Taiwan Academic Cybersecurity Center

For many industrial applications, the smart card is a necessary safety component in user authentication. Smart cards provided to the users are used in open and public places, making them susceptible to physical and cloning attacks. Thus, the opponent can break the authentication process without the smart card if the information is exposed. In addition, many existing authentication systems employ challenge-response pairs (CRPs) to identify users by creating large numbers of data on the server and spending much time looking for and comparing responses. To address these concerns, we propose a lightweight privacy-preserving authentication protocol in which the physically unclonable function is considered a necessary tool. The suggested technique avoids creating a significant number of CRPs on the server to identify users uniquely. Under formal security models, the proposed protocol is resistant to user impersonation attacks and session key disclosure attacks and achieves robust mutual authentication. Nonetheless, it is resistant to other essential security vulnerabilities. Empirical performance analysis demonstrates its viability in comparison to prior works.

*This work has been accepted by IEEE Transactions on Dependable and Secure Computing (5/63 ranked by JCI [Computer Science, Hardware & Architecture]).

DOI Bookmark: 10.1109/TDSC.2023.3317675