A Generic Framework to Enhance Two-Factor Authentication in Cryptographic Smart-card Applications

Today, most authenticating applications using passwords are being compromised and the risk is becoming higher because it's becoming easier to download tools that will crack them. Passwords are no longer sufficient, as threats against them increase in large quantity. With the growing use of internet to access information resources, government and private agencies are now moving to replace password-based user authentication with stronger, Two-factor authentication systems that strengthen information security. Two-factor authentication requires that two parts of data be accessible, each being from a different category. It is a secure identification process in which the user provides two means of recognition, one of which is normally a physical token, such as a card, and the other of which is typically something memorized, such as a password or PIN number. In general Cryptographic Smart Cards provide a secure, portable platform for this type of Two-factor authentication systems. However, these smart card cryptographic systems are vulnerable to traditional mathematical attacks such as Differential and Linear Cryptanalysis attacks. These attacks explore weaknesses in cryptographic algorithms that are represented as mathematical objects. Other form of cryptographic attacks like Differential Power Analysis (DPA) attacks, fault attacks, replay attacks, side channel attacks, etc also exists. Hence to overcome these attacks, a new generic framework “Smart Crypto-Stegano Card” is proposed in this paper to enhance Two-Factor Authentication that gives users a better way to provide enhanced security for different smart card applications. Keyword-Two-Factor Authentication, Linear Cryptanalysis attacks, Differential Power Analysis attacks, Smart Crypto-Stegano Card