Two Efficient and Secure Authentication Schemes Using Smart Cards

A mutual authentication scheme is a two-party protocol designed to allow the communicating parties to confirm each other’s identity over a public, insecure network. Passwords provide the most convenient means of authentication because they are easy for humans to remember. Whilst there have been many proposals for password authentication, they are vulnerable to various attacks and are neither efficient, nor user friendly. In this paper we propose two new password authentication schemes making use of smart cards: the timestamp-based authentication scheme (TBAS) and the nonce-based authentication scheme (NBAS). Both TBAS and NBAS provide many desirable features: (1) they do not require the server to maintain a password table for verifying the legitimacy of login users; (2) they allow users to choose their passwords according to their liking and hence give more user convenience; (3) they are extremely efficient in terms of the computational cost since the protocol participants perform only a few hash function operations; and (4) they achieve mutual authentication between the remote user and the server. In addition, NBAS does not require synchronized clocks between the remote user and the server.