalysis of remote login authentication scheme. Computer Communications 22(8), 742–744 (1999)
Hwang, M.-S., Lee, C.-C., Tang, Y.-L.: An improvement of SPLICE/AS in WIDE against guessing attack. Internat. J. Inform. 12(2), 297–302 (2001)
IEEE. P1363.2 / D23: Standard Specifications for Password-based Public Key Cryptographic Techniques (March 2006), available at: http://grouper.ieee.org/groups/1363/passwdPK/draft.html
Jiang, S., Gong, G.: Password based key exchange with mutual authentication. In: Handschuh, H., Hasan, M.A. (eds.) SAC 2004. LNCS, vol. 3357, pp. 267–279. Springer, Heidelberg (2004)
Katz, J., Ostrovsky, R., Yung, M.: Efficient and secure authenticated key exchange using weak passwords. Journal of the ACM (to appear, 2006)
Lamport, L.: Password authentication with insecure communication. Communications of the ACM 24(11), 770–771 (1981)
I-En, L., Cheng-Chi, L., Min-Shiang, H.: A password authentication scheme over insecure networks. J. Comput. Syst. Sci. 72(4), 727–740 (2006)
Scott, M.: Cryptanalysis of an id-based password authentication scheme using smart cards and fingerprints. SIGOPS Oper. Syst. Rev. 38(2), 73–75 (2004)
Wang, B., Li, J.H., Tong, Z.P.: Cryptanalysis of an enhanced timestamp-based password authentication scheme. Comput. Secur. 22(7), 643–645 (2003)
Yang, G., Wong, D.S., Wang, H., Deng, X.: Formal analysis and systematic construction of two-factor authentication scheme. Cryptology ePrint Archive, Report 2006/270 (2006)
Yoon, E.J., Ryu, E.K., Yoo, K.Y.: Efficient remote user authentication scheme based on generalized elgamal signature scheme. IEEE Transactions on Consumer Electronics 50(2), 568–570 (2004)
Yoon, E.-J., Yoo, K.-Y.: New authentication scheme based on a one-way hash function and Diffie-Hellman key exchange. In: Desmedt, Y.G., Wang, H., Mu, Y., Li, Y. (eds.) CANS 2005. LNCS, vol. 3810, pp. 147–160. Springer, Heidelberg (2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Yang, G., Wong, D.S., Wang, H., Deng, X. (2006). Formal Analysis and Systematic Construction of Two-Factor Authentication Scheme (Short Paper). In: Ning, P., Qing, S., Li, N. (eds) Information and Communications Security. ICICS 2006. Lecture Notes in Computer Science, vol 4307. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11935308_7
Download citation
DOI: https://doi.org/10.1007/11935308_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-49496-6
Online ISBN: 978-3-540-49497-3
eBook Packages: Computer ScienceComputer Science (R0)