Password Protected Smart Card and Memory Stick Authentication against Off-Line Dictionary Attacks
نویسنده
چکیده
We study the security requirements for remote authentication with password protected smart card. In recent years, several protocols for password-based authenticated key exchange have been proposed. These protocols are used for the protection of password based authentication between a client and a remote server. In this paper, we will focus on the password based authentication between a smart card owner and smart card via an untrusted card reader. In a typical scenario, a smart card owner inserts the smart card into an untrusted card reader and input the password via the card reader in order for the smart card to carry out the process of authentication with a remote server. In this case, we want to guarantee that the card reader will not be able to impersonate the card owner in future without the smart card itself. Furthermore, the smart card could be stolen. If this happens, we want the assurance that an adversary could not use the smart card to impersonate the card owner even though the sample space of passwords may be small enough to be enumerated by an off-line adversary.
منابع مشابه
Two - factor Authentication Schemes Based Smart Card and Password with User Anonymity ⋆
Two-factor anonymous authentication using password and smart card could preserve user privacy and reduce the risk than the use of a single authentication factor. Recently, Chang et al. pointed some security weaknesses in Wang et al.’s anonymous authentication scheme and proposed enhanced scheme. They claimed that their scheme provides desired security properties. However, we show that Chang et ...
متن کاملSecure Communication and Authentication Against Off-line Dictionary Attacks in Smart Grid Systems
This paper studies the security requirements for remote authentication and communication in smart grid systems. Though smart card based authentication techniques have been a successful solution for addressing key management challenges in several cryptographic authentication systems, they may not be applicable to smart grid systems. For example, in order to unlock the credentials stored in tampe...
متن کاملCryptanalysis of Yeh-Shen-Hwang's One-Time Password Authentication Scheme
The well-known S/KEY one-time password scheme was designed to counter eavesdropping and replay attacks [1]. The success of S/KEY stems from its efficiency and simplicity as well as its security property. S/KEY uses simple hash functions and does not require other complex cryptographic primitives. Even though S/KEY is immune to eavesdropping and replay attacks, it is susceptible to preplay attac...
متن کاملComments on Yeh-Shen-Hwang's One-Time Password Authentication Scheme
The S/Key one-time password scheme is designed to counter replay attacks or eavesdropping attacks [2], [3]. With this scheme, the user’s secret pass-phrase never needs to cross the network at any time such as during authentication or during pass-phrase changes. Moreover, no secret information need be stored on any system, including the server being protected. Although the S/KEY scheme thus prot...
متن کاملSecure and Efficient Smart Card Based Remote User Password Authentication Scheme
In distributed systems, the smart card based password authentication, as one of the most convenient and efficient two-factor authentication mechanisms, is widely used to ensure that the protected services are not available to unauthorized users. Recently, Li et al. demonstrated that the smart card based password authentication scheme proposed by Chen et al. cannot provide perfect forward secrec...
متن کامل