Deakin University
Browse

File(s) under permanent embargo

Further observations on smart-card-based password-authenticated key agreement in distributed systems

Version 2 2024-06-06, 01:57
Version 1 2014-11-25, 14:08
journal contribution
posted on 2024-06-06, 01:57 authored by X Huang, X Chen, J Li, Y Xiang, L Xu
This paper initiates the study of two specific security threats on smart-card-based password authentication in distributed systems. Smart-card-based password authentication is one of the most commonly used security mechanisms to determine the identity of a remote client, who must hold a valid smart card and the corresponding password to carry out a successful authentication with the server. The authentication is usually integrated with a key establishment protocol and yields smart-card-based password-authenticated key agreement. Using two recently proposed protocols as case studies, we demonstrate two new types of adversaries with smart card: 1) adversaries with pre-computed data stored in the smart card, and 2) adversaries with different data (with respect to different time slots) stored in the smart card. These threats, though realistic in distributed systems, have never been studied in the literature. In addition to point out the vulnerabilities, we propose the countermeasures to thwart the security threats and secure the protocols. © 2013 IEEE.

History

Journal

IEEE Transactions on Parallel and Distributed Systems

Volume

25

Pagination

1767-1775

Location

Piscataway, N. J

ISSN

1045-9219

Language

eng

Publication classification

C Journal article, C1 Refereed article in a scholarly journal

Copyright notice

2014, IEEE

Issue

7

Publisher

IEEE Computer Society