摘要:Remote user authentication is important to identify whether communicating parties are genuine and trust- worthy using the password and the smart card between a login user and a remote server. A number of password-based authentication schemes using smart cards have been proposed in recent years. We find that two most recent password-based authentication schemes (Hsiang and Shih 2009, Chen and Huang 2010) assume that the attacker cannot extract the secret information of the smart card. However, in reality, the authors in (Kocher et al. 1999 and Messerges et al. 2002) show that the secrets stored in the card can be extracted by monitoring its power consumption. Therefore, these schemes fail to resist smart card security breach. As the main contribution of this paper, a robust remote user authentication scheme against smart card security breach is presented, while keeping the merits of the well-known smart card based authentication schemes.http://dx.doi.org/10.5755/j01.itc.40.3.632
关键词:Cryptanalysis; Network security; Smart card; User authentication