Robust Password and Smart Card Based Authentication Scheme with Smart Card Revocation

User authentication scheme allows user and server to authenticate each other, and generates a session key for the subsequent communication. How to resist the password guessing attacks and smart card stolen attacks are two key problems for designing smart cart and password based user authentication s...

Full description

Saved in:
Bibliographic Details
Published in:Shanghai jiao tong da xue xue bao 2014-08, Vol.19 (4), p.418-424
Main Author: 谢琪 刘文浩 王圣宝 胡斌 董娜 于秀源
Format: Article
Language:English
Subjects:
Architecture
Authentication
Calculus
Carts
Computer Science
Electrical Engineering
Engineering
Life Sciences
Lithium
Materials Science
Mathematical analysis
Passwords
Smart cards
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:User authentication scheme allows user and server to authenticate each other, and generates a session key for the subsequent communication. How to resist the password guessing attacks and smart card stolen attacks are two key problems for designing smart cart and password based user authentication scheme. In 2011, Li and Lee proposed a new smart cart and password based user authentication scheme with smart card revocation, and claimed that their scheme could be immunity to these attacks. In this paper, we show that Li and Lee's sctleme is vulnerable to off-line password guessing attack once the information stored in smart card is extracted, and it does not provide perfect forward secrecy. A robust user authentication scheme with smart card revocation is then proposed. We use a most popular and widely used formal verification tool ProVerif, which is based on applied pi calculus, to prove that the proposed scheme achieves security and authentication.
ISSN:1007-1172
1995-8188
DOI:10.1007/s12204-014-1518-2