Analysis and design of a smart card based authentication protocol

作     者：Kuo-Hui YEH Kuo-Yu TSAI Jia-Li HOU 

作者机构：Department of Information ManagementNational Dong Hwa University Department of Management Information SystemsHwa Hsia Institute of Technology 

出 版 物：《Journal of Zhejiang University-Science C(Computers and Electronics)》 (浙江大学学报C辑（计算机与电子（英文版）)

年 卷 期：2013年第14卷第12期

页      面：909-917页

核心收录：

学科分类：080903[工学-微电子学与固体电子学] 0810[工学-信息与通信工程] 0809[工学-电子科学与技术（可授工学、理学学位）] 07[理学] 08[工学] 070104[理学-应用数学] 0805[工学-材料科学与工程（可授工学、理学学位）] 0701[理学-数学] 0812[工学-计算机科学与技术（可授工学、理学学位）] 

基　　金：Project(Nos.102-2218-E-259-004 102-2218-E-146-002 and 1022218-E-011-012)supported by Taiwan Information Security Center (TWISC) and National Science Council Taiwan 

主　　题：身份验证协议 智能卡 设计 安全通信 认证协议 多服务器 安全保障 个人隐私 

摘      要：Numerous smart card based authentication protocols have been proposed to provide strong system security and robust individual privacy for communication between parties these days. Nevertheless, most of them do not provide formal analysis proof, and the security robustness is doubtful. Chang and Cheng(2011) proposed an efficient remote authentication protocol with smart cards and claimed that their proposed protocol could support secure communication in a multi-server environment. Unfortunately, there are opportunities for security enhancement in current schemes. In this paper, we identify the major weakness, i.e., session key disclosure, of a recently published protocol. We consequently propose a novel authentication scheme for a multi-server environment and give formal analysis proofs for security guarantees.