Design of a lightweight two-factor authentication scheme with smart card revocation

Smart card based authentication schemes present user-friendly and secure communication mechanism over insure public channel. Recently, Li et al. designed an authentication scheme with pre-smart card authentication to present efficient login phase and user-friendly password change phase. It can quickly detect illegitimate login attempt. We analyze the security of Li et al.'s scheme, and identify the scheme insecure. Moreover, their scheme requires the computation of public key operations. To address the security and efficiency of mutual authentication design, we propose a lightweight authentication scheme, which supports smart card revocation. The proposed scheme requires the computation of only hash function and exclusive-or operations. Furthermore, we verify the correctness of mutual authentication using the widely-accepted BAN (Burrows, Abadi, and Needham) logic. Through the security and performance analysis, we show that our scheme is secure and computationally efficient than the existing schemes. Furthermore, the proposed scheme present efficient login and password change phases where incorrect login is quickly detected, and a user can freely change his password without server assistance.