An Efficient and Secure Two-Factor Password Authentication Scheme With Card Reader(Terminal) Verification
With regard to the privacy of client-server communication systems, most research works have concentrated on authentication to guarantee security. Among the investigated schemes, two-factor password authentication has been a major focus and has undergone considerable development. Two-factor password...
| Váldodahkkit: | , , , , , |
|---|---|
| Materiálatiipa: | Artihkal |
| Giella: | English |
| Almmustuhtton: |
IEEE
2018-01-01
|
| Ráidu: | IEEE Access |
| Fáttát: | |
| Liŋkkat: | https://ieeexplore.ieee.org/document/8466879/ |
| _version_ | 1830091122641207296 |
|---|---|
| author | Wanjun Xiong Fan Zhou Ruomei Wang Rushi Lan Xiyan Sun Xiaonan Luo |
| author_facet | Wanjun Xiong Fan Zhou Ruomei Wang Rushi Lan Xiyan Sun Xiaonan Luo |
| author_sort | Wanjun Xiong |
| collection | DOAJ |
| description | With regard to the privacy of client-server communication systems, most research works have concentrated on authentication to guarantee security. Among the investigated schemes, two-factor password authentication has been a major focus and has undergone considerable development. Two-factor password authentication is a process in which both a password and a physical object are used for authentication to achieve a higher level of security. However, these methods are still subject to some security vulnerabilities, such as malicious card reader attacks, man-in-the-middle attacks, and a lack of perfect forward secrecy. Moreover, although there are many evaluation criteria, there still lacks a set of universal criteria. To address these issues, a two-factor password authentication scheme is proposed in the context of practical application environment in this paper, such as side-channel attacks. Moreover, a card reader verification step is added to the authentication scheme to counteract malicious card reader attacks. In addition, the proposed scheme can resist various known attacks, including replay attacks, lost or stolen smart card attacks, and man-inthe-middle attacks. We present a detailed security analysis and comparative evaluation, and we prove the security of our scheme with Burrows-Abadi-Needham (BAN) logic. Compared with previous schemes, the main advantages of the proposed scheme are its low computational cost, guaranteed security, and better adaptability to actual client-server communication environments. |
| first_indexed | 2024-12-16T17:15:09Z |
| format | Article |
| id | doaj.art-83d63efa68f34d2fa24c8a5f461fdcc4 |
| institution | Directory Open Access Journal |
| issn | 2169-3536 |
| language | English |
| last_indexed | 2024-12-16T17:15:09Z |
| publishDate | 2018-01-01 |
| publisher | IEEE |
| record_format | Article |
| series | IEEE Access |
| spelling | doaj.art-83d63efa68f34d2fa24c8a5f461fdcc42022-12-21T22:23:19ZengIEEEIEEE Access2169-35362018-01-016707077071910.1109/ACCESS.2018.28695358466879An Efficient and Secure Two-Factor Password Authentication Scheme With Card Reader(Terminal) VerificationWanjun Xiong0https://orcid.org/0000-0003-2978-3945Fan Zhou1Ruomei Wang2Rushi Lan3https://orcid.org/0000-0002-9488-8236Xiyan Sun4Xiaonan Luo5School of Data and Computer Science, National Engineering Research Center for Digital Life, Sun Yat-sen University, Guangzhou, ChinaSchool of Data and Computer Science, National Engineering Research Center for Digital Life, Sun Yat-sen University, Guangzhou, ChinaSchool of Data and Computer Science, National Engineering Research Center for Digital Life, Sun Yat-sen University, Guangzhou, ChinaSchool of Computer Science and Engineering, South China University of Technology, Guangzhou, ChinaSchool of Information and Communication, Guilin University of Electronic Technology, Guilin, ChinaSchool of Computer Science and Information Security, Guilin University of Electronic Technology, Guilin, ChinaWith regard to the privacy of client-server communication systems, most research works have concentrated on authentication to guarantee security. Among the investigated schemes, two-factor password authentication has been a major focus and has undergone considerable development. Two-factor password authentication is a process in which both a password and a physical object are used for authentication to achieve a higher level of security. However, these methods are still subject to some security vulnerabilities, such as malicious card reader attacks, man-in-the-middle attacks, and a lack of perfect forward secrecy. Moreover, although there are many evaluation criteria, there still lacks a set of universal criteria. To address these issues, a two-factor password authentication scheme is proposed in the context of practical application environment in this paper, such as side-channel attacks. Moreover, a card reader verification step is added to the authentication scheme to counteract malicious card reader attacks. In addition, the proposed scheme can resist various known attacks, including replay attacks, lost or stolen smart card attacks, and man-inthe-middle attacks. We present a detailed security analysis and comparative evaluation, and we prove the security of our scheme with Burrows-Abadi-Needham (BAN) logic. Compared with previous schemes, the main advantages of the proposed scheme are its low computational cost, guaranteed security, and better adaptability to actual client-server communication environments.https://ieeexplore.ieee.org/document/8466879/two-factorpassword authenticationElliptic curve cryptographysmart cardmalicious card reader attack |
| spellingShingle | Wanjun Xiong Fan Zhou Ruomei Wang Rushi Lan Xiyan Sun Xiaonan Luo An Efficient and Secure Two-Factor Password Authentication Scheme With Card Reader(Terminal) Verification IEEE Access two-factor password authentication Elliptic curve cryptography smart card malicious card reader attack |
| title | An Efficient and Secure Two-Factor Password Authentication Scheme With Card Reader(Terminal) Verification |
| title_full | An Efficient and Secure Two-Factor Password Authentication Scheme With Card Reader(Terminal) Verification |
| title_fullStr | An Efficient and Secure Two-Factor Password Authentication Scheme With Card Reader(Terminal) Verification |
| title_full_unstemmed | An Efficient and Secure Two-Factor Password Authentication Scheme With Card Reader(Terminal) Verification |
| title_short | An Efficient and Secure Two-Factor Password Authentication Scheme With Card Reader(Terminal) Verification |
| title_sort | efficient and secure two factor password authentication scheme with card reader terminal verification |
| topic | two-factor password authentication Elliptic curve cryptography smart card malicious card reader attack |
| url | https://ieeexplore.ieee.org/document/8466879/ |
| work_keys_str_mv | AT wanjunxiong anefficientandsecuretwofactorpasswordauthenticationschemewithcardreaderterminalverification AT fanzhou anefficientandsecuretwofactorpasswordauthenticationschemewithcardreaderterminalverification AT ruomeiwang anefficientandsecuretwofactorpasswordauthenticationschemewithcardreaderterminalverification AT rushilan anefficientandsecuretwofactorpasswordauthenticationschemewithcardreaderterminalverification AT xiyansun anefficientandsecuretwofactorpasswordauthenticationschemewithcardreaderterminalverification AT xiaonanluo anefficientandsecuretwofactorpasswordauthenticationschemewithcardreaderterminalverification AT wanjunxiong efficientandsecuretwofactorpasswordauthenticationschemewithcardreaderterminalverification AT fanzhou efficientandsecuretwofactorpasswordauthenticationschemewithcardreaderterminalverification AT ruomeiwang efficientandsecuretwofactorpasswordauthenticationschemewithcardreaderterminalverification AT rushilan efficientandsecuretwofactorpasswordauthenticationschemewithcardreaderterminalverification AT xiyansun efficientandsecuretwofactorpasswordauthenticationschemewithcardreaderterminalverification AT xiaonanluo efficientandsecuretwofactorpasswordauthenticationschemewithcardreaderterminalverification |