Full Text:   <1671>

Summary:  <498>

CLC number: TP309

On-line Access: 2013-12-06

Received: 2013-06-04

Revision Accepted: 2013-09-22

Crosschecked: 2013-11-18

Cited: 0

Clicked: 3521

Citations:  Bibtex RefMan EndNote GB/T7714

-   Go to

Article info.
1. Reference List
Open peer comments

Journal of Zhejiang University SCIENCE C 2013 Vol.14 No.12 P.909-917


Analysis and design of a smart card based authentication protocol

Author(s):  Kuo-Hui Yeh, Kuo-Yu Tsai, Jia-Li Hou

Affiliation(s):  Department of Information Management, National Dong Hwa University, Taiwan 974, Hualien; more

Corresponding email(s):   khyeh@mail.ndhu.edu.tw, kytsai@cc.hwh.edu.tw

Key Words:  Authentication, Privacy, Security, Smart card

Kuo-Hui Yeh, Kuo-Yu Tsai, Jia-Li Hou. Analysis and design of a smart card based authentication protocol[J]. Journal of Zhejiang University Science C, 2013, 14(12): 909-917.

@article{title="Analysis and design of a smart card based authentication protocol",
author="Kuo-Hui Yeh, Kuo-Yu Tsai, Jia-Li Hou",
journal="Journal of Zhejiang University Science C",
publisher="Zhejiang University Press & Springer",

%0 Journal Article
%T Analysis and design of a smart card based authentication protocol
%A Kuo-Hui Yeh
%A Kuo-Yu Tsai
%A Jia-Li Hou
%J Journal of Zhejiang University SCIENCE C
%V 14
%N 12
%P 909-917
%@ 1869-1951
%D 2013
%I Zhejiang University Press & Springer
%DOI 10.1631/jzus.C1300158

T1 - Analysis and design of a smart card based authentication protocol
A1 - Kuo-Hui Yeh
A1 - Kuo-Yu Tsai
A1 - Jia-Li Hou
J0 - Journal of Zhejiang University Science C
VL - 14
IS - 12
SP - 909
EP - 917
%@ 1869-1951
Y1 - 2013
PB - Zhejiang University Press & Springer
ER -
DOI - 10.1631/jzus.C1300158

Numerous smart card based authentication protocols have been proposed to provide strong system security and robust individual privacy for communication between parties these days. Nevertheless, most of them do not provide formal analysis proof, and the security robustness is doubtful. Chang and Cheng (2011) proposed an efficient remote authentication protocol with smart cards and claimed that their proposed protocol could support secure communication in a multi-server environment. Unfortunately, there are opportunities for security enhancement in current schemes. In this paper, we identify the major weakness, i.e., session key disclosure, of a recently published protocol. We consequently propose a novel authentication scheme for a multi-server environment and give formal analysis proofs for security guarantees.

Darkslateblue:Affiliate; Royal Blue:Author; Turquoise:Article


[1]Armando, A., Compagna, L., 2004. SATMC: a SAT-based model checker for security protocols. Log. Artif. Intell., 3229:730-733.

[2]AVISPA Project, 2003. Automated Validation of Internet Security Protocols and Applications. Available from http://www.avispa-project.org.

[3]Basin, D., Mödersheim, S., Viganò, L., 2005. OFMC: a symbolic model-checker for security protocols. Int. J. Inf. Secur., 4(3):181-208.

[4]Boichut, Y., Héam, P.C., Kouchnarenko, O., Oehl, F., 2004. Improvements on the Genet and Klay Technique to Automatically Verify Security Protocols. Proc. 3rd Int. Workshop on Automated Verification of Infinite States Systems, p.1-11.

[5]Burrows, M., Abadi, M., Needham, R., 1990. A logic of authentication. ACM Trans. Comput. Syst., 8(1):18-36.

[6]Chang, C.C., Cheng, T.F., 2011. A robust and efficient smart card based remote login mechanism for multi-server architecture. Int. J. Innov. Comput. Inf. Control, 7(8):4589-4602.

[7]Chang, C.C., Lee, J.S., 2004. An Efficient and Secure Multi-server Password Authentication Scheme Using Smart Card. Int. Conf. on Cyberworlds, p.417-422.

[8]Chang, C.C., Tsai, H.C., 2010. An anonymous and self-verified mobile authentication with authenticated key agreement for large-scale wireless networks. IEEE Trans. Wirel. Commun., 9(11):3346-3353.

[9]Chen, C.L., Lai, Y.L., Chen, C.C., Chen, Y.L., 2011. A smart card-based mobile secure transaction system for medical treatment examination reports. Int. J. Innov. Comput. Inf. Control, 7(5):2257-2267.

[10]Juang, W.S., 2004. Efficient multi-server password authenticated key agreement using smart cards. IEEE Trans. Consum. Electron., 50(1):251-255.

[11]Lee, J.S., Chang, Y.F., Chang, C.C., 2008. A novel authentication protocol for multi-server architecture without smart cards. Int. J. Innov. Comput. Inf. Control, 4(6):1357-1364.

[12]Liaw, H.T., Lin, J.F., Wu, W.C., 2006. An efficient and complete remote user authentication scheme using smart cards. Math. Comput. Modell., 44(1-2):223-228.

[13]Lin, I.C., Hwang, M.S., Li, L.H., 2003. A new remote user authentication scheme for multi-server architecture. Fut. Gener. Comput. Syst., 19(1):13-22.

[14]Turuani, M., 2006. The CL-Atse Protocol Analyser. LNCS, 4098:277-286.

Open peer comments: Debate/Discuss/Question/Opinion


Please provide your name, email address and a comment

Journal of Zhejiang University-SCIENCE, 38 Zheda Road, Hangzhou 310027, China
Tel: +86-571-87952783; E-mail: cjzhang@zju.edu.cn
Copyright © 2000 - Journal of Zhejiang University-SCIENCE