Two Birds with One Stone: Two-Factor Authentication with Security Beyond Conventional Bound
Top Cited Papers
- 1 September 2016
- journal article
- research article
- Published by Institute of Electrical and Electronics Engineers (IEEE) in IEEE Transactions on Dependable and Secure Computing
- Vol. 15 (15455971), 1
- https://doi.org/10.1109/tdsc.2016.2605087
Abstract
As the most prevailing two-factor authentication mechanism, smart-card-based password authentication has been a subject of intensive research in the past two decades, and hundreds of this type of schemes have wave upon wave been proposed. In most of these studies, there is no comprehensive and systematical metric available for schemes to be assessed objectively, and the authors present new schemes with assertions of the superior aspects over previous ones, while overlooking dimensions on which their schemes fare poorly. Unsurprisingly, most of them are far from satisfactory-either are found short of important security goals or lack of critical properties, especially being stuck with the security-usability tension. To overcome this issue, in this work we first explicitly define a security model that can accurately capture the practical capabilities of an adversary and then suggest a broad set of twelve properties framed as a systematic methodology for comparative evaluation, allowing schemes to be rated across a common spectrum. As our main contribution, a new scheme is advanced to resolve the various issues arising from user corruption and server compromise, and it is formally proved secure under the harshest adversary model so far. In particular, by integrating “honeywords”, traditionally the purview of system security, with a “fuzzy-verifier”, our scheme hits “two birds”: it not only eliminates the long-standing security-usability conflict that is considered intractable in the literature, but also achieves security guarantees beyond the conventional optimal security bound.Keywords
Funding Information
- National Key Research and Development Plan of China (2016YFB0800600)
- National Natural Science Foundation of China (61472016; 61501333)
This publication has 41 references indexed in Scilit:
- An enhanced smart card based remote user password authentication schemeJournal of Network and Computer Applications, 2013
- Dynamic ID-based remote user password authentication schemes using smart cards: A reviewJournal of Network and Computer Applications, 2012
- Robust smart‐cards‐based user authentication scheme with user anonymitySecurity and Communication Networks, 2011
- Efficient and secure authenticated key exchange using weak passwordsJournal of the ACM, 2009
- An improved smart card based password authentication scheme with provable securityComputer Standards & Interfaces, 2009
- Improvements of Juang 's Password-Authenticated Key Agreement Scheme Using Smart CardsIEEE Transactions on Industrial Electronics, 2009
- Two-factor mutual authentication based on smart cards and passwordsJournal of Computer and System Sciences, 2008
- Robust remote authentication scheme with smart cardsComputers & Security, 2005
- Public-key cryptography and password protocolsACM Transactions on Information and System Security, 1999
- Remote password authentication with smart cardsIEE Proceedings E Computers and Digital Techniques, 1991