%0 Journal Article %1 noauthororeditor %A Beaton Kapito, Patrick Ali, Levis Eneya %A Kim, Hyunsung %D 2018 %J International Journal on Cryptography and Information Security (IJCIS) %K cryptography steganography %N 3 %P 15-25 %R 10.5121/ijcis.2018.8302 %T PRIVACY PRESERVING USER AUTHENTICATION SCHEME BASED ON SMART CARD %U https://wireilla.com/papers/ijcis/V8N3/8318ijcis02.pdf %V 8 %X One of the most commonly used user authentication mechanisms is two factor authentication based on smart card and password. The core feature of the scheme is to enforce that the user must have the smart card and know the password in order to gain access to server. Recently, Liu et al. proposed a smart card based password authentication scheme and argued that it is secure against insider attack, replay attack and man in the middle attack and provides perfect forward secrecy. In this paper, we show security weaknesses in Liu et al.’s scheme focused on off-line password guessing attack and masquerading attack and it does not provide perfect forward secrecy and anonymity. Accordingly, we propose a privacy preserving user authentication scheme based on smart card, denoted as PUAS, to remedy these security weaknesses and to provide anonymity and perfect forward secrecy. PUAS is more secure with a bit of computational overhead to support several positive properties in security and privacy

@article{noauthororeditor, abstract = {One of the most commonly used user authentication mechanisms is two factor authentication based on smart card and password. The core feature of the scheme is to enforce that the user must have the smart card and know the password in order to gain access to server. Recently, Liu et al. proposed a smart card based password authentication scheme and argued that it is secure against insider attack, replay attack and man in the middle attack and provides perfect forward secrecy. In this paper, we show security weaknesses in Liu et al.’s scheme focused on off-line password guessing attack and masquerading attack and it does not provide perfect forward secrecy and anonymity. Accordingly, we propose a privacy preserving user authentication scheme based on smart card, denoted as PUAS, to remedy these security weaknesses and to provide anonymity and perfect forward secrecy. PUAS is more secure with a bit of computational overhead to support several positive properties in security and privacy}, added-at = {2018-10-16T11:02:02.000+0200}, author = {{Beaton Kapito, Patrick Ali}, Levis Eneya and Kim, Hyunsung}, biburl = {https://www.bibsonomy.org/bibtex/20d8a40b4b7d8bfc07b3e3131adb34486/alinta}, doi = {10.5121/ijcis.2018.8302}, interhash = {aade379f60d1d45396dbb658702ccba7}, intrahash = {0d8a40b4b7d8bfc07b3e3131adb34486}, journal = {International Journal on Cryptography and Information Security (IJCIS)}, keywords = {cryptography steganography}, month = {September}, number = 3, pages = {15-25}, timestamp = {2018-10-16T11:02:02.000+0200}, title = {PRIVACY PRESERVING USER AUTHENTICATION SCHEME BASED ON SMART CARD}, url = {https://wireilla.com/papers/ijcis/V8N3/8318ijcis02.pdf}, volume = 8, year = 2018 }