Title :
An Improved Two-factor Authentication Protocol
Author_Institution :
Dept. of Electron., Inf. Eng. Univ., Zhengzhou, China
Abstract :
Most recently, Yang et al proposed a new set of security requirements for two-factor smart-card-based password mutual authentication and then suggested a new scheme satisfying all their security requirements. In this paper, however, we first show one critical security weakness being overlooked, i.e., allowing key-compromise impersonation. We provide an attack to illustrate the adversary is able to masquerade any user to access the server´s service in their protocol once if the long-term key of the server is compromised. Thereafter, we suggests key-compromise impersonation resilience should be added as one more important security requirement for two-factor smart-card based password mutual authentication and then propose an improved protocol to eliminate the security weakness existing in Yang et al´s protocol.
Keywords :
authorisation; cryptographic protocols; message authentication; smart cards; key-compromise impersonation resilience; two-factor smart-card-based password mutual authentication; Access protocols; Authentication; Banking; Dictionaries; Information security; Information technology; Protection; Resilience;
Conference_Titel :
Multimedia and Information Technology (MMIT), 2010 Second International Conference on
Conference_Location :
Kaifeng
Print_ISBN :
978-0-7695-4008-5
Electronic_ISBN :
978-1-4244-6602-3
DOI :
10.1109/MMIT.2010.82
