Abstract
Smart card is indispensable part in our daily life, which brings us many conveniences including e-commerce and m-commerce service. However, because of the limited computation resource, the remote authentication between smart card and server is vulnerable to be attacked over insecure communication channel. Until now, many authentication schemes are proposed with their own pros and cons. Note that most of them are based on Elliptic curve cryptography, which are vulnerable to the card lose attack and desynchronization attack, where some schemes add a random number in verifier-value to resist the card lose attack and store both the old and new pseudo-identities between authenticator and the corresponding authenticated party to withstand desynchronization attack. However, the random number stored in card memory can be extracted and the new conversation may be blindly blocked by adversary. Hence, in this paper, we propose a novel authentication protocol that can utilize physical unclonable function (PUF) and elliptic curve cryptography (ECC) to protect the random number and support offline updating if online updating is blocked, which can be proven safe in formal security analysis. Meanwhile, we also introduce the robust PUF to prevent the modification of help data. Finally, our scheme is efficient by comparing with other related schemes in computation and communication overhead.
Highlights
With the rapid development of Internet, smart card becomes an integral part in various representative scenarios, like e-commerce and m-commerce
To address the attack pointed by [5] in [13], we proposed to use physical unclonable function (PUF) and FUZZY EXTRACTOR (FE) to generate key to XOR random number and hide password in the multiplication with random number and basic point G
SECURITY MODEL In the conventional smart card remote authentication protocols [37], [38], the security models often defined that the adversary can control the public channel which they can execute the eavesdrop attack, replay attack and desynchronization attack to destroy the authentication between smart card and server
Summary
With the rapid development of Internet, smart card becomes an integral part in various representative scenarios, like e-commerce and m-commerce. A. RELATED WORK Recently, researchers have proposed many kinds of identity authentication schemes in smart card, which mainly are hash-based, state-based and ECC-based identity authentication protocols and each has their own merits and demerits. As to status-based authentication, these status-based remote authentication schemes [10], [30], [42] can resist spoofing attack and only require less computation overhead In these cases, adversary can break synchronization between device and server. In that year, Li [13] claimed that [11] cannot resist the inside attack, password guessing attack and stolen verifier attack, and fulfilled these pitfalls by proposing an improved anonymity authentication scheme in smart card. If adversary can modify the help data in fuzzy extractor, our proposed scheme should have ability to detect fault rather than output wrong value
Published Version (Free)
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.