上海交通大学学报(英文版) ›› 2014, Vol. 19 ›› Issue (4): 418-424.doi: 10.1007/s12204-014-1518-2
XIE Qi* (谢 琪), LIU Wen-hao (刘文浩), WANG Sheng-bao (王圣宝),HU Bin (胡 斌), DONG Na (董 娜), YU Xiu-yuan (于秀源)
出版日期:
2014-08-30
发布日期:
2014-10-13
通讯作者:
XIE Qi (谢 琪)
E-mail:qixie68@126.com
XIE Qi* (谢 琪), LIU Wen-hao (刘文浩), WANG Sheng-bao (王圣宝),HU Bin (胡 斌), DONG Na (董 娜), YU Xiu-yuan (于秀源)
Online:
2014-08-30
Published:
2014-10-13
Contact:
XIE Qi (谢 琪)
E-mail:qixie68@126.com
摘要: User authentication scheme allows user and server to authenticate each other, and generates a session key for the subsequent communication. How to resist the password guessing attacks and smart card stolen attacks are two key problems for designing smart cart and password based user authentication scheme. In 2011, Li and Lee proposed a new smart cart and password based user authentication scheme with smart card revocation, and claimed that their scheme could be immunity to these attacks. In this paper, we show that Li and Lee’s scheme is vulnerable to off-line password guessing attack once the information stored in smart card is extracted, and it does not provide perfect forward secrecy. A robust user authentication scheme with smart card revocation is then proposed. We use a most popular and widely used formal verification tool ProVerif, which is based on applied pi calculus, to prove that the proposed scheme achieves security and authentication.
中图分类号:
XIE Qi* (谢 琪), LIU Wen-hao (刘文浩), WANG Sheng-bao (王圣宝),HU Bin (胡 斌), DONG Na (董 . Robust Password and Smart Card Based Authentication Scheme with Smart Card Revocation[J]. 上海交通大学学报(英文版), 2014, 19(4): 418-424.
XIE Qi* (谢 琪), LIU Wen-hao (刘文浩), WANG Sheng-bao (王圣宝),HU Bin (胡 斌), DONG Na (董 娜), YU Xiu-yuan (于秀源). Robust Password and Smart Card Based Authentication Scheme with Smart Card Revocation[J]. Journal of shanghai Jiaotong University (Science), 2014, 19(4): 418-424.
[1] Chen B L, Kuo W C, Wuu L C. A secure passwordbased remote user authentication scheme without smart cards [J]. Information Technology and Control,2012, 41(1): 53-59. [2] Chang C C, Hwang S J. Using smart cards to authenticate remote passwords [J]. Computers & Mathematics with Applications, 1993, 26(7): 19-27. [3] Li C T. Secure smart card based password authentication scheme with user anonymity [J]. Information Technology and Control, 2011, 40(2): 157-162. [4] Yoon E J, Ryu E K, Yoo K Y. Further improvement of an efficient password based remote user authentication scheme using smart cards [J]. IEEE Transactions on Consumer Electronics, 2004, 50(2): 612-614. [5] Kumar M. New remote user authentication scheme using smart cards [J]. IEEE Transactions on Consumer Electronics, 2004, 50 (2): 597-600. [6] Sun H M. An efficient remote user authentication scheme using smart cards [J]. IEEE Transactions on Consumer Electronics, 2000, 46(4): 958-961. [7] Xu J, Zhu W T, Feng D G. An Improved smart card based password authentication scheme with provable security [J]. Computer Standards & Interfaces, 2009,31(4): 723-728. [8] Xie Q. Improvement of a security enhanced one-time two-factor authentication and key agreement scheme[J]. Scientia Iranica, 2012, 19(6): 1856-1860. [9] Nose P. Security weaknesses of authenticated key agreement protocols [J]. Information Processing Letters,2011, 111(14): 687-696. [10] Kocher P, Jaffe J, Jun B. Differential power analysis [C]//Proceedings of Advances in Cryptology. Berlin:Springer, 1999: 388-397. [11] Messerges T S, Dabbish E A, Sloan R H. Examining smart-card security under the threat of power analysis attacks [J]. IEEE Transactions on Computers,2002, 51(5): 541-552. [12] Lee N Y, Chen J C. Improvement of one-time password authentication scheme using smart card [J].IEICE Transactiosn on Communications, 2005, E88-B(9): 3765-3769. [13] Wang X M, Zhang W F, Zhang J S, et al. Cryptanalysis and improvement on two efficient remote user authentication scheme using smart cards [J]. Computer Standards & Interfaces, 2007, 29(5): 507-512. [14] Chen T H, Hsiang H C, HihWK. Security enhancement on an improvement on two remote user authentication schemes using smart cards [J]. Future Generation Computer Systems, 2011, 27(4): 377-380. [15] H¨olbl M, Welzer T, Brumen B. Attacks and improvement of an efficient remote mutual authentication and key agreement scheme [J]. Cryptologia, 2009,34(1): 52-59. [16] Song R G. Advanced smart card based password authentication protocol [J]. Computer Standards & Interfaces,2010, 32(5-6): 321-325. [17] Li C T, Lee C C. A robust remote user authentication scheme using smart card [J]. Information Technology and Control, 2011, 40(3): 236-245. [18] Wang Y G. Password protected smart card and memory stick authentication against off-line dictionary attacks[C]//27th IFIP TC 11 Information Security and Privacy Conference, SEC 2012. Boston: Springer,2012: 489-500. [19] Wang D, Ma C G, Wang P, et al. Robust smart card based password authentication scheme against smart card loss problem [EB/OL]. (2012-07-03) [2013-09-28].http://eprint.iacr.org/2012/439. [20] Hsiang H C, Shih W K. Weaknesses and improvements of the Yoon-Ryu-Yoo remote user authentication scheme using smart cards [J]. Computer Communications,2009, 32(4): 649-652. [21] Chen T H, Huang J C. A novel user-participating authentication scheme [J]. The Journal of Systems and Software, 2010, 83(5): 861-867. [22] Abadi M, Blanchet B, Lundh H C. Models and proofs of protocol security: A progress report [J]. Computer Aided Verification, 2009, 5643: 35-49. [23] Abadi M, Fournet C.Mobile values, new names, and secure communication [C]//Proceedings of the 28th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages. New York: ACM, 2011: 104-115. [24] Blanchet B, Cheval V, Allamigeon X, et al.ProVerif: Cryptographic protocol verifier in the formal model [EB/OL]. (2012-07-03) [2013-09-28]. http://prosecco.gforge.inria.fr/personal/bblanche/proverif/. [25] Li C T, Hwang M S, Chu Y P. A secure and efficient communication scheme with authenticated key establishment and privacy preserving for vehicular ad hoc networks [J]. Computer Communication, 2008, 31(12):2803-2814. |
[1] | WANG Mingzheng, WANG Yijie, WANG Tianyu, HOU Linzao, LI Mian . New Approach for Information Security Evaluation and Management of IT Systems in Educational Institutions[J]. J Shanghai Jiaotong Univ Sci, 2020, 25(6): 689-699. |
[2] | MIRZAEE Siavash, JIANG Letian *(蒋乐天). Fast Confidentiality-Preserving Authentication for Vehicular Ad Hoc Networks[J]. Journal of Shanghai Jiao Tong University (Science), 2019, 24(1): 31-40. |
[3] | BHASKAR Subbe Gowda1*, SATISH KUMAR Gandluru Arthur Edwin2, RAMANA REDDY Patil3. Design and Analysis of an Adaptive Handover Protocol for 4G Networks[J]. 上海交通大学学报(英文版), 2015, 20(2): 209-217. |
[4] | HE Jing-sha1,2 (何泾沙), XU Chen1* (徐琛), ZHANG Yi-xuan1 (张伊璇), ZHOU Shi-yi2 (周世义). A Strategy for Middleman Attack Prevention in Remote Desktop Protocol[J]. 上海交通大学学报(英文版), 2015, 20(1): 82-85. |
[5] | ZHANG Yin-fa1 (张引发), REN Shuai1* (任 帅), LI Juan1 (李 娟), LIAO Xiao-min1 (廖晓闽),LI . Research on High Power Inter-Channel Crosstalk Attack in Optical Networks[J]. 上海交通大学学报(英文版), 2015, 20(1): 7-13. |
[6] | HE Jun* (何俊), ZHENG Shi-hui (郑世慧). Intrusion Detection Model with Twin Support Vector Machines[J]. 上海交通大学学报(英文版), 2014, 19(4): 448-454. |
[7] | WANG Chih-hung* (王智弘), TU Tai-yuan (涂泰源). Keyword Search Encryption Scheme Resistant Against Keyword-Guessing Attack by the Untrusted Server[J]. 上海交通大学学报(英文版), 2014, 19(4): 440-442. |
[8] | CHIEN Hung-yu (简宏宇). Provably Secure Authenticated Diffie-Hellman Key Exchange for Resource-Limited Smart Card[J]. 上海交通大学学报(英文版), 2014, 19(4): 436-439. |
[9] | GAO Jian-bo1 (高建波), ZHANG Bao-wen1* (张保稳), CHEN Xiao-hua2 (陈晓桦), LUO Zheng3 (罗 铮. Ontology-Based Model of Network and Computer Attacks for Security Assessment[J]. 上海交通大学学报(英文版), 2013, 18(5): 554-562. |
[10] | ZHAO Shi-kang (赵士康), HE Di (何 迪), LI Wen-hua (李文化), ZHU Fu-sheng (朱伏生). Reputation-Based Collaborative Spectrum Sensing Scheme in Cognitive Radio Networks[J]. 上海交通大学学报(英文版), 2011, 16(6): 641-647. |
[11] | SUN Jin (孙 瑾), HU Yu-pu (胡予濮), ZHANG Le-you (张乐友). Chosen Ciphertext Secure Identity-Based Broadcast Encryption in the Standard Model[J]. 上海交通大学学报(英文版), 2011, 16(6): 672-676. |
[12] | LO Nai-wei (罗乃维), YEH Kuo-hui (叶国晖). Simple Three-Party Password Authenticated Key Exchange Protocol[J]. 上海交通大学学报(英文版), 2011, 16(5): 600-603. |
阅读次数 | ||||||||||||||||||||||
全文 255
|
|
|||||||||||||||||||||
摘要 |
|
|||||||||||||||||||||