On the Secure Design of Hash-Based Authenticator in the Smartcard Authentication System

摘要

Most practical authentication systems employ an hash-based authenticator for mutual authentication. Usually a hash-based authenticator consists of a cryptographic-secure hash function that takes input of a shared key and common exchanged values between participants. Recently, in IEEE transaction on industrial informatics, Tsai et al. have presented a novel anonymous hash-based authentication system with provable security. Very recently, however, it has been demonstrated that Tsai et al.'s protocol has not been secure in view of provable security due to an inappropriate design of input for hash-based authenticator. Its countermeasure has been briefly sketched but it hasn't presented a definite protocol with provable security. In this paper, first of all, we redesign Tsai et al.'s authentication protocol to be secure against session key security and present a new anonymous and authentication protocol with provable security guaranteeing both for session key security and anonymity. It is more simple and efficient than the previous results.