Secure and efficient two-factor zero-knowledge authentication solution for access control systems

The authentication schemes based on common chip cards such as Mifare cards are still very popular and are used in various access control systems deployed in critical infrastructure sectors, universities, companies, libraries, hospitals, and other public and private institutions. On one hand, the access control systems based on these obsolete cards and cryptographic protocols have several security flaws and can be easily attacked. On the other hand, newer authentication schemes usually need many complex cryptographic operations and thus take impractical time on current programmable smart cards during the authentication of users. In this paper, we present a secure and efficient two-factor authentication protocol for fast access control systems and user-things identification schemes based on programmable smart cards. Our protocol is based on a zero-knowledge approach, and it is protected against common attacks. Further, we implement the proposed authentication protocol on current off-the-shelf programmable smart cards in order to demonstrate its efficiency and practicality. Finally, we compare our solution with related works and show the improvement of our solution in computation and communication perspectives.