Automatic Verification of Password-Based Authentication Protocols Using Smart Card

Design and Implementation of a Zero-Knowledge Authentication Framework for Java Card

Privacy Solutions and Security Frameworks in Information Protection ◽

10.4018/978-1-4666-2050-6.ch009 ◽

2013 ◽

pp. 131-148

Author(s):

Ahmed Patel ◽

Kenan Kalajdzic ◽

Laleh Golafshan ◽

Mona Taghavi

Keyword(s):

Smart Card ◽

Public Key Cryptography ◽

Performance Criteria ◽

Authentication Protocols ◽

Zero Knowledge ◽

Memory Space ◽

Design And Implementation ◽

Java Card ◽

Authentication Mechanism ◽

Processing Power

Zero-knowledge authentication protocols are an alternative to authentication protocols based on public key cryptography. Low processing and memory consumption make them especially suitable for implementation in smart card microprocessors, which are severely limited in processing power and memory space. This paper describes a design and implementation of a software library providing smart card application developers with a reliable authentication mechanism based on well-known zero-knowledge authentication schemes. Java Card is used as the target smart card platform implementation based on the evaluation of the Fiat-Shamir (F-S) and Guillou-Quisquater (G-Q) protocols under various performance criteria are presented to show the effectiveness of the implementation and that G-Q is a more efficient protocol.

Download Full-text

Strengthening Password-Based Authentication Protocols Against Online Dictionary Attacks

Applied Cryptography and Network Security - Lecture Notes in Computer Science ◽

10.1007/11496137_2 ◽

2005 ◽

pp. 17-32 ◽

Cited By ~ 3

Author(s):

Peng Wang ◽

Yongdae Kim ◽

Vishal Kher ◽

Taekyoung Kwon

Keyword(s):

Authentication Protocols ◽

Password Based Authentication ◽

Dictionary Attacks

Download Full-text

A Novel Multiserver Authentication Protocol with Multifactors for Cloud Service

Security and Communication Networks ◽

10.1155/2018/5432960 ◽

2018 ◽

Vol 2018 ◽

pp. 1-13 ◽

Cited By ~ 2

Author(s):

Jian Song ◽

Guang-song Li ◽

Bo-ru Xu ◽

Chuan-gui Ma

Keyword(s):

Smart Card ◽

Cloud Service ◽

Authentication Protocol ◽

Authentication Protocols ◽

Chaotic Mapping ◽

Cryptographic Algorithm ◽

Multifactor Authentication ◽

Man In The Middle ◽

Secret Keys ◽

Weak Points

Secure and efficient authentication protocols are necessary for cloud service. Multifactor authentication protocols taking advantage of smart card, user’s password, and biometric, are more secure than password-based single-factor authentication protocols which are widely used in practice. However, most of the multiserver authentication protocols may have weak points, such as smart card loss attack, man-in-the-middle attack, anonymity, and high computation cost of authentication center. In order to overcome the above weaknesses, we propose a novel multiserver multifactor authentication protocol based on the Kerberos protocol using the extended Chebyshev chaotic mapping as a cryptographic algorithm. The proposed protocol achieves anonymity without sharing secret keys in advance and needs the user to register with the authentication center only once. Finally, we prove the security of the new protocol with BAN logic and compare it with other multifactor authentication protocols for multiserver environment. The results show that our proposed protocol is more secure and efficient and better for practical application.

Download Full-text

Efficient and secure password-based authentication protocols against guessing attacks

Computer Communications ◽

10.1016/s0140-3664(98)00153-4 ◽

1998 ◽

Vol 21 (9) ◽

pp. 853-861 ◽

Cited By ~ 11

Author(s):

Taekyoung Kwon ◽

Jooseok Song

Keyword(s):

Authentication Protocols ◽

Password Based Authentication

Download Full-text

A robust smart card and remote user password-based authentication protocol using extended chaotic maps under smart cities environment

Soft Computing ◽

10.1007/s00500-021-05929-5 ◽

2021 ◽

Author(s):

Chandrashekhar Meshram ◽

Rabha W. Ibrahim ◽

Lunzhi Deng ◽

Shailendra W. Shende ◽

Sarita Gajbhiye Meshram ◽

...

Keyword(s):

Smart Card ◽

Chaotic Maps ◽

Smart Cities ◽

Authentication Protocol ◽

Extended Chaotic Maps ◽

Password Based Authentication ◽

Remote User

Download Full-text

Two Improved Multi-server Authentication Protocols Based on Hash Function and Smart Card

Journal of Networks ◽

10.4304/jnw.5.12.1434-1441 ◽

2010 ◽

Vol 5 (12) ◽

Author(s):

Qi Xie ◽

Deren Chen

Keyword(s):

Smart Card ◽

Hash Function ◽

Authentication Protocols ◽

Multi Server

Download Full-text

Towards automatic verification of authentication protocols on an unbounded network

Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13 ◽

10.1109/csfw.2000.856932 ◽

2002 ◽

Cited By ~ 27

Author(s):

J. Heather ◽

S. Schneider

Keyword(s):

Automatic Verification ◽

Authentication Protocols

Download Full-text

A Self-Verifiable Password Based Authentication Scheme for Multi-Server Architecture Using Smart Card

Wireless Personal Communications ◽

10.1007/s11277-017-4476-9 ◽

2017 ◽

Vol 96 (4) ◽

pp. 6273-6297 ◽

Cited By ~ 6

Author(s):

Jangirala Srinivas ◽

Sourav Mukhopadhyay ◽

Dheerendra Mishra

Keyword(s):

Smart Card ◽

Authentication Scheme ◽

Multi Server ◽

Password Based Authentication ◽

Server Architecture

Download Full-text

Privacy-Preserving Biometric Authentication: Challenges and Directions

Security and Communication Networks ◽

10.1155/2017/7129505 ◽

2017 ◽

Vol 2017 ◽

pp. 1-9 ◽

Cited By ~ 7

Author(s):

Elena Pagnin ◽

Aikaterini Mitrokotsa

Keyword(s):

Characteristic Feature ◽

Privacy Preserving ◽

Security And Privacy ◽

Biometric Authentication ◽

Authentication Protocols ◽

Strong Bond ◽

Privacy Concerns ◽

Wide Range ◽

Password Based Authentication ◽

Biometric Trait

An emerging direction for authenticating people is the adoption of biometric authentication systems. Biometric credentials are becoming increasingly popular as a means of authenticating people due to the wide range of advantages that they provide with respect to classical authentication methods (e.g., password-based authentication). The most characteristic feature of this authentication method is the naturally strong bond between a user and her biometric credentials. This very same advantageous property, however, raises serious security and privacy concerns in case the biometric trait gets compromised. In this article, we present the most challenging issues that need to be taken into consideration when designing secure and privacy-preserving biometric authentication protocols. More precisely, we describe the main threats against privacy-preserving biometric authentication systems and give directions on possible countermeasures in order to design secure and privacy-preserving biometric authentication protocols.

Download Full-text

Static Program Analysis of Multi-Applet JavaCard Applications

Software Engineering for Secure Systems ◽

10.4018/978-1-61520-837-1.ch011 ◽

2011 ◽

pp. 286-304

Author(s):

Alexandros Loizidis ◽

Vasilios Almaliotis ◽

Panagiotis Katsaros

Keyword(s):

Information Flow ◽

Smart Card ◽

Program Analysis ◽

Automatic Verification ◽

Tool Support ◽

Static Program Analysis ◽

Java Card ◽

Trust Relationships ◽

Business Applications ◽

New Business

Java Card provides a framework of classes and interfaces that hide the details of the underlying smart card interface and make it possible to load and run on the same card several applets, from different application providers with complex trust relationships. This fact paves the way for new business applications, but the card issuer has to secure absence of malicious or faulty card applets. He has to be able to check that (i) applets do not cause illicit method invocations that violate temporal restrictions of inter-applet communication, (ii) applets protect themselves from unwanted information flow to third parties and (iii) it is not possible for an unhandled Java Card API exception to leave an applet in an unpredictable state that is potentially dangerous for the application’s security. The authors explore recent advances in theory and tool support of static program analysis and they present an approach for automatic verification of smart card applications that by definition are security critical.

Download Full-text