An Efficient and Secure Two-Factor Password Authentication Scheme With Card Reader(Terminal) Verification

With regard to the privacy of client-server communication systems, most research works have concentrated on authentication to guarantee security. Among the investigated schemes, two-factor password authentication has been a major focus and has undergone considerable development. Two-factor password...

Full description

Saved in:
Bibliographic Details
Published in:IEEE access 2018-01, Vol.6, p.70707-70719
Main Authors: Xiong, Wanjun, Zhou, Fan, Wang, Ruomei, Lan, Rushi, Sun, Xiyan, Luo, Xiaonan
Format: Article
Language:English
Subjects:
Authentication
Communications systems
Elliptic curve cryptography
Forgery
malicious card reader attack
Password
password authentication
Passwords
Resists
Security
Servers
smart card
Smart cards
two-factor
Verification
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:With regard to the privacy of client-server communication systems, most research works have concentrated on authentication to guarantee security. Among the investigated schemes, two-factor password authentication has been a major focus and has undergone considerable development. Two-factor password authentication is a process in which both a password and a physical object are used for authentication to achieve a higher level of security. However, these methods are still subject to some security vulnerabilities, such as malicious card reader attacks, man-in-the-middle attacks, and a lack of perfect forward secrecy. Moreover, although there are many evaluation criteria, there still lacks a set of universal criteria. To address these issues, a two-factor password authentication scheme is proposed in the context of practical application environment in this paper, such as side-channel attacks. Moreover, a card reader verification step is added to the authentication scheme to counteract malicious card reader attacks. In addition, the proposed scheme can resist various known attacks, including replay attacks, lost or stolen smart card attacks, and man-in-the-middle attacks. We present a detailed security analysis and comparative evaluation, and we prove the security of our scheme with Burrows-Abadi-Needham (BAN) logic. Compared with previous schemes, the main advantages of the proposed scheme are its low computational cost, guaranteed security, and better adaptability to actual client-server communication environments.
ISSN:2169-3536
2169-3536
DOI:10.1109/ACCESS.2018.2869535