By Topic

An Improved Two-factor Authentication Protocol

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

1 Author(s)
Qiong Pu ; Dept. of Electron., Inf. Eng. Univ., Zhengzhou, China

Most recently, Yang et al proposed a new set of security requirements for two-factor smart-card-based password mutual authentication and then suggested a new scheme satisfying all their security requirements. In this paper, however, we first show one critical security weakness being overlooked, i.e., allowing key-compromise impersonation. We provide an attack to illustrate the adversary is able to masquerade any user to access the server's service in their protocol once if the long-term key of the server is compromised. Thereafter, we suggests key-compromise impersonation resilience should be added as one more important security requirement for two-factor smart-card based password mutual authentication and then propose an improved protocol to eliminate the security weakness existing in Yang et al's protocol.

Published in:

Multimedia and Information Technology (MMIT), 2010 Second International Conference on  (Volume:2 )

Date of Conference:

24-25 April 2010