With regard to the privacy of client-server communication systems, most research works have concentrated on authentication to guarantee security. Among the investigated schemes, two-factor password authentication has been a major focus and has undergone considerable development. Two-factor password authentication is a process in which both a password and a physical object are used for authentication to achieve a higher level of security. However, these methods are still subject to some security vulnerabilities, such as malicious card reader attacks, man-in-the-middle attacks, and a lack of perfect forward secrecy. Moreover, although there are many evaluation criteria, there still lacks a set of universal criteria. To address these issues, a two-factor password authentication scheme is proposed in the context of practical application environment in this paper, such as side-channel attacks. Moreover, a card reader verification step is added to the authentication scheme to counteract malicious card reader attacks. In addition, the proposed scheme can resist various known attacks, including replay attacks, lost or stolen smart card attacks, and man-in-the-middle attacks. We present a detailed security analysis and comparative evaluation, and we prove the security of our scheme with Burrows-Abadi-Needham (BAN) logic. Compared with previous schemes, the main advantages of the proposed scheme are its low computational cost, guaranteed security, and better adaptability to actual client-server communication environments.

• 出版日期2018
• 单位中山大学; 华南理工大学; 桂林电子科技大学