Preserving privacy for free: Efficient and provably secure two-factor   authentication scheme with user anonymity

doi:10.1016/j.ins.2015.03.070

CORC > 北京大学 > 信息科学技术学院

	Preserving privacy for free: Efficient and provably secure two-factor authentication scheme with user anonymity
	Wang, Ding ; Wang, Nan ; Wang, Ping ; Qing, Sihan
刊名	INFORMATION SCIENCES
	2015
关键词	Password authentication User anonymity De-synchronization Random oracle model WIRELESS SENSOR NETWORKS KEY AGREEMENT PROTOCOL SMART-CARDS PASSWORD AUTHENTICATION MUTUAL AUTHENTICATION MOBILE NETWORKS ROBUST EXCHANGE ENHANCEMENT CRYPTANALYSIS
DOI	10.1016/j.ins.2015.03.070
英文摘要	Due to its simplicity, portability and robustness, two-factor authentication has received much interest in the past two decades. While security-related issues have been well studied, how to preserve user privacy in this type of protocols still remains an open problem. In ICISC 2012, Kim-Kim presented an efficient two-factor authentication scheme that attempts to provide user anonymity and to guard against various known attacks, offering many merits over existing works. However, in this paper we shall show that user privacy of Kim-Kim's scheme is achieved at the price of severe usability downgrade - a de-synchronization attack on user's pseudonym identities may render the scheme completely unusable unless the user re-registers. Besides this defect, it is also prone to known key attack and privileged insider attack. It is noted that our de-synchronization attack can also be applied to several latest schemes that strive to preserve user anonymity. As our main contribution, an enhanced scheme with provable security is suggested, and what we believe is most interesting is that superior security and privacy can be achieved at nearly no additional communication or computation cost. As far as we know, this work is the first one that defines a formal model to capture the feature of user un-traceability and that highlights the damaging threat of de-synchronization attack on privacy-preserving two-factor authentication schemes. (C) 2015 Elsevier Inc. All rights reserved.; National Natural Science Foundation of China [61472016, 61170282]; SCI(E); EI; ARTICLE; wangdingg@mail.nankai.edu.cn; wangnan@ss.pku.edu.cn; pwang@pku.edu.cn; qsihan@ss.pku.edu.cn; 162-178; 321
语种	英语
内容类型	期刊论文
源URL	[http://ir.pku.edu.cn/handle/20.500.11897/415318]
专题	信息科学技术学院软件与微电子学院
推荐引用方式 GB/T 7714	Wang, Ding,Wang, Nan,Wang, Ping,et al. Preserving privacy for free: Efficient and provably secure two-factor authentication scheme with user anonymity[J]. INFORMATION SCIENCES,2015.
APA	Wang, Ding,Wang, Nan,Wang, Ping,&Qing, Sihan.(2015).Preserving privacy for free: Efficient and provably secure two-factor authentication scheme with user anonymity.INFORMATION SCIENCES.
MLA	Wang, Ding,et al."Preserving privacy for free: Efficient and provably secure two-factor authentication scheme with user anonymity".INFORMATION SCIENCES (2015).