上海交通大学学报(英文版) ›› 2014, Vol. 19 ›› Issue (4): 418-424.doi: 10.1007/s12204-014-1518-2

• • 上一篇    下一篇

Robust Password and Smart Card Based Authentication Scheme with Smart Card Revocation

XIE Qi* (谢 琪), LIU Wen-hao (刘文浩), WANG Sheng-bao (王圣宝),HU Bin (胡 斌), DONG Na (董 娜), YU Xiu-yuan (于秀源)   

  1. (Hangzhou Key Laboratory of Cryptography and Network Security, Hangzhou Normal University, Hangzhou 311121, China)
  • 出版日期:2014-08-30 发布日期:2014-10-13
  • 通讯作者: XIE Qi (谢 琪) E-mail:qixie68@126.com

Robust Password and Smart Card Based Authentication Scheme with Smart Card Revocation

XIE Qi* (谢 琪), LIU Wen-hao (刘文浩), WANG Sheng-bao (王圣宝),HU Bin (胡 斌), DONG Na (董 娜), YU Xiu-yuan (于秀源)   

  1. (Hangzhou Key Laboratory of Cryptography and Network Security, Hangzhou Normal University, Hangzhou 311121, China)
  • Online:2014-08-30 Published:2014-10-13
  • Contact: XIE Qi (谢 琪) E-mail:qixie68@126.com

摘要: User authentication scheme allows user and server to authenticate each other, and generates a session key for the subsequent communication. How to resist the password guessing attacks and smart card stolen attacks are two key problems for designing smart cart and password based user authentication scheme. In 2011, Li and Lee proposed a new smart cart and password based user authentication scheme with smart card revocation, and claimed that their scheme could be immunity to these attacks. In this paper, we show that Li and Lee’s scheme is vulnerable to off-line password guessing attack once the information stored in smart card is extracted, and it does not provide perfect forward secrecy. A robust user authentication scheme with smart card revocation is then proposed. We use a most popular and widely used formal verification tool ProVerif, which is based on applied pi calculus, to prove that the proposed scheme achieves security and authentication.

关键词: user authentication, smart card, password, protocol, security

Abstract: User authentication scheme allows user and server to authenticate each other, and generates a session key for the subsequent communication. How to resist the password guessing attacks and smart card stolen attacks are two key problems for designing smart cart and password based user authentication scheme. In 2011, Li and Lee proposed a new smart cart and password based user authentication scheme with smart card revocation, and claimed that their scheme could be immunity to these attacks. In this paper, we show that Li and Lee’s scheme is vulnerable to off-line password guessing attack once the information stored in smart card is extracted, and it does not provide perfect forward secrecy. A robust user authentication scheme with smart card revocation is then proposed. We use a most popular and widely used formal verification tool ProVerif, which is based on applied pi calculus, to prove that the proposed scheme achieves security and authentication.

Key words: user authentication, smart card, password, protocol, security

中图分类号: