Password Protected Smart Card and Memory Stick Authentication against Off-Line Dictionary Attacks

  • Yongge Wang
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 376)


We study the security requirements for remote authentication with password protected smart card. In recent years, several protocols for password-based authenticated key exchange have been proposed. These protocols are used for the protection of password based authentication between a client and a remote server. In this paper, we will focus on the password based authentication between a smart card owner and smart card via an untrusted card reader. In a typical scenario, a smart card owner inserts the smart card into an untrusted card reader and input the password via the card reader in order for the smart card to carry out the process of authentication with a remote server. In this case, we want to guarantee that the card reader will not be able to impersonate the card owner in future without the smart card itself. Furthermore, the smart card could be stolen. If this happens, we want the assurance that an adversary could not use the smart card to impersonate the card owner even though the sample space of passwords may be small enough to be enumerated by an off-line adversary.


Smart Card Authentication Scheme Authentication Protocol Security Model Card Reader 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated Key Exchange Secure against Dictionary Attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, p. 139. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  2. 2.
    Boyko, V., MacKenzie, P.D., Patel, S.: Provably Secure Password-Authenticated Key Exchange Using Diffie-Hellman. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 156–171. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  3. 3.
    Bresson, E., Chevassut, O., Pointcheval, D.: Security proofs for an efficient password-based key exchange. In: ACM Conference on Computer Communications Security, pp. 241–250. ACM Press (2003)Google Scholar
  4. 4.
    Chen, Y., Chou, J., Huang, C.: Comment on four two-party authentication protocols (2010)Google Scholar
  5. 5.
    Das, M.L., Saxena, A., Gulati, V.P.: A dynamic id-based remote user authentication scheme. IEEE Transactions on Consumer Electronics 50, 629–631 (2004)CrossRefGoogle Scholar
  6. 6.
    Gong, L., Lomas, T.M.A., Needham, R.M., Saltzer, J.H.: Protecting poorly chosen secrets from guessing attacks. IEEE J. Selected Areas in Communications 11, 648–656 (1993)CrossRefGoogle Scholar
  7. 7.
    Goriparthi, T., Das, M.L., Saxena, A.: An improved bilinear pairing based remote user authentication scheme. Computer Standards and Interfaces 31, 181–185 (2009)CrossRefGoogle Scholar
  8. 8.
    Halevi, S., Krawczyk, H.: Public-key cryptography and password protocols. ACM Transactions on Information and System Security 2(3), 230–268 (1999)CrossRefGoogle Scholar
  9. 9.
    IEEE 1363. Standard specifications for public-key cryptography (2005)Google Scholar
  10. 10.
    Juang, W.S., Chen, S.T., Liaw, H.T.: Robust and efficient password-authenticated key agreement using smart cards. IEEE Trans. Industrial Electronics 55, 2551–2556 (2008)CrossRefGoogle Scholar
  11. 11.
    Krawczyk, H.: HMQV: A High-Performance Secure Diffie-Hellman Protocol. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 546–566. Springer, Heidelberg (2005)Google Scholar
  12. 12.
    Lee, Y.S., Nam, J., Won, D.H.: Vulnerabilities in a Remote Agent Authentication Scheme Using Smart Cards. In: Nguyen, N.T., Jo, G.-S., Howlett, R.J., Jain, L.C. (eds.) KES-AMSTA 2008. LNCS (LNAI), vol. 4953, pp. 850–857. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  13. 13.
    Rhee, H.S., Kwon, J.O., Lee, D.H.: A remote user authentication scheme without using smart cards. Computer Standards and Interfaces 31, 6–13 (2009)CrossRefGoogle Scholar
  14. 14.
    Wang, Y.: Efficient identity-based and authenticated key agreement protocol (2005),
  15. 15.
    Xiang, T., Wong, K., Liao, X.: Cryptanalysis of a password authentication scheme over insecure networks. Computer and System Sciences 74, 657–661 (2008)MathSciNetzbMATHCrossRefGoogle Scholar
  16. 16.
    Zhao, Z., Dong, Z., Wang, Y.: Security analysis of a password-based authentication protocol proposed to ieee 1363. Theoretical Computer Science 352, 280–287 (2006)MathSciNetzbMATHCrossRefGoogle Scholar

Copyright information

© IFIP International Federation for Information Processing 2012

Authors and Affiliations

  • Yongge Wang
    • 1
  1. 1.UNC CharlotteCharlotteUSA

Personalised recommendations