AbstractsComputer Science

Smart Card Based User Authentication

by Brandon James




Institution: Wright State University
Department: Computer Science
Degree: MS
Year: 2012
Keywords: Computer Science; computer science
Record ID: 1960881
Full text PDF: http://rave.ohiolink.edu/etdc/view?acc_num=wright1340246432


Abstract

User authentication plays a very important role in building a secure computing system. In this thesis, we first studied and investigated existing user authentication schemes and some basic concepts of smart cards. We then proposed and implemented an improved user authentication scheme based on the smart card, specifically, Java card. We simulated a web server, and implemented the user authentication scheme with the Java card by programming a Java card applet and a Java program to send commands and receive responses from the card. The proposed user authentication scheme has two phases: the registration phase and the user authentication phase. In the registration phase, the server triggers the Java card to generate a secret value and store it. Then the Java card uses this secret value and hashesthe username and password combination, which is stored in the web server's authentication database. The user's login request to the web server will start the user authentication phase, where the smart card will compute the hash, using the username and password entered, and return it to the web server for user verification. The implementation of the proposed user authentication scheme proved the correctness and effectiveness of the scheme. Compared with the previous user authentication schemes, our proposed authentication scheme is more secure because it implements a two-factor authentication. Even if the user's password is compromised, a user would still need the smart card to log into the system.