Skip to main content
SpringerLink
Log in

Robust password and smart card based authentication scheme with smart card revocation

  • Published:
Journal of Shanghai Jiaotong University (Science) Aims and scope Submit manuscript

Abstract

User authentication scheme allows user and server to authenticate each other, and generates a session key for the subsequent communication. How to resist the password guessing attacks and smart card stolen attacks are two key problems for designing smart cart and password based user authentication scheme. In 2011, Li and Lee proposed a new smart cart and password based user authentication scheme with smart card revocation, and claimed that their scheme could be immunity to these attacks. In this paper, we show that Li and Lee’s scheme is vulnerable to off-line password guessing attack once the information stored in smart card is extracted, and it does not provide perfect forward secrecy. A robust user authentication scheme with smart card revocation is then proposed. We use a most popular and widely used formal verification tool ProVerif, which is based on applied pi calculus, to prove that the proposed scheme achieves security and authentication.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Chen B L, Kuo W C, Wuu L C. A secure password-based remote user authentication scheme without smart cards [J]. Information Technology and Control, 2012, 41(1): 53–59.

    Article  Google Scholar 

  2. Chang C C, Hwang S J. Using smart cards to authenticate remote passwords [J]. Computers & Mathematics with Applications, 1993, 26(7): 19–27.

    Article  MATH  Google Scholar 

  3. Li C T. Secure smart card based password authentication scheme with user anonymity [J]. Information Technology and Control, 2011, 40(2): 157–162.

    Article  Google Scholar 

  4. Yoon E J, Ryu E K, Yoo K Y. Further improvement of an efficient password based remote user authentication scheme using smart cards [J]. IEEE Transactions on Consumer Electronics, 2004, 50(2): 612–614.

    Article  Google Scholar 

  5. Kumar M. New remote user authentication scheme using smart cards [J]. IEEE Transactions on Consumer Electronics, 2004, 50(2): 597–600.

    Article  Google Scholar 

  6. Sun H M. An efficient remote user authentication scheme using smart cards [J]. IEEE Transactions on Consumer Electronics, 2000, 46(4): 958–961.

    Article  Google Scholar 

  7. Xu J, Zhu W T, Feng D G. An Improved smart card based password authentication scheme with provable security [J]. Computer Standards & Interfaces, 2009, 31(4): 723–728.

    Article  Google Scholar 

  8. Xie Q. Improvement of a security enhanced one-time two-factor authentication and key agreement scheme [J]. Scientia Iranica, 2012, 19(6): 1856–1860.

    Article  Google Scholar 

  9. Nose P. Security weaknesses of authenticated key agreement protocols [J]. Information Processing Letters, 2011, 111(14): 687–696.

    Article  MATH  MathSciNet  Google Scholar 

  10. Kocher P, Jaffe J, Jun B. Differential power analysis [C]//Proceedings of Advances in Cryptology. Berlin: Springer, 1999: 388–397.

    Google Scholar 

  11. Messerges T S, Dabbish E A, Sloan R H. Examining smart-card security under the threat of power analysis attacks [J]. IEEE Transactions on Computers, 2002, 51(5): 541–552.

    Article  MathSciNet  Google Scholar 

  12. Lee N Y, Chen J C. Improvement of one-time password authentication scheme using smart card [J]. IEICE Transactiosn on Communications, 2005, E88-B(9): 3765–3769.

    Article  Google Scholar 

  13. Wang X M, Zhang W F, Zhang J S, et al. Cryptanalysis and improvement on two efficient remote user authentication scheme using smart cards [J]. Computer Standards & Interfaces, 2007, 29(5): 507–512.

    Article  Google Scholar 

  14. Chen T H, Hsiang H C, Hih W K. Security enhancement on an improvement on two remote user authentication schemes using smart cards [J]. Future Generation Computer Systems, 2011, 27(4): 377–380.

    Article  MATH  Google Scholar 

  15. Hölbl M, Welzer T, Brumen B. Attacks and improvement of an efficient remote mutual authentication and key agreement scheme [J]. Cryptologia, 2009, 34(1): 52–59.

    Article  Google Scholar 

  16. Song R G. Advanced smart card based password authentication protocol [J]. Computer Standards & Interfaces, 2010, 32(5–6): 321–325.

    Article  Google Scholar 

  17. Li C T, Lee C C. A robust remote user authentication scheme using smart card [J]. Information Technology and Control, 2011, 40(3): 236–245.

    Article  Google Scholar 

  18. Wang Y G. Password protected smart card and memory stick authentication against off-line dictionary attacks [C]//27th IFIP TC 11 Information Security and Privacy Conference, SEC 2012. Boston: Springer, 2012: 489–500.

    Google Scholar 

  19. Wang D, Ma C G, Wang P, et al. Robust smart card based password authentication scheme against smart card loss problem [EB/OL]. (2012-07-03) [2013-09-28]. http://eprint.iacr.org/2012/439.

  20. Hsiang H C, Shih W K. Weaknesses and improvements of the Yoon-Ryu-Yoo remote user authentication scheme using smart cards [J]. Computer Communications, 2009, 32(4): 649–652.

    Article  Google Scholar 

  21. Chen T H, Huang J C. A novel user-participating authentication scheme [J]. The Journal of Systems and Software, 2010, 83(5): 861–867.

    Article  Google Scholar 

  22. Abadi M, Blanchet B, Lundh H C. Models and proofs of protocol security: A progress report [J]. Computer Aided Verification, 2009, 5643: 35–49.

    Google Scholar 

  23. Abadi M, Fournet C. Mobile values, new names, and secure communication [C]//Proceedings of the 28th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages. New York: ACM, 2011: 104–115.

    Google Scholar 

  24. Blanchet B, Cheval V, Allamigeon X, et al. ProVerif: Cryptographic protocol verifier in the formal model [EB/OL]. (2012-07-03) [2013-09-28]. http://prosecco.gforge.inria.fr/personal/bblanche/proverif/.

  25. Li C T, Hwang M S, Chu Y P. A secure and efficient communication scheme with authenticated key establishment and privacy preserving for vehicular ad hoc networks [J]. Computer Communication, 2008, 31(12): 2803–2814.

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Hangzhou Key Laboratory of Cryptography and Network Security, Hangzhou Normal University, Hangzhou, 311121, China

    Qi Xie  (谢 琪), Wen-hao Liu  (刘文浩), Sheng-bao Wang  (王圣宝), Bin Hu  (胡 斌), Na Dong  (董娜) & Xiu-yuan Yu  (于秀源)

Authors
  1. Qi Xie  (谢 琪)
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Wen-hao Liu  (刘文浩)
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Sheng-bao Wang  (王圣宝)
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Bin Hu  (胡 斌)
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Na Dong  (董娜)
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Xiu-yuan Yu  (于秀源)
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Qi Xie  (谢 琪).

Additional information

Foundation item: the National Basic Research Development (973) Program of China (No. 2013CB834205), the National Natural Science Foundation of China (Nos. 61070153 and 61103209), the Natural Science Foundation of Zhejiang Province (Nos. LZ12F02005 and LY12F02006), and the Education Department Foundation of Zhejiang Province (No. Y201222977)

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Xie, Q., Liu, Wh., Wang, Sb. et al. Robust password and smart card based authentication scheme with smart card revocation. J. Shanghai Jiaotong Univ. (Sci.) 19, 418–424 (2014). https://doi.org/10.1007/s12204-014-1518-2

Download citation

  • Received:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12204-014-1518-2

Key words

CLC number

Search

Navigation