Dynamic Encryption Key based Smart Card Authentication Scheme

In order to keep away from difficulties associated with traditional password based authentication methods, smart card based authentication schemes have been widely used. It has already been accepted worldwide due to its low computational cost. However, most of these schemes are vulnerable to one or the other possible attack. This paper describes a new smart card authentication scheme using symmetric key cryptography, which covers all the identified security pitfalls and satisfies the needs of a user. Its security is based on encrypting the contents of all the communicating messages exchanged between remote user and the server. Moreover, it provides users to choose and change their passwords freely, mutual authentication and session key generation. In addition, it uses nonce instead of timestamp to resist replay attack. Security analysis proves that this scheme is secure against impersonation attack, password guessing attack, replay attack, reflection attack, parallel session attack, insider attack, attack on perfect forward secrecy, stolen verifier attack, smart card loss attack and man-in-the-middle attack. The proposed scheme can be easily extended to Internet protocol television broadcasting, Multi-server authentication, Wireless communication and Healthcare, where the user needs to access data from server.