Formal analysis and systematic construction of two-factor authentication scheme (short paper)

Guomin Yang*, Duncan S. Wong, Huaxiong Wang, Xiaotie Deng

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference proceeding contribution

10 Citations (Scopus)

Abstract

One of the most commonly used two-factor authentication mechanisms is based on smart card and user's password. Throughout the years, there have been many schemes proposed, but most of them have already been found flawed due to the lack of formal security analysis. On the cryptanalysis of this type of schemes, in this paper, we further review two recently proposed schemes and show that their security claims are invalid. To address the current issue, we propose a new and simplified property set and a formal adversarial model for analyzing the security of this type of schemes. We believe that the property set and the adversarial model themselves are of independent interest.

We then propose a new scheme and a generic construction framework. In particular, we show that a secure password based key exchange protocol can be transformed efficiently to a smartcard and password based two-factor authentication scheme provided that there exist pseudorandom functions and collision-resistant hash functions.

Original languageEnglish
Title of host publicationInformation and communications security
Subtitle of host publication8th international conference, ICICS 2006, proceedings
EditorsPeng Ning, Sihan Qing, Ninghui Li
Place of PublicationBerlin; Heidelberg
PublisherSpringer, Springer Nature
Pages82-91
Number of pages10
ISBN (Print)9783540494966
DOIs
Publication statusPublished - 2006
Event8th International Conference on Information and Communications Security - Raleigh, NC, United States
Duration: 4 Dec 20067 Dec 2006

Publication series

NameLecture Notes in Computer Science
PublisherSpringer
Volume4307
ISSN (Print)0302-9743

Conference

Conference8th International Conference on Information and Communications Security
CountryUnited States
CityRaleigh, NC
Period4/12/067/12/06

Keywords

  • PASSWORD AUTHENTICATION
  • KEY EXCHANGE
  • CRYPTANALYSIS
  • EFFICIENT

Cite this